EasyList Forum

Mozilla Firefox 2.0.0.4 is now available. Here are the download sites (it isn't on the web site yet, as of Wednesday, May 30 at 3:20 PM):

U.S. English, Windows version
http://www.mozilla.com/products/downloa ... lang=en-US

Other languages & operating systems
ftp://ftp.mozilla.org/pub/mozilla.org/f ... s/2.0.0.4/

Once you get into the directory, pick your operating system and then your language to get to the appropriate installer.

The release notes for 2.0.0.4 haven't been posted yet, either, so I don't know for sure what was fixed/enhanced/added. When I try to "sneak in through the back door" by modifying the current link with the new version number < http://www.mozilla.com/en-US/firefox/2. ... easenotes/ >, I get the notes for Release Candidate 3.

One note: Firefox 2.0.0.4 broke the Java console for Sun Java SE Runtime Environment 6 Update 1 (the latest release). This doesn't come as a surprise -- Firefox 2.0.0.3 broke the console for Sun Java SE Runtime Environment 6, too (which was probably the reason that Update 1 was released). I've never used the Java console, so I don't know if I'm missing anything. If Sun follows course, they'll release Update 2 in the next couple weeks to fix it.

Here's the short list of the security issues that were fixed in Firefox 2.0.0.4:

MFSA 2007-17 (low) - XUL Popup Spoofing
MFSA 2007-16 (high) - XSS using addEventListener
MFSA 2007-14 (low) - Path Abuse in Cookies
MFSA 2007-13 (low) - Persistent Autocomplete Denial of Service
MFSA 2007-12 (critical) - Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)


Impact key
* Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
* High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
* Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
* Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs.

Thanks MM.

Already been using the 2.0.0.4 RC release for a while because of some of the bugs that are now fixed in Firefox regarding Adblock Plus.

I am totally excited about users finally getting this release as it now adds new power to ABP. Wladimir himself actually fixed this in Firefox to make ABP (and other things) work correctly ... and Mozilla accepted & implemented Wladimir's fix in this release. You are the man, Wladimir

Now you can look for a new designation-type called "other" as a definition of a blockable-type in Adblock Plus's "blockable items" now. Firefox has now allowed ABP to block different 'parts' of a flash object like in Yahoo Maps to block the ads contained under the map without blocking the whole map. This was not possible before. Those ads should now disappear automatically with my EasyList as soon as you install the Firefox 2.0.0.4 update where it wouldn't block them before with Firefox 2.0.0.3.

rick752 wrote:Firefox has now allowed ABP to block different 'parts' of a flash object like in Google Maps to block the ads contained under the map without blocking the whole map.

Sweet! I fired up Yahoo Maps and saw that the ad in the lower left corner is now gone. Great job, Wladimir!

Has the third party thing been added in to this build as well or is that going to only make it into 3.0?

IceDogg wrote:Has the third party thing been added in to this build as well or is that going to only make it into 3.0?

I don't know.
I played with $third-party in the filtering when I first installed the 2.0.0.4 nightly, but it didn't seem to work. But I did notice that "other" appeared as blockable objects and knocked out those Yahoo Maps ads..

I'm not sure whether Firefox isn't ready to do it, or ABP isn't updated yet to do it .. or both ... or neither. You'd have to ask Wladimir because I just don't know, Dogg.

Ok, thanks for the reply Rick. I may do that when I find the old thread about that. LOL