Hey just giving fellow Firefox users a heads up. A security hole was found (http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-5262676.html?tag=xtra) in Firefox. So make sure to go and download the new version 0.9.1

Interesting. Since there has been a huge suge in Firefox/Mozilla downloads, there's suddenly more scrutiny of the browser, and holes are going to be found. No doubt there are hackers out there starting to poke and prod at it. And, worse, Firefox doesn't seem to have an "UPDATE" function or any way to automatically check for patches. :-(

I'm using Firefox, and it's not bad, but it's very un-polished.

And, worse, Firefox doesn't seem to have an "UPDATE" function or any way to automatically check for patches. :-(


They say that will be in the next revision.

They say that will be in the next revision.

Ah, good to hear!

Hey just giving fellow Firefox users a heads up. A security hole was found (http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-5262676.html?tag=xtra) in Firefox. So make sure to go and download the new version 0.9.1
It sounds like the bug also affects Mozilla users (of which I'm one). I guess I'll have to upgrade....

Steve

Interesting. Since there has been a huge suge in Firefox/Mozilla downloads, there's suddenly more scrutiny of the browser, and holes are going to be found. No doubt there are hackers out there starting to poke and prod at it.
Actually, as this exploit uses browser helpers, which most browsers support, it sounds like it's an issue with most browsers. Whether the exact same exploit can work with IE, Mozilla, Opera, etc. or needs to be tailored to the browser is something I don't know.

However, I do agree that if another browser starts getting more popular, it's likely to get more interest from hackers. However, I suspect any other browsers will have to get a lot more popular (like 30% browser share) before you'll see a significant interest in exploiting them. IE will still be a better target.

Even more, in an article about browser security (http://www.winnetmag.com/Article/ArticleID/43172/Windows_43172.html), Paul Thurrott noted reasons why it might not be as bad a problem even if another browser becomes dominant.

First, IE runs ActiveX items by default, which are notoriously insecure. You can run ActiveX items in other browsers with plug-ins, but the user has to specifically allow that.

Second, IE is integrated into the OS, making it more likely that the OS itself can be compromised. Mozilla, Opera and so on aren't integrated, and therefore are less likely to compromise the OS itself.

Steve

As long as it doesn't get to where I have to update Firefox every week. :(

0.9.1 came out a week or so ago, the current version is 0.9.2. ;)

And, worse, Firefox doesn't seem to have an "UPDATE" function or any way to automatically check for patches. :-(
Double click in the right hand corner of the status bar at the bottom. :wink:

Double click in the right hand corner of the status bar at the bottom. :wink:

Gee, THAT's obvious. :roll: :lol: Strangely enough it told me there were no updates, which doesn't sound right.

Now if I could only get the damn spell checker to work I'd be set! When I right click and do a spell check, the window loads, but there's no content in it. :-(

Now if I could only get the damn spell checker to work I'd be set! When I right click and do a spell check, the window loads, but there's no content in it. :-(

I had the same problem! IESpell is a tough giveup, that's the main reason I keep going back to IE...

Steve

Does that check for Firefox updates or only the updates for extensions?

For those of you wanting to try a spellchecker, there's this bizarre set of instructions (http://www.4serendipity.com/journal/archives/000140.html).

My guess is that we probably won't see a polished spellchecker until the 1.0 release, although I hope it comes sooner.

--janak

Does that check for Firefox updates or only the updates for extensions?
v 0.9.2 has in the Options panel a way to automatically check for updates to both, I believe, as well as a "check now" button.

I just got it working using a combination of the instructions here (already linked by Janak):

http://www.4serendipity.com/journal/archives/000140.html

And these here:

http://www.notestips.com/80256B3A007F2692/1/TAIO-5W9KW6

So, what I found was key was downloading the .zip of 0.9 from the first link, and copying the mentioned file from the archive (composer.xpt) to the components directory. But the instructions from the top link made the spell checker open, but with no text loaded and no dictionaries available (even though I downloaded the english dictionary). So I went to the second instructions... I moved a different file from the components directory (compreg.dat) to components_temp. Then I had to re-install the stuff from the FIRST link.

But now it works. There's probably a simpler order and such, but I installed and reinstalled extensions so much I'm not exactly sure *what* order.

Most likely though, these would be the steps:

- Get the composer.xpt file into your components directory by downloading the zip from the first link.
- Install the two extensions from the first link.
- Move the compreg.dat file (as the 2nd link instructs)
- Install the dictionary file as instructed by the first link.

If that doesn't work, play around more with the ordering of the extension installation and the compreg.dat removal. But I'm pretty sure the dictionary file install has to be last.

I just got it working using a combination of the instructions here (already linked by Janak)

Thanks Janak and Kati! I'll give the spell checker another shot! :wink:

Steve

Interesting. Since there has been a huge suge in Firefox/Mozilla downloads, there's suddenly more scrutiny of the browser, and holes are going to be found. No doubt there are hackers out there starting to poke and prod at it. And, worse, Firefox doesn't seem to have an "UPDATE" function or any way to automatically check for patches. :-(

Time to fix a Firefox hole: 1 day
Time to fix a Microsoft hole: 1-2 months
Time for the Microsoft fix to create further holes: instant 8)

0.9.1 came out a week or so ago, the current version is 0.9.2. Wink

0.9.2 appears to be already patched.
1.0 is set to go gold on September 14.

I guess Mozilla is just speeding along faster than I could think. I have no idea what my current version is. I can't convince any family (other than my uncle who already had firefox) to switch...