back to article Firefox update tackles critical memory bugs

Mozilla has released a new version of Firefox in response to the discovery of several security flaws in the browser software. Version 3.0.7 of Firefox plugs five security vulnerabilities, three of which earn the dreaded "critical" label. Of these critical flaws a bug that means that Firefox crashes with evidence of memory …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Paris Hilton

    Here we go again

    I am sick and tired of these updates and am seriously considering going back to IE

  2. Neil Barnes Silver badge
    Paris Hilton

    Kudos for the subtitle!

    You are Philip K Dick and I claim my five pounds.

    Paris because she looks like she's having difficulty remembering anything.

  3. Jimmy

    Has a permit been obtained?

    Does Ma Grundy at the Home Office know that El Reg is sponsoring another one of its public willy-waving contests?

    Browser Fan-boys, please think of us children before you comment.

  4. Stef
    Joke

    Duh.

    "I am sick and tired of these updates and am seriously considering going back to IE"

    Yeah. Updating software to fix security holes is just stupid. Thank God Microsoft never patches their security holes.

    Having to wait an extra 5 seconds while Firefox updates is such a tedious exercise.

  5. Chris
    Stop

    RE: Here we go again

    Is clicking "check for updates", nodding a bit, waiting a couple of seconds as it pulls down the update, installs and restarts really that much effort? *shrug*

    Complaining about having to do something simpler than making a cuppa is considered shameless whinging in some quarters... =)

  6. Ru
    Flame

    Re: I am sick and tired of these updates and am seriously considering going back to IE

    Off you go then. You won't be missed.

    Honestly, does this sort of statement not strike you as utterly retarded? 5 seconds downtime, and in return a secure browser, straight away. None of this wait-til-next-month-if-its-only-critical rubbish you might get with other browsers. Or better yet, maybe they could just ignore these problems, and keep you happy so as to not make you suffer the outrage of automated updates.

    Perhaps you get utterly sick of windows update too? When you've found a fully featured and usable and totally bug free system that never requires any security updates ever, let us know.

  7. Anonymous Coward
    Joke

    @I am sick and tired of these updates and am seriously considering going back to IE

    You forgot your joke icon. Here, have mine.

  8. Havin_it
    Boffin

    RE: Here we go again

    AC, I strongly suspect this was humour, but you didn't use tags so I'll bite.

    Firefox alerts you that it needs an update (a process that takes less than a minute and interrupts your browsing for even less, restarting automatically with all your session activity intact) as soon as a bug has been found and fixed. This has happened less than once a month on average since Firefox 3 was released (and probably true of earlier versions, but I can't be arsed checking).

    IE alerts you that it needs an update (a process that takes an interminable length of time just to download in my experience, never mind installing it, along with whatever other fixes Windows needs at the time, and will almost always require a reboot of the computer never mind the browser, with all session data lost) on the second Tuesday of every month, regardless of when the problem was found and fixed. Or if you happen to be running in a Limited User account, it doesn't alert you at all.

    I know which I prefer. I'm just sayin'

  9. Anonymous Coward
    Anonymous Coward

    next in line...

    ...is whatever memory leak is causes firefox to run like a dog after weeks. At least I hope so.

  10. bluesxman
    Stop

    RE: Here we go again

    I was going to remark on your ridiculous statement, but I figure you're just trolling.

  11. Piggy and Tazzy
    Thumb Down

    @AC

    "I am sick and tired of these updates and am seriously considering going back to IE"

    Yeah, okay. Good luck.

    Let's see how long you last with that pile of crap.

  12. myxiplx
    Thumb Up

    just solve the sodding crashing

    Much as I love firefox, and it's ability to recover my session, I really wish it wouldn't crash all the time. Yes, IE crashes occasionally, but firefox does so much more regularly.

    Any bugfix I see that fixes some kind of crashing issue is going straight on!

  13. Ian Johnston Silver badge
    Stop

    Once upon a time...

    ...we had Netscape. It was small, fast and reliable. Now we have Firefox, a bloated, slow, unreliable, insecure behemoth - or Opera, which is lovely for the ten minutes it runs between crashes and is written by one man and his (very talented) dog in a suburb of Trondheim.

    I wish Google would hurry up with Chrome for Linux ...

  14. Anonymous Coward
    Happy

    @ myxiplx

    "Much as I love firefox, and it's ability to recover my session, I really wish it wouldn't crash all the time. Yes, IE crashes occasionally, but firefox does so much more regularly.

    Any bugfix I see that fixes some kind of crashing issue is going straight on!"

    Odd that. I'm no fanboi but I've been using it every day for months on Linux and so far it hasn't misbehaved once. Although I certainly remember the way it did under Windows and Mac OSX.

  15. Anonymous Coward
    Thumb Down

    Hmmm

    Just tried to install 3.0.7 and FF crashed out. FF has become really unstable of late, I reckon it is crashing about once a week for me.

    Come on Mozilla, get your finger out or I am moving to Opera (no way I will use IE).

  16. Gordon Grant
    Flame

    Flame on...

    Well I was wanting to see if there was as "Oh my god I've like got to update my browser it takes too long" comment and we have it, 1st comment I wonder why AC probably so none of his/her "mates" can point and laugh at them for being so stupid as to want to go back to IE..

    Sure FF crashes and memory leaks but at least you can close and restart the session with details fairly intact (site dependant) and memory is flushed and returned. IE only recently got "tabbed" browsing and it looks stupid - I mean I don't want to see every time I open a new tab "about:tabbed" I know I can turn it off but I use IE so seldom I don't bother,

    It might as well be called "About:I'm an idiot help me Bill the Mighty"

    Oh and incase your wondering that last sentence was called Sarcasm..

    I do love the fact firefox alerts me when I have updates for extensions / themes or the browser itself, with IE you have to kinda do that manually, grab that toolbar update etc now THAT is too much effort..

    I do agree with the previous commenter about memory leak fixes are always good, it's the fact it has to work outside of the MS framework as much as possible only hooking in where it needs to, since IE is already Hooked in...

  17. lupine

    chromium

    there's a beta of chrome called chromium for linux. you need to compile it but it's easier than previous versions. don't have url handy as i'm using my mobile.

  18. Kris Whitmore

    Crashing

    I'm using 3.1 b2 and although it has crashed a couple of times, nothing like the number suggested by earlier posters for 3.0x. Am I just lucky or is it that the beta version of 3.1 is actually more stable than the released version of 3.0x? (or are people prone to exaggeration? :-) )

    It makes you wonder why the developers are spending so much time on (an apparently flaky) 3.0 if 3.1 is round the corner too.

  19. Anonymous Coward
    Anonymous Coward

    Crashing

    I'm using 3.1 b2 and although it has crashed a couple of times, nothing like the number suggested by earlier posters for 3.0x. Am I just lucky or is it that the beta version of 3.1 is actually more stable than the released version of 3.0x? (or are people prone to exaggeration? :-) )

    It makes you wonder why the developers are spending so much time on (an apparently flaky) 3.0 if 3.1 is round the corner too.

  20. Mr Brush
    Boffin

    Updates for non admin users

    I don't mind the updates, but as I run as a limited user 99% of the time, it's a pain to have FF try and fail repeatedly to install the update until I switch to an admin account.

    Obviously Mozilla devs expect everyone to run with admin rights all the time on their WinDoze box.

    A little popup saying 'Update available' would be better than a constant cycle of auto download, install, fail.

  21. Anonymous Coward
    Anonymous Coward

    @Hmmm

    "it is crashing about once a week for me"

    As it works absolutely fine for me on both XP and Vista, I can only assume that you have introduced some kind of problem to your machine, rather than Firefox having done so.

    Still, easier to blame Firefox than admit you know less about computers than you thought eh?

  22. Frank

    @Various re. problems

    I've just downloaded the update, it was much less difficult that making a cup of coffee, but I made one anyway. As for FF crashes - I don't know. I've run FF for years on a what is now a 5 year old laptop running Windows XP Pro patched up to SP3 and a bit beyond. I can't remember the last time that FF crashed.

    I have AdBlock, NoScript and Java QuickStarter plug-ins and I've set the FF cache and downloads to be on a separate partition because I like my C:drive to be small and lean and not get crapped on all over. Not sure if any of that is significant or of any use to you.

  23. fran
    Thumb Up

    Much better

    Not sure about anyone else but mine is running way smoother, and hogging about half the memory it used to

  24. Not That Andrew

    Annoyance is relative

    As annoying as continually updating your browser can get, at least FF generally patches promptly, unlike IE, Safari and even Opera. As an added bonus, the updates don't cause even more annoying (like Opera, occasionally) or dangerous (like IE, occasionally) problems than they fix.

  25. adnim

    I just updated Firefox

    Frustratingly hard work, I have never known so much hassle. It took a whole two minutes to download, install and restart. The update even had the audacity to suggest it would attempt to restore my session, this caused me unnecessary anxiety by making me think I might have to open The Register site again and re-open in tabs all the items I previously had open before the update. Attempt indeed, who are they trying to kid, It was flawless, how dare the Mozilla foundation scare me so. I am never going to use Firefox again.

    No Icon because there is not one for sarcasm.

    I am sure Firefox has crashed less than five times in all the years I have been using it on the several systems I have owned in that time. However, I have never ever owned a pre-built, pre-installed PC. Ah, I tell a lie, my very first PC a 386SX was pre-built and came with WFWG 3.1 pre-installed.

  26. Kobus Botes

    Firefox 3.0 crashes

    Mmmmm. I recently found that it crashes - but only when I open Google Earth, and then not always.

    This is on Mandriva 2008 Spring.

    Anyone know if there are issues with GE? (I haven't bothered to check, as I use GE infrequently).

  27. A J Stiles
    Linux

    The day I will try Opera

    The day Opera release their Source Code is the day I will think about trying their browser.

    In the meantime, there's still Konqueror.

  28. umacf24
    Unhappy

    Firefox Gave Me Malware

    Because you can't get the update without running as an admin. I wanted 3.06, the malware was MSAntiSpyware2009 and it took me days to find the poxy drivers it installed.

    If they don't want to write a Windows service -- and being cross-platform, I can buy that -- they should offer an updater that windows users could Run As to install the downloaded patch.

    I've been wanting to get that off my chest for weeks.

  29. Aristotles slow and dimwitted horse
    Stop

    Does anybody know...

    If this is going to fix the problem that leaves the Firefox process running (albeit crashed) despite closing the browser down. This is the bane of my internet life at the moment as the only fix for it is to reboot.

    Opera has the same problem.

  30. Anonymous Coward
    Thumb Down

    Yes, but...

    Have they added the ability to disable that crap URL bar yet?

  31. Anonymous Coward
    Anonymous Coward

    Still using Firefox 2, myself

    Feh. Lack of exploits in the wild may not be a good reason to refuse an upgrade, but an intrusive user interface that can't easily be disabled, and a loopy new bookmark-storage system that can't be run through diff (or decrapified with a shell script, sed, and some basic regular expressions), still are. Haven't they figured out yet that the ability to control your own UI actually matters to some people? Almost as bad as the new extra-shiny UI that Microsoft has taken up inflicting on its poor users...

  32. SilverWave
    Happy

    Crashes?

    hmm any one using a lot of extensions by any chance?

    (I mean what's the chance of 29 extensions having any problems working together seamlessly, right?).

    ...are any of them meant for a previous version of ff? (but you force them with mr tech toolbox because you cant live without them *cough* slogger *cough*).

    Oh just me then :P

    Or it could be that the Ubuntu tweaked version I use is just not quite as robust?

    Or the Linux ff version is the poor relation at mozilla?

    Could it be that the changes from 2 to 3 were very large and it will take until 3.5 for things to bed down completely?

    All of the above?

    Fuck it, if ff crashes I am back up in 10 seconds with all tabs restored, I can live with that small hit for all the extra functionality *cough* Boox *cough*.

    And FF3.5 is due shortly :)

  33. Maty

    er ...

    >>If this is going to fix the problem that leaves the Firefox process running (albeit crashed) despite closing the browser down. This is the bane of my internet life at the moment as the only fix for it is to reboot.<<

    Why not just look for firefox.exe in active processes and close it there?

  34. Colin Miller

    @Havin_it

    Have you tried forcibly killing firefox ?

    This assumes you are running MSWindows...

    Start taskmanager (Ctrl-Alt-Del Alt-t or Ctrl-Shift-Escape)

    View processes (second tab)

    Sort by image name (first column header)

    click in the list.

    Press 'f' , and then select 'firefox'

    Click the "End Process" button.

    Press "Yes" on the dialog box.

    (bah. Where's "killall -kill firefox" when you need it?)

  35. SilverWave
    Go

    @Still using Firefox 2, myself

    >>Feh. Lack of exploits in the wild may not be a good reason to refuse an upgrade,

    #Yeah but ff2 is now unsupported so the move to 3 is now imperative from a security point of view.

    >> but an intrusive user interface that can't easily be disabled,

    # Hmm not sure what you mean ff2 and ff3 ui aren't all that different and you can use another theme easily enough... e.g. Aero Silver Fox 3.0.2 looks good on ubuntu and windows.

    >> and a loopy new bookmark-storage system

    # I agree that this is a big change but I think the pain is worth it long term.

    >> that can't be run through diff (or decrapified with a shell script, sed, and some basic regular expressions), still are.

    # you can still import and export HTML so its not that difficult to ExportHTML > clean up > ImportHTML

    >> Haven't they figured out yet that the ability to control your own UI actually matters to some people?

    # you still have control over the chrome.

    >>Almost as bad as the new extra-shiny UI that Microsoft has taken up inflicting on its poor users..

    #Don't overstate your case. It undermines credibility.

    Note: If you are worried about the address bar an extension can revert it back to ff2 behaviour.

    I would say that although I was initially sceptical, the new lookup behaviour of the address bar is very good once you get used to it.

    It enables you to quickly search your bookmarks and your history - very very cool.

  36. Anonymous Coward
    Heart

    yay! update!

    To be honest if your suffering lots of crashes in F.F I'd check out your own kit.

    I have had F.F running on my systems for so long now I cant remeber the last time it crashed.

    And I have it running with extentions (generally 4 or more) on XP, OSX and Ubuntu which all sync with one another.

    I.E has improved over the years but after the constant arse raping it gave me of the earily years I'm simply never going to go back to it.

    Liked Opera and I did use it before F.F turned up and really nothing bad to say about it, just that I prefere F.F and all the optional goodies.

    *\. oh no!! I'm turning into a F.F fanboi - is there a cure?!

  37. Simon Neill

    (bah. Where's "killall -kill firefox" when you need it?)

    cmd -> taskkill /f /im firefox.exe, apply to the affected area as needed.

  38. Anonymous Coward
    Anonymous Coward

    @ @Havin_it

    >>(bah. Where's "killall -kill firefox" when you need it?)

    taskkill /im firefox.exe /f

  39. A

    Re: @Havin_it

    Under Vista? Task murdering is easy: WindowsKey-R, type:

    cmd

    Once the commandline is open type:

    taskkill /im firefox.exe /t /f

    That should kill firefox and all its sub-processes. Job done :)

    As for the flakiness people are reporting; I think it's probably those "must have" extensions too. Some of them render it about as stable as a giraffe on a unicycle ;)

  40. Anonymous Coward
    Anonymous Coward

    @SilverWave, 17:40 GMT

    >>Yeah but ff2 is now unsupported so the move to 3 is now imperative from a security point of view.

    If you say so. I figured AdBlock and NoScript were imperative from a security point of view far more than the browser itself.

    >>Hmm not sure what you mean ff2 and ff3 ui aren't all that different and you can use another theme easily enough... e.g. Aero Silver Fox 3.0.2 looks good on ubuntu and windows.

    I don't care about that particularly. I care about having a UI that doesn't blink, bleep, pop things up, or otherwise do anything on the screen without my explicit orders to do so. To the extent FF2 wants to do so by default, I've found that easy to disable. FF3, less so. Furthermore, I recall not being able to resize the add-bookmark dialog and a bunch of other stupid, unconfigurable annoyances that, to be fair, I can't remember. Have they fixed that, either?

    >>I agree that this is a big change but I think the pain is worth it long term.

    Okay, I didn't get that memo. What, exactly, makes this worth it? My understanding is that this database-based bookmarking system is supposed to be faster. I tried it; it wasn't. Otherwise, it appears to store a whole heck of a lot more... stuff, for lack of a better term, that serves no purpose apparent to me. A text-based format is universal. A database is a pain unless you know databases.

    Note: this is a serious question. I truly, genuinely want to know why I, or anyone else, should regard this as an improvement.

    >> you can still import and export HTML so its not that difficult to ExportHTML > clean up > ImportHTML

    See, I tried that. It didn't work. Also, what I decrapify is all that extra garbage FF insists on stuffing into my bookmarks file. Here's what I do:

    sed -r --in-place=.bak3 's/(ADD_DATE|LAST_MODIFIED|LAST_CHARSET|LAST_VISIT|ICON_URI)="[^"]+" //g' bookmarks.html

    ...to the bookmarks files on both of my machines, followed by using diff to keep them synchronized. I like doing it like this. That import/export stuff in FF3 doesn't seem to work well.

    >> you still have control over the chrome.

    Tying in with the next point: this is admittedly true, but I maintain that it is only a partial solution. Furthermore, being able to hack stuff isn't exactly the same as having a truly configurable UI. My understanding is that some of IE's interface shortcomings can be dealt with by mucking about in the Registry, too.

    >>Don't overstate your case. It undermines credibility.

    Fair enough, but the principle is the same: who gets the ultimate say in how I use my computer? Microsoft arrogantly won't let you turn that stuff off. Mozilla won't either. Firefox is more hackable, but I say again, the principle is the same.

    >>I would say that although I was initially sceptical, the new lookup behaviour of the address bar is very good once you get used to it.

    Pet peeve time: I do not have words to describe how infuriated I get when people say this. And they do. So often. Honestly, it's great that so many people like it. I understand that. I don't want it removed. But I, personally, don't. I, personally, have a way of working that suits me, and apparently I'm not alone in that. It's great that it works for others. But no matter how awesome anyone thinks a given UI feature is, it ought to be able to be disabled easily.

    >>It enables you to quickly search your bookmarks and your history - very very cool.

    I already have that. In fact, I have plugins that work better: Enhanced Bookmark Search, Enhanced History Manager, Flat Bookmark Editing, Locate In Bookmark Folders, and OpenBook. Maybe things have improved, but last I checked, I could not replicate the same functionality under FF3. Speed might matter if I was running this on, say, a low-speed ARM processor. But nothing I own, even the boxes that are several years old, show the slightest bit of sluggishness searching either of those things. Also, searching history would be irrelevant to anyone who likes to clear it out regularly.

  41. Anonymous Coward
    Alert

    Re. "Firefox Gave Me Malware "

    You're kidding, right?

    I have used FF for years under XP SP2 on a machine always as admin. I have never had one of these malware infestations? Where the hell did yu d/l your latest FF from? Somewhere with a .ru extension on the domain?

    As for crashes, I can honestly say that over the years, the number of times FF has crashed and required a restart for me could be counted on one, maybe two hands, with a finger or two left over.

    As far as speed goes, I have never had an issue here.

    I run FF with No Script, ABP, Noref and Ghostery - all is well.

  42. Anonymous Coward
    Boffin

    @Ru

    "Off you go then. You won't be missed."

    What an *utterly* fanboying thing to say. Talk about Firefox being a browser for a cliquey bunch of nerds. It seems you have to 'leave' some kind of social network when you simply stop using it, and the nerdy clique dislike you for doing so.

    Shame there's no icon of Gary Glitter with the slogan "Leeeeader! You wanna be in my gang!"

  43. The BigYin

    @AC - 13:30

    (As I was writing this comment, FF crashed)

    What is it with Reg readers and the personal attacks? If you cannot construct a valid argument based on facts, don't bother writing a comment. Leave the personal insults in the playground.

    As to what *I* have done to cause the crashing...very little. It crashes on different OSs (XP, Vista and Linux), it crashes for my colleagues. I have installed some add-ons (AdBlock, NoScript etc) and, yes, they may be the root of the crashes; but that just screams bad architecture to me. Add-ons should not bring FF down.

    Yes, some of the add ons are for the previous version; I can't remove these as FF won't let me. This is yet another issue, along with the memory and CPU hogging

    Despite this, it's still better than IE. I just wish that it was possible to have a small and light web browser.

    As for Chrome....barf. Google is worse than MS, no way I will run their shit. I even block their scripts and cookies as well as running "TrackMeNot". to try and stop them monitoring me.

  44. regadpellagru
    Paris Hilton

    @sick and tired

    "I am sick and tired of these updates and am seriously considering going back to IE"

    Ah ah, good luck then.

    Be informed, when Windows tells you that 149 updates need to be applied, at boot time, making booting a more than 1 hour process, that it's reinstall time.

    Once you'll have wasted many hours waiting for windows to boot, and 3-5 hours in reinstalling your OS + drivers and apps + restoring all of your data (supposing you backed them up), you'll cease rapidly to be "sick and tired" of the FF updates.

    PH icon, what else ?

  45. Anonymous Coward
    Anonymous Coward

    "leaves the Firefox process running"

    No need to reboot on the odd occasion that FF does this, just close the process down!

    FF is defintely less stable than it used to be, and surprisingly IE8 is pretty damn good.

    The best would be Opera but upgrading is a real pain in the arse. Also despite best efforts such as masking as IE or FF it does not run on all sites, problems with Java / script especially. But Opera has unparalleled security and tweaking options per site, really excellent.

  46. SilverWave
    Go

    @Still using Firefox 2, myself

    >>...That import/export stuff in FF3 doesn't seem to work well.

    Yeah the workaround is to: close FF > export to html(overwrite bookmarks.html) > clean up bookmarks.html

    rm bookmarkbackups > rm places.sqlite > restart ff (will auto import bookmarks.html).

    All your other points :)

    I was in the same place you are - very comfortable with FF2 and seeing a lot of change in FF3 that would make me have to change some very ingrained usage habits.

    But Bookmarks in FF2 were crap.

    You yourself had to install 5 addins to make-up for this.

    So mozilla did the right thing fixing it, their solution, involving a sql db, was a bit of a surprise but it works.

    FF2 is going to die and over time it will be more and more insecure and vulnerable.

    I decided that I would give the developers the benefit of the doubt and give FF3 a fair chance.

    To get the most out of FF3 I did need to change some things - setting history from 0 days to 90 days was a bit weird but when you see where they are coming from (history treated as just temporary bookmarks) it makes sense.

    Now I can search any site I have visited in the last 90 days and most visited sites are top of the list.

    There are still a few rough edges but hopefully FF3.5 will sort most of them out.

  47. SilverWave
    Linux

    @The BigYin

    >>Yes, some of the add ons are for the previous version; I can't remove these as FF won't let me. This is yet another issue, along with the memory and CPU hogging

    Sounds like profile problems, try creating a clean one and re-adding extensions 1 at a time.

    Notes:

    firefox -ProfileManager

    firefox -safe-mode

    To transfer your information between profiles you need to copy these files:

    signons3.txt

    key3.db

    places.sqlite

    cert8.db

    cert_override.txt

  48. Anonymous Coward
    Joke

    @ Here we go again

    I know that AC - his name is Jack and I believe his last name is A**.

  49. Anonymous Coward
    Anonymous Coward

    @ Silverwave (was, "Still using Firefox 2, myself")

    >>>...That import/export stuff in FF3 doesn't seem to work well.

    >

    >Yeah the workaround is to: close FF > export to html(overwrite bookmarks.html) > clean up bookmarks.html

    >rm bookmarkbackups > rm places.sqlite > restart ff (will auto import bookmarks.html).

    ...I'm a bit late returning to this thread, but, well, colour me impressed. Okay, with a genuinely helpful suggestion like this, I may indeed try installing FF3 again and giving it a shot. This is, at least, no more irritating than what I currently do anyway. I am still not convinced that the bookmark searching functions in FF3 are actually better, but at least this will take most of the edge off. Thanks!

This topic is closed for new posts.

Other stories you might like