cork1958
Cork
join:2000-02-26
Fruitport, MI
 ·Verizon Online DSL
 ·Charter Pipeline
4 edits | Fast!!
Temporary, but quick!! Have to give the folks at mozilla credit for that!! 
Way to go!! 
And MS has cancelled next Tuesdays patch day to fix an issue that has been know for awhile now! Go figure. |
|
shrtckt1
Fried Rice
Premium
join:2005-05-18
Athens, GA
1 edit | They have to be. This is part of their QOS strategy to sink IE for good. I think they are doing a great job (they got my business). |
|
Bananas
Premium
join:2004-08-18
Santa Barbara, CA
| easy fix
Ok ... actually it was in my about:config already i just had to toggle it to false... but what worries me is the line immediately above. Here it is
network.dns.ipv4OnlyDomains default string doubleclick.net
What the heck is doubleclick doing in my config?
I hope i am not entirely clueless but as fas as i know doubleclick is a baddie.
Any ideas? |
|
Syan48306
Kage Bunshin No Jutsu
Premium
join:2003-07-23
Rochester, MI
clubs:   | reply to shrtckt1
Re: Fast!!
After seeing how mozilla does things...you start to wonder if IE is a live program and if they have people wokring on it...lol go firefox |
|
apobull
join:2001-05-03
Manchester, MD | reply to Bananas
Re: easy fix
Interesting as I have the same setting as well but again no idea why it is there. |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| reply to Bananas
I do not have that setting at all.
I do not know if you have any extensions but if you do perhaps an extension added that string.
--
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050909 Firefox/1.0.6__Thunderbird version 1.0.6 (20050909) |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
|  Mozilla more and more like Microsoft
Even the excuses are starting to sound the same. And this FIX is nothing but a circumvention. It turns OFF functionality - it doesn't fix the code problem.
»news.com.com/Unpatched+Firefox+f···201.html
Mozilla is unhappy with the disclosure of the flaw. "We'd like to make sure that by the time something goes public, we have a solution for the users," Schroepfer said.
»https://addons.mozilla.org/messages/307259.html
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. Firefox fans hailing Mozilla for the FIX are in state of denial.
--
My Web Page
Join Red Room Forum |
|
shrtckt1
Fried Rice
Premium
join:2005-05-18
Athens, GA | Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. |
|
anonME
| reply to TKJunkMail
Yup... I was not even aware of this "about:config" looks more and more like window's registery. |
|
J Welderson
@69.139.x.x
| reply to Bananas
Re: easy fix
The network.dns.ipv4OnlyDomains string basically lists the servers that Firefox can't use IP Version 6 with, because they don't support it. It's not that they're selling you out, it's that they don't want pages to hang (which is what would happen if doubleclick was served ipv6). Furthermore, ipv6 sends even more user information than the other versions, so even if it did support it you might not want it to.
In short, this preference is nothing but a good thing. |
|
insomniac84
join:2002-01-03
Schererville, IN
| reply to cork1958
Re: Fast!!
said by cork1958  :Temporary, but quick!! Have to give the folks at mozilla credit for that!! Way to go!! Did you even read the story?
You praise a company for sweeping the problem under the rug. This is like disabling pictures because their is a jpeg flaw. Its sad when a company can't actually fix anything. They need to be more like microsoft and actually fix flaws. |
|
envoid
join:2002-12-21
Duluth, GA
| hmmmm
said by mozillazine :
According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public "after a run-in with Mozilla staff".
»www.mozillazine.org/talkback.htm···cle=7307
tho supposedly he didn't post it sunday but tuesday. sounds like personal issues getting in the way. |
|
insomniac84
join:2002-01-03
Schererville, IN
| reply to shrtckt1
Re: Mozilla more and more like Microsoft
said by shrtckt1 :Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" |
|
J Welderson
@69.139.x.x
| reply to TKJunkMail
How 'bout checking Bugzilla?
»https://bugzilla.mozilla.org/show_bug.cgi?id=307259
The bug is, in fact, fixed, both on trunk and branch. You can download a fixed build yourself. The only reason they haven't released it quite yet is because they'd like to fix a few other bugs in the meantime, as Firefox 1.0.x doesn't have automatic update and they don't want to force users to redownload Firefox for a bug with such a trivial workaround (Firefox 1.5 does, however, and they'll be getting the actual fix on Monday).
It took four days for them to completely fix it, three days to have the patches ready. That's fairly good turnaround time, methinks. |
|
JavaAndCPP
join:2004-08-30
Knoxville, TN
| reply to TKJunkMail
Maybe you missed it, but this is only supposed to be a temporary fix. The real fix is coming later. It takes time to make and test an update.
I don't know what kind of utopian standard you are holding them up to, but they released this temporary fix pretty darn fast. Better then microsoft ever does. And I'd expect to see the real fix coming before too long.
BTW, the only similarity between about:config and the windows registry is that they both hold configuration data. about:config actually looks more like java properties or linux sysctl parameters. |
|
J Welderson
@69.139.x.x
| reply to envoid
Re: hmmmm
"Supposedly"? Again, I refer you to »https://bugzilla.mozilla.org/show_bug.cgi?id=307259.
It was reported on the sixth by Tom Ferris. The developers who fixed it made no personal comments about him, were quick to respond, did not underrate the bug's severity, and were clearly actively fixing it. Ferris, however, didn't ever actually respond to the bug after he'd posted it (he interpreted it incorrectly). When he posted on Secunia, he claimed there was a "run-in" with the Mozilla module owners; I'm not sure where the run-in came in. Nor am I sure why he posted it... |
|
J Welderson
@69.139.x.x
| reply to insomniac84
Re: Mozilla more and more like Microsoft
Or possibly I don't want to bother registering in a forum that I don't intend to use.
I'm not sure how I could possibly be lying, as I linked you to the bug and comments in Bugzilla cannot be edited (even by the original writer) in any way, and the bug's history is plainly linked. Since the bug is now open, it is accessible to anyone, regardless of whether he or she has a secure account. So if you actually read the bug, you would know that I've said nothing that was not said by the Mozilla developers. And if you don't think three to four days is good turnaround time, you're free to believe that.
(By the way, the patches for the bug at the end are not the same as the extensions to disable IDN. You can verify this by, well, clicking on them). |
|
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
·AT&T Yahoo
·AT&T DSL Service
·Cox HSI
·AT&T Southwest
| reply to insomniac84
Re: Fast!!
said by insomniac84 :Did you even read the story? You praise a company for sweeping the problem under the rug. This is like disabling pictures because their is a jpeg flaw. Its sad when a company can't actually fix anything. They need to be more like microsoft and actually fix flaws. Oh, COME ON! Sweeping it under the rug? Hardly. It's called acting responsible. Given a vulnerability has been made public, and based on past history someone could release an exploit in under a week... Let me ask you which you'd prefer...
1) Realizing it might be take some time to reprogram, test for compatibility, and release a new version or patch, a company moves swiftly now to shut down or disable the flaw, until such time it is fixed. (This is what Mozilla just did)
or
2) Take as long as a few months to release a fix or version update, meanwhile leaving your users exposed, and just hoping nobody takes advantage of it.... Oh and if a big exploit then does appear, then you put out a patch AFTERWARDS shutting down or disabling the problem until you get it fixed. (This is the route MS usually has taken.)
Me, I'll take #1. You FireFox Haters will of course take #2.... and you'll praise MS for shafting you.
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) |
|
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
·AT&T Yahoo
·AT&T DSL Service
·Cox HSI
·AT&T Southwest
| reply to insomniac84
Re: Mozilla more and more like Microsoft
said by insomniac84 :I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" So you take MS's approach, which is both, sweeping it under the rug, saying nothing about fixing it, and leaving everyone exposed until ??whenever?? in the future when they release a patch or the next version release?
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) |
|
