SillyDog701

by **Ramona** » Tue 07 Nov, 2006 10:21 pm

Firefox 1.5.0.8 has been released, and can be downloaded on the FTP site.

It isn't available on the Main Firefox Site, and no Release Notes yet. My Firefox 2.0 Update alerted me to the 1.5.0.8 update.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

by **J-M** » Wed 08 Nov, 2006 7:18 am

Firefox version 1.5.0.8 includes several security fixes and they are covered in Mozilla Foundation Security Advisories (MFSA's) MFSA2006-65..67 at

http://www.mozilla.org/security/announc ... 06-65.html
http://www.mozilla.org/security/announc ... 06-66.html and
http://www.mozilla.org/security/announc ... 06-67.html

Secunia advisory SA22722 lists the following information, in turn:

Critical: Highly critical (it is: 4/5)
Where: From remote

1) The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.

2) An error exists within the handling of Script objects. This can potentially be exploited to execute arbitrary JavaScript bytecode by modifying already running Script objects.

3) Some unspecified errors in the layout engine and memory corruption errors in the JavaScript engine can be exploited to crash the application and may allow execution of arbitrary code.

Additionally,

4) An unspecified error within XML.prototype.hasOwnProperty can potentially be exploited to execute arbitrary code.

lists Secunia.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7

by **Antony** » Wed 08 Nov, 2006 7:32 am

Thanks for the news Ramona and J-M for the security related links.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3

by **J-M** » Wed 08 Nov, 2006 9:04 am

It appears that the new version is based to Gecko 1.5.0.8 released on 25th Oct. already:

Code: Select all: ...; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

(from UA string).

New posting posted to UserAgent String thread too.

Edit by J-M: Fixed 'Gecko 1.8.0.8' typo.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

by **humpd** » Wed 08 Nov, 2006 9:06 am

This may be a "dumb" question but, why continue to develop the FF 1.5+ series when FF 2.0 is out?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0

by **J-M** » Wed 08 Nov, 2006 9:10 am

This is one of the reasons from end-users side:
UK news: Firefox 2.0 releases privacy storm

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

by **Antony** » Wed 08 Nov, 2006 9:28 am

humpd wrote:This may be a "dumb" question but, why continue to develop the FF 1.5+ series when FF 2.0 is out?

Firefox 2.0 is a new feature release, not a security release. Some of you may have rushed to it.

For security-minded people, I'd pick Firefox 1.5.0.8, as it's a security maintenance release.

Major version number change usually indicates new "features", a good company should continue to provide support and maintenance releases for prior versions.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3

by **DJGM** » Wed 08 Nov, 2006 10:15 am

Not all add-ons and themes are compatible with 2.0 yet, so some are staying with 1.5.0.x for the time being.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060910 SeaMonkey/1.0.5

by **humpd** » Wed 08 Nov, 2006 2:08 pm

I understand. Makes perfect sense. I just wondered why keep developing 1.5 when 2 is on the market. But, it makes sense to keep 1.5 up to date with security fixes, etc. Thanks for the answers.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0

by **Ramona** » Wed 08 Nov, 2006 5:29 pm

I believe that the original purpose of 1.5.0.8 is that users couldn't auto update to move up to Version 2.0.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

by **helpless marty** » Wed 08 Nov, 2006 11:53 pm

you can now update to it through "regular" means. (click "help" then "check for updates")

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7

by **DJGM** » Thu 09 Nov, 2006 12:06 am

Official Mozilla.com download page for Firefox 1.5.0.8.

Also, according that page, Firefox 1.5.0.x will no longer be updated after April 24th.

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007.
All users are strongly encouraged to upgrade to Firefox 2.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060910 SeaMonkey/1.0.5

by **Antony** » Thu 09 Nov, 2006 5:55 am

DJGM wrote:according that page, Firefox 1.5.0.x will no longer be updated after April 24th.

That's only about 6 months.

Somehow, I think they should've provided the support for 1 year at least.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

by **Mandrake** » Thu 09 Nov, 2006 6:08 am

Well surely within the alloted six months most, if not all, of the most popular themes and extensions will be ported to Firefox 2.0.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061107 Minefield/3.0a1

by **DJGM** » Thu 09 Nov, 2006 10:58 am

And Firefox 2 will have had at least one or two security and stability updates by the time Firefox 1.5.0.x is axed.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061030 SeaMonkey/1.0.6

SillyDog701

Firefox 1.5.0.8

Firefox 1.5.0.8

Firefox 1.5.0.8

Who is online