| Mozilla more and more like Microsoft Even the excuses are starting to sound the same. And this FIX is nothing but a circumvention. It turns OFF functionality - it doesn't fix the code problem.
»news.com.com/Unpatched+Firefox+f···201.html
Mozilla is unhappy with the disclosure of the flaw. "We'd like to make sure that by the time something goes public, we have a solution for the users," Schroepfer said.
»addons.mozilla.org/messages/307259.html
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. Firefox fans hailing Mozilla for the FIX are in state of denial.
--
My Web Page
Join Red Room Forum |
|
|
|
 shrtckt1Fried RicePremium
join:2005-05-18
Athens, GA | Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. |
|
| reply to fAcEtIOUs
Yup... I was not even aware of this "about:config" looks more and more like window's registery. |
|
| reply to shrtckt1
said by shrtckt1:Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" |
|
| reply to fAcEtIOUs
How 'bout checking Bugzilla?
»bugzilla.mozilla.org/show_bug.cgi?id=307259
The bug is, in fact, fixed, both on trunk and branch. You can download a fixed build yourself. The only reason they haven't released it quite yet is because they'd like to fix a few other bugs in the meantime, as Firefox 1.0.x doesn't have automatic update and they don't want to force users to redownload Firefox for a bug with such a trivial workaround (Firefox 1.5 does, however, and they'll be getting the actual fix on Monday).
It took four days for them to completely fix it, three days to have the patches ready. That's fairly good turnaround time, methinks. |
|
| reply to fAcEtIOUs
Maybe you missed it, but this is only supposed to be a temporary fix. The real fix is coming later. It takes time to make and test an update.
I don't know what kind of utopian standard you are holding them up to, but they released this temporary fix pretty darn fast. Better then microsoft ever does. And I'd expect to see the real fix coming before too long.
BTW, the only similarity between about:config and the windows registry is that they both hold configuration data. about:config actually looks more like java properties or linux sysctl parameters. |
|
| reply to insomniac84
Or possibly I don't want to bother registering in a forum that I don't intend to use.
I'm not sure how I could possibly be lying, as I linked you to the bug and comments in Bugzilla cannot be edited (even by the original writer) in any way, and the bug's history is plainly linked. Since the bug is now open, it is accessible to anyone, regardless of whether he or she has a secure account. So if you actually read the bug, you would know that I've said nothing that was not said by the Mozilla developers. And if you don't think three to four days is good turnaround time, you're free to believe that.
(By the way, the patches for the bug at the end are not the same as the extensions to disable IDN. You can verify this by, well, clicking on them). |
|
 KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK
 ·AT&T DSL Service
| reply to insomniac84
said by insomniac84:I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" So you take MS's approach, which is both, sweeping it under the rug, saying nothing about fixing it, and leaving everyone exposed until ??whenever?? in the future when they release a patch or the next version release?
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) |
|
 Ryan FTake Back The WebPremium
join:2002-10-18
Alexandria, VA | reply to fAcEtIOUs
You know, I think you just post because you like to see your own words on the screen. Had you actually read anything recent on the topic, you'd have found out that the fix that turns off IDN was created just about three hours AFTER they patched the exploit to ensure that users were immediately protected against this. This patch is the more permanent solution. |
|
