Firefox Has Security Update

[cwdjrxyz]

The Firefox 1.5 has a security update and becomes 1.5.0.1 after the
update. If you did not customize the update feature after you installed
1.5, you likely will get an automatic update. In my case I got a screen
today that said Firefox had downloaded the update. If you did not take
it just then, you could cancel,and it then said it would update the
next time you turned Firefox on. That is exactly what it did with no
option to cancel the second time.

If you wish to change the way Firefox updates, there are several
options at tools tab > options > advanced. I was content with the
automatic download and install.

 

[Roy Schestowitz]

__/ [cwdjrxyz] on Friday 03 February 2006 05:27 \__

The Firefox 1.5 has a security update and becomes 1.5.0.1 after the
update. If you did not customize the update feature after you installed
1.5, you likely will get an automatic update. In my case I got a screen
today that said Firefox had downloaded the update. If you did not take
it just then, you could cancel,and it then said it would update the
next time you turned Firefox on. That is exactly what it did with no
option to cancel the second time.

If you wish to change the way Firefox updates, there are several
options at tools tab > options > advanced. I was content with the
automatic download and install.

This doesn't seem to be a crucial update
<http://www.mozilla.com/firefox/releases/1.5.0.1.html >

<quote>
Firefox 1.5.0.1 is a stability and security update that is part of our
ongoing program to provide a safe Internet experience for our customers. We
recommend that all users upgrade to this latest version.

Here's what's new in Firefox 1.5.0.1:

* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
</quote>

Also:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1

<quote>
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator
objects
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
</quote>

I know MFSA 2006-03 quite well because its listing is rather amusing. If a
page contains a 4-million-character title string (which would take ages to
load), there is potential for buffer overflow and maybe a browser crash. I
think someone flagged it as a "critical" flaw at the time.

Roy

 

[Andy Dingley]

Here's what's new in Firefox 1.5.0.1:
* Fixes for several memory leaks.

Is this just my impression, or has FF 1.5.0.1 gone from the relatively
lightweight memory consumprion of 1.5, back to the piggish memory hog
that was 1.0.* ?

 

[Roy Schestowitz]

__/ [Andy Dingley] on Saturday 04 February 2006 12:57 \__

Is this just my impression, or has FF 1.5.0.1 gone from the relatively
lightweight memory consumprion of 1.5, back to the piggish memory hog
that was 1.0.* ?

Can you give evidence? Maybe uptime statistics with memory usage under some
set conditions? Have you got both version 1 and 1.5? 1.0 could easily eat up
between 40 to 70 MB of RAM when just one window is open (based on rants in
Linux newsgroups). Some say it's due to back/forward caching, as well as
JRE.

The memory leaks fixes should suggest otherwise, i.e. less memory will be
used over the long run. In fact, the version number indicates that only
minor changes have been applied to the initial release which was 1.5.

Roy