bit-tech.net

Bug mars Firefox 3.0 launch

Bug mars Firefox 3.0 launch

Fans of Firefox will be disappointed to hear of a bug shared by both 3.0 and 2.0.x that can leave your system open to attack.

Although the Firefox 3.0 Download Day went with a bang, with over eight million downloads counted within the all-important twenty-four hour period, a shadow has been cast over the latest version of the popular open source browser already: a critical security flaw brought over from Firefox 2.0.x which remains unfixed.

According to CNet News, the bug was discovered by a contributor to TippingPoint's controversial bugs-for-cash programme Zero-Day Initiative. Reported to Mozilla approximately five hours after Firefox 3.0 enjoyed its official launch, the bug is described by TippingPoint as allowing an attacker “to execute arbitrary code” providing there is some user interaction “such as clicking on a link in an email or visiting a malicious web page.

When pressed for further details, TippingPoint clammed up and merely stated that it wouldn't be handing out details on the flaw until after the Mozilla Foundation has had a chance to get a patch out.

Fans of the browser will be disappointed that this next-generation release – which contains many changes designed to improve user security – has fallen so quickly. Although at first glance having a bug from the previous generation of Firefox make its way into this newest release is at the very least embarrasing, what TippingPoint hasn't yet made clear is whether the bug is one known to the Mozilla team before the release of Firefox 3.0. Although TippingPoint does describe the flaw as “affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x” it doesn't make clear whether this was something the Mozilla team could have reasonably prevented.

Either way, it's an inauspicious start to the browser's career. I suggest keeping an eye on the Mozilla Security Center for a patch, which hopefully will be available pretty darn soon.

This bug aside, which hopefully isn't in the wild yet, how are people getting on with Firefox 3.0? Share your experiences with the new browser over in the forums.

33 Comments

Discuss in the forums Reply
Kierax 20th June 2008, 13:35 Quote
*sigh*

They really should have caught that.
Paradigm Shifter 20th June 2008, 13:41 Quote
Quote:
Originally Posted by AndrewJ
*sigh*

They really should have caught that.
No kidding. :(
will. 20th June 2008, 13:44 Quote
Compared to Internet Explorer, who the **** cares? I'm happy.
Orionche 20th June 2008, 13:45 Quote
Its just one bug (albeit a serious one) thats probably gonna be fixed in a matter of days (hopefully). Doesn't seem like too big of a deal to me. Don't think the whole userbase is gonna be infected with something... :\
Leitchy 20th June 2008, 14:35 Quote
I was dispapointed to hear that Google stopped supporting and updating my beloved "Google Sync" addon, but I heard Mozilla's "Weave" will have similar features ( a more stable beta will be released in the coming weeks ).

Until then, I've had to use Foxmarks to automaticly sync up my bookmarks between computers which is fine for now, and a manual password exporting utility to deal with my extensive list of passwords.

Enjoying Firefox 3 though, despite the bug!
cjoyce1980 20th June 2008, 14:40 Quote
Quote:
Originally Posted by will.
Compared to Internet Explorer, who the **** cares? I'm happy.

at least mircosoft do fix there bugs, this has been a flaw with firefox since v2.0.

i dont have a fav browser i just use the one comes with the OS and i know if this was apple or microsoft there would of been i much more strict testing policy which probably would of eliminated this flaw.

dont get me wrong i love open source stuff as much as the next guy, but your code is only as good as your testing..... and mozilla's aint to good lately
TreeDude 20th June 2008, 14:55 Quote
It still requires some user interaction in order to for it to be exploited. I think most of us should be ok. At least it was not something that was fixed in 2.0.x and then reintroduced in 3.0.
TreeDude 20th June 2008, 15:01 Quote
Quote:
Originally Posted by cjoyce1980
Quote:
Originally Posted by will.
Compared to Internet Explorer, who the **** cares? I'm happy.

at least mircosoft do fix there bugs, this has been a flaw with firefox since v2.0.

i dont have a fav browser i just use the one comes with the OS and i know if this was apple or microsoft there would of been i much more strict testing policy which probably would of eliminated this flaw.

dont get me wrong i love open source stuff as much as the next guy, but your code is only as good as your testing..... and mozilla's aint to good lately

Are you kidding? Do you think that bugs just magicly appear? No, they are there from the start. MS is still fixing bugs in IE6 (which was released like 7 years ago) and IE7. They usually have at least 1or 3 critical updates every month. I think Mozilla is doing a far better job. Once a flaw becomes known they usually fix it in just days. Not to mention that FF doesn't have ActiveX, that is one big security flaw gone right there. You go ahead and keep using your bloated and flawed browser though.
Mentai 20th June 2008, 15:25 Quote
I'm not concerned. Every browser has exploits, just some are found sooner than others. I find mozilla patches things up generally quicker than microsoft though.
Dreaming 20th June 2008, 15:27 Quote
Personally my experience so far has been that the release candidate seemed to work better :/. I think I had RC2. In the past few days I've had it crash once (where I had to end the process through task manager), and none of my addons work (yet they worked with the release candidate? :s)

Several friends have reported BSODs as well, so I really have no clue whats going on with it...
TreeDude 20th June 2008, 15:45 Quote
Quote:
Originally Posted by Dreaming
Personally my experience so far has been that the release candidate seemed to work better :/. I think I had RC2. In the past few days I've had it crash once (where I had to end the process through task manager), and none of my addons work (yet they worked with the release candidate? :s)

Several friends have reported BSODs as well, so I really have no clue whats going on with it...

Thats odd. FF should never cause a BSOD. Something else has to be wrong. I have been using FF3 since beta 1. It was rock solid for me since beta 4.
DriftCarl 20th June 2008, 16:01 Quote
work and home upgraded to version 3 :)
im not too bothered about the bug, i was using version2 before and it was in there so its not like the security has got worse.
I think it is great though, I already like the improved address bar finding the exact web page I want, just typing bit tech in the address bar brings up this lovely website in a much more efficient way than the previous version did.

I also like the dragging and dropping feature on version 3 too on web content, very handy to copy stuff from 1 window to another.
And the software actually fits with my xp and vista themes alot better.
C-Sniper 20th June 2008, 16:33 Quote
FF3, on linux it is running great, although the new UI is a bit... bland.
FF3, on the microsoft Windoze eXPeriment had a hiccup or two after it erased all my profile data and bookmarks to when i had the FF3beta installed.

Also the fact that i can't use "unsecured" add-ons pisses me off
badders 20th June 2008, 16:54 Quote
I haven't downloaded FF3, except at work yesterday, to verify reports that none of the ford websites work on it.
I don't think I'll be using it at home. I'll stick to IE7.
It does everything I need, so why clog my PC up with another bit of software?
seveneleven 20th June 2008, 17:20 Quote
I tried (although briefly) the mobile version of the beta 4 FF and thought mozilla were on the right track.
When I installed the final one and connected to a site with lots of Flash going on (Escapistmagazine) the memory use went to ~110 MB!!That hadn't happened to me with FF 2 and I wasn't using a lot of tabs either.Right now I have iGoogle and bit-tech opened and it uses ~65 megs,WTF!?Very disappointed...:(
wuyanxu 20th June 2008, 17:49 Quote
apart from occasionally giving me a FF crashed message when i close it, im enjoying FF3 :)

what bug? as long as there's code, there will be bugs. nothing new.
(no offence bittech)
Dreaming 20th June 2008, 17:57 Quote
Quote:
Originally Posted by TreeDude
Quote:
Originally Posted by Dreaming
Personally my experience so far has been that the release candidate seemed to work better :/. I think I had RC2. In the past few days I've had it crash once (where I had to end the process through task manager), and none of my addons work (yet they worked with the release candidate? :s)

Several friends have reported BSODs as well, so I really have no clue whats going on with it...

Thats odd. FF should never cause a BSOD. Something else has to be wrong. I have been using FF3 since beta 1. It was rock solid for me since beta 4.

http://fragsoc.co.uk/forums/viewtopic.php?t=970
Quote:
Hmmm... don't know if this is firefox but my PC has BSODed 4/5 times since installing it =/
Quote:
Hmm, I got BSODed randomly yesterday.

I don't know if it's directly the new firefox version as it hasn't hapened to me, just (twice now) it has stopped responding. Release candidate was running for much longer without issues. Maybe I should have uninstalled then reinstalled? I just installed over the top...
DougEdey 20th June 2008, 18:18 Quote
Could be flash causing it.
LordPyrinc 21st June 2008, 02:18 Quote
All software has its bugs and security flaws. Users give an unrealistic expectation that all bugs are going to get fixed. In reality, that's just not the case. The bugs that are identified as being high priority that could potentially affect a large amount of the user community tend to be fixed first... (if the money is there to pay people to fix the problem).

Last time I checked, Firefox was free for download. If that's still the case, then bug fixes are pure charity work by some dedicated people. Firefox users need to stop whining unless they are willing to work for free to help fix the bugs.
steveo_mcg 21st June 2008, 02:36 Quote
I'll wait till it filters down from Sid before I upgrade, that should get most of the problems out of it, course it'll be Iceweasel by then.
dworvos 21st June 2008, 06:48 Quote
What I really find amusing about technology and the internet in general is that people tend to just join a camp and endorse it to the death while keeping a closed mind about everything.

I believe this would actually make an interesting anthropology research topic. Understanding why people tend to bond together in technology wars and fight it out as if you are only allowed to use one technology. For example, if you like Firefox you must endorse it and you are not allowed use any other browser! In a more personal example, I use three internet browsers, IE, Firefox, and Opera. I use IE and Opera at home, while I use Firefox at my University. I don't feel any need to tell everyone I know that one browser is better than the other or visa versa, they all work well enough for me. What intrigues me is when people say "browser A" has a bloated memory footprint when all the browsers seem to consume the same amount of RAM anyway... which in this day and age where 500 GB hard drives are the norm and 2 GB of RAM costs $40, is quite insignificant.
will. 21st June 2008, 17:24 Quote
Quote:
Originally Posted by cjoyce1980
at least mircosoft do fix there bugs, this has been a flaw with firefox since v2.0.

i dont have a fav browser i just use the one comes with the OS and i know if this was apple or microsoft there would of been i much more strict testing policy which probably would of eliminated this flaw.

dont get me wrong i love open source stuff as much as the next guy, but your code is only as good as your testing..... and mozilla's aint to good lately

HA!

You have obviously not used internet explorer very much, let alone try and build a website for the thing.
Cobalt 21st June 2008, 19:15 Quote
What the hell has that got to do with it? IE is a terrible browser, non standards compliant and riddled with security flaws despite a professional workforce dedicated to it. Building a website for it is annoying and using it is dangerous. Why would he want to do either?
will. 21st June 2008, 19:54 Quote
Ooops, I quoted the wrong person :p
Fixed it. Should make more sense now.
Boogle 21st June 2008, 21:04 Quote
Quote:
Originally Posted by Cobalt
What the hell has that got to do with it? IE is a terrible browser, non standards compliant and riddled with security flaws despite a professional workforce dedicated to it. Building a website for it is annoying and using it is dangerous. Why would he want to do either?

Annoying... ANNOYING? Try, the lowest circle of hell. Torture given only to the most evil people on the planet. A tedium unmatched by anything satan could invent, so tedious in fact, that it's used by hell as a research tool. IE6 is quite possibly the worst piece of technology ever released.
steveo_mcg 21st June 2008, 21:47 Quote
Not a fan then?
Dreaming 22nd June 2008, 11:44 Quote
Quote:
Originally Posted by LordPyrinc
Last time I checked, Firefox was free for download. If that's still the case, then bug fixes are pure charity work by some dedicated people. Firefox users need to stop whining unless they are willing to work for free to help fix the bugs.

thing is for me at least none of the bugs were in the release candidate, it doesn't seem to make sense. I'm very grateful for the work they do of course, but just because it's free doesn't mean it's not open to constructive criticism :)
johnmustrule 22nd June 2008, 11:46 Quote
For all that there is to hate about IE, it's interface has fallen into favor over firefoxes, atleast for me, despite my many add-ons I installed to help, IE just seems to work better for me. Frankly though both IE and Fire Fox are only a shadow of opera which is so much better in so many ways! fire fox<ie<opera. and now it seems the Fire fox teams gotten a little lazy.
CraZy 22nd June 2008, 22:08 Quote
guys, guys...use Opera ;)
DougEdey 22nd June 2008, 22:43 Quote
LYNX!
Redbeaver 22nd June 2008, 23:40 Quote
works great for me, tho i still mainly use IE. and yes, i build my site for IE as well :) works great on IE tho FF3 doesnt seem to wanna play nice with it.

no, im not bill gates.

no, im not satan either.
Dreaming 23rd June 2008, 13:26 Quote
Quote:
Originally Posted by CraZy
guys, guys...use Opera ;)

I have used them side by side (including IE) for quite a while, but I think now just because of the FF current issues opera will become my browser of choice. It's much harder to customise though :( it took me several hours last night just to set up bookmarks whereas firefox is just drag and drop. Also no extensive download manager support!
boggsi 23rd June 2008, 15:34 Quote
Quote:
Originally Posted by dworvos
What I really find amusing about technology and the internet in general is that people tend to just join a camp and endorse it to the death while keeping a closed mind about everything.

I believe this would actually make an interesting anthropology research topic. Understanding why people tend to bond together in technology wars and fight it out as if you are only allowed to use one technology. For example, if you like Firefox you must endorse it and you are not allowed use any other browser! In a more personal example, I use three internet browsers, IE, Firefox, and Opera. I use IE and Opera at home, while I use Firefox at my University. I don't feel any need to tell everyone I know that one browser is better than the other or visa versa, they all work well enough for me. What intrigues me is when people say "browser A" has a bloated memory footprint when all the browsers seem to consume the same amount of RAM anyway... which in this day and age where 500 GB hard drives are the norm and 2 GB of RAM costs $40, is quite insignificant.

You do not understand how some people work then. I am a fast paced browser user. When I am forced (because I forget my memory stick with portableFF on) to use IE on University computers I get physically frustrated. Lack of my search plugins, i can't right click a selected word and instantly google, i press ctrl-t and start typing... but no! I was supposed to wait a few seconds before I started because IE is too slow to keep up. Lack of my bookmarks & settings, too much screen estate taken up... these are all genuine annoyances. You could skin up IE and disguise it to be FF, but when my features were missing, id still show the same frustration!

Just because some people DO endorse a camp to death, doesn't mean there aren't solid reasons why it is worth endorsing something through a minor difficulty.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums