EasyList Forum

Mozilla Firefox 2.0.0.2 is now available. Here are the download sites (it isn't on the web site yet, as of Friday, February 23 at 10 AM):

U.S. English, Windows version
http://www.mozilla.com/products/downloa ... lang=en-US

Other languages & operating systems
ftp://ftp.mozilla.org/pub/mozilla.org/f ... s/2.0.0.2/

Once you get into the directory, pick your operating system and then your language to get to the appropriate installer.

Got it MM ... all seems well so far. Thanx

Yea, I'm using this now. I think I'm going to give up nightlys for a while like I did last time when lots of things were going on. I'll let it settle down some then I'll use them as they get closer to completion.

What is amazing is how fast 2.0.0.2 is and that the nightlys are even faster.. and you would think they will get even better as they trim the code and work out memory issues.

Here are the things that got fixed in Firefox 2.0.0.2:

Critical
* onUnload + document.write() memory corruption
* Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

High
* Embedded nulls in location.hostname confuse same-domain checks

Moderate
* Mozilla Network Security Services (NSS) SSLv2 buffer overflow
* XSS and local file access by opening blocked popups
* Information disclosure through cache collisions

Low
* Spoofing using custom cursor and CSS3 hotspot
* Improvements to help protect against Cross-Site Scripting attacks

More details:

Firefox fix lances memory corruption bug
http://www.theregister.com/2007/02/26/firefox_update/

Here is a more complete list of changes, not for those that don't want to know the details and/or read a lot. I counted (roughly) 148 bug fixes listed.

I dunno whether it's to do with this release, but ever since I updated I'm seeing more certificate alerts than before. I hardly ever saw any previously, and on sites I visit regularly, the screen pops up and I click to allow for this session. A good example is anything to do with mozilla.org.

No-one experienced this issue then?

No, not at all, Tony.
Is it just that 'first-time' alert that you haven't told yet, "Don't alert me again"?

AMO is a secure site and will pop up an alert to tell you about that if you haven't disabled that popup yet.

To best illustrate this, I went to http://www.mozilla.com and clicked on the link for Firefox Add-ons (https://addons.mozilla.org). This is when I get the attached alert. Obviously, if I allow for "this session", I don't get this alert again till another time.

My point is that prior to this release of Firefox, i.e. v2.0.0.2, I don't recall seeing such pop-ups.

Tools ... options .... security.

Turn off the "forgery" settings.

You don't mean turn off the anti-phishing element surely?

TonyW wrote:You don't mean turn off the anti-phishing element surely?

Just trying to check for reasons why it's doing that to you. It doesn't do that here and I don't seem to be able to reproduce it.

This appears to have been a problem in nightly builds:

http://forums.mozillazine.org/viewtopic ... b514370866

To which patches were deployed:

https://bugzilla.mozilla.org/show_bug.cgi?id=362980

However, it seems I'm not the only one to suffer this problem still.

Further to my last post, I took the step of uninstalling Firefox completely and re-installing it.

At the moment, that seems to have cured the problem, but I can't verify till I've done a bit more surfing.

All I know is that when I went to mozilla.com and the Add-ons link as described above, no certificate dialog box appeared, but the usual encryption alert box came up as transferring from unencrypted to encrypted.

TonyW wrote: At the moment, that seems to have cured the problem, but I can't verify till I've done a bit more surfing.

Just to confirm things are fine now.

How strange, must have been something wrong with previous installation.

I'm glad that everything is OK now Tony.

On a personal note, I do not like running 'partial' upgrades to my Mozilla software (personally, I don't like running 'upgrades' for pretty much ANY software). I always feel much better using the full version for a new upgrade.

I always do an uninstall/reinstall of the Mozilla program(s) when a new release comes out (doesn't affect any of your own settings at all). It may take a little longer to do, but I have used Firefox since it was called Phoenix and have never had a problem caused by a new update if I do an uninstall/reinstall of it.

On the other hand, I know people who have had problems from running just the 'upgrade'. Many of the problems cause by that were fixed simply by removing and reinstalling the newer FULL version.