Firefox 1.0.2 is a security and stability update.
Followings bugs are fixed in this release.
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
cp -r copies symlinks as symlinks (which caused
files to be missing in install).
Hopefully, this is portable. I tested under NetBSD and with coreutils.
And I brought this up on tech-pkg in July.
from Release Notes:
---
Firefox is a fast, full-featured browser that makes browsing more
efficient than ever before. More information about Firefox is
available.
Firefox Preview Release (henceforth refered to as PR) is a Technology
Preview. While this software works well enough to be relied upon as
your primary browser in most cases, we make no guarantees of its
performance or stability. It is a pre-release product and should not
be relied upon for mission-critical tasks. See the License Agreement
for more information.
These release notes cover what's new, download and installation
instructions, known issues and frequently asked questions for the
Firefox PR release. Please read these notes and the bug filing
instructions before reporting any bugs to Bugzilla.
We want to hear your feedback about Firefox. Please join us in the
Firefox forums, hosted by MozillaZine.
What's New
Here's what's new in this release of Firefox:
* Live Bookmarks
You can now subscribe to and read RSS feeds in your
Bookmarks. When you visit a page that advertises a RSS feed by using a
<link> tag, a RSS icon will appear in the status bar. Click it to view
a list of feeds the page is offering. Click one to subscribe - this
adds a Bookmark Folder that contains all the recent posts from the
feed.
* Improved Find
Find is easier and more powerful now with our new Find
toolbar. The Find toolbar (which shows at the bottom of the browser
window) automatically highlights text in the page as you type and has
a useful highlight feature.
* Managing Annoyances and Protecting Security
You can now open blocked popups, and the Extension install
system now blocks all attempts to install software from sites other
than update.mozilla.org. Users can add other sites to a list that
allows them to offer software, but software is never automatically
installed. In addition to these steps, several other measures have
been taken to prevent phishing attacks and to highlight when a page is
being viewed over a secure connection.
* Better Bookmarks
Numerous improvements to bookmarks including more reliable
presentation of Site icons, and a split pane view in the Bookmarks
window.
* Strong Encryption For Passwords Available
Passwords saved with the Password Manager can now be more easily
encrypted with strong encryption by creating a "Master Password". If
you create a Master Password, you are prompted once per session to
enter the Master Password so that Password Manager can automatically
fill in site logins. A useful feature for people who share computers
with others and want improved security.
* Improved Compatibility for IE users
Undetectable document.all support for site compatibility and
improved compatibility for keyboard accelerators further smooth the
transition for IE users
* Better System Integration for GNOME users
You can now configure Firefox as your Default Browser on GNOME,
and Firefox will adhere to your GNOME settings for edit field key
bindings, etc.
* And a horde of other bug fixes...
See The Burning Edge's Bigger Picture for more details.
-----
Several security holes have been fixed. See the page bellow for
detail.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
It has (probably long since) been replaced by configuration checks
in firefox's configure script. The resulting source still compiles
and works on netbsd-1-5 / i386.
From the article from mozillazine.org:
mozilla.org today released upgrades to both Firefox 0.9 (0.9.1) and
Thunderbird 0.7 (0.7.1) to fix some minor bugs present in both
releases. Both releases correct some flaws in the extension system
that some users may have been experiencing, as well as a new icon set
for the navigation toolbar on Windows and Linux in Firefox 0.9.1. All
users of both products should get this upgrade.
Here's what's new in this release of Firefox:
* New Default Theme
An updated Default Theme now presents a uniform appearance across all
three platforms - a new crisp, clear look for Windows
users. Finetuning for GNOME will follow in future releases.
* Comprehensive Data Migration
Switching to Firefox has never been easier now that Firefox imports
data like Favorites, History, Settings, Cookies and Passwords from
Internet Explorer. Firefox can also import from Mozilla 1.x, Netscape
4.x, 6.x and 7.x, and Opera. MacOS X and Linux migrators for browsers
like Safari, OmniWeb, Konqueror etc. will arrive in future releases.
* Extension/Theme Manager
New Extension and Theme Managers provide a convenient way to manage
and update your add-ons. SmartUpdate also notifies you of updates to
Firefox.
* Help
A new online help system is available.
* Lots of bug fixes and improvements
Copy Image, the ability to delete individual items from Autocomplete
lists, SMB/SFTP support on GNOME via gnome-vfs, better Bookmarks,
Search and many other refinements fine tune the browsing experience.
For Linux/GTK2 Users
* Look and Feel Updates
Ongoing improvements have been made to improve the way Firefox adheres
to your GTK2 themes, such as menus.
* Talkback for GTK2
Help us nail down crashes by submitting talkback reports with this
crash reporting tool.
add it to PLIST so that moz-install will copy it (the mozilla packages
are correct). It seems that firefox dosn't need libfreebl_pure32_3.so to
use SSL, so I didn't add it to the PLIST.
in PR pkg/24603.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems. It is
small, fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
