SillyDog701

[Wellander]

Is it by chance an HP laptop? They generally have a seperate partition on the hard disk that contains the install files incase you need to reinstall Windows, which you do via some kind of 'Recovery Disk' . . .

Hi,
That is not good eaither.
If the hdd goes out of the user wants to upgrade the hdd the oem sfuff is lost.
But again who needs that.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

[cuppettcj]

Sorry about bringing this post back from the dead, but I just don't completely get it. Maybe I'm just dense, but after re-reading through all five pages of this ancient post, I'm still confused about this resource drain issue. Here are my questions, which I've never seen answered completely to my satisfaction:

1) On the Netscape Browser Archive on this site, it is mentioned: "SillyDog701's note: if you are using Windows 98, please download Netscape 7.02 instead." What about Windows 95? Millenium Editon? Is there a difference if you have 98 Second Edition (called Windows 99 by some)?

2) Has anyone been able to confirm that this problem absolutely does not exist on Windows NT, 2000, or XP?

3) What about the workaround? [user_pref("browser.cache.memory.capacity", 1024);] Does this or does this not solve the problem? If not, why is it recommended?

4) Is there any benefit whatsoever to applying the workaround if you have Windows XP?

The reason that I'm asking these questions now is because I want to reformat my hard drive and put Netscape back on. I have been waiting for over a week for Netscape to release version 7.2 so that I don't have to use 7.1, but T_Moz has subtly suggested that it will probably be delayed until at least the end of the month. Since he already has 7.2, I assume his "speculation" is based upon knowledge that isn't available to most of us. Therefore I've decided not to wait any longer. I will put version 7.1 on my triple boot system that includes Windows Me, Windows XP Pro, and Red Hat Fedora Core Linux. When version 7.2 eventually does come out, I'll just uninstall 7.1 before installing 7.2 (at least on Windows Me/XP, I'm new to Linux and will have to figure out what to do for that OS).

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[Ramona]

1) On the Netscape Browser Archive on this site, it is mentioned: "SillyDog701's note: if you are using Windows 98, please download Netscape 7.02 instead." What about Windows 95? Millenium Editon? Is there a difference if you have 98 Second Edition (called Windows 99 by some)?

All Windows OS are affected, with Windows 98 being the most.

2) Has anyone been able to confirm that this problem absolutely does not exist on Windows NT, 2000, or XP?

No, it does exist on NT, W2K, and XP, but just takes longer to show up.

3) What about the workaround? [user_pref("browser.cache.memory.capacity", 1024);] Does this or does this not solve the problem? If not, why is it recommended?

Yes, it does solve the problem.

4) Is there any benefit whatsoever to applying the workaround if you have Windows XP?

Absolutely

The reason that I'm asking these questions now is because I want to reformat my hard drive and put Netscape back on. I have been waiting for over a week for Netscape to release version 7.2 so that I don't have to use 7.1, but T_Moz has subtly suggested that it will probably be delayed until at least the end of the month. Since he already has 7.2, I assume his "speculation" is based upon knowledge that isn't available to most of us. Therefore I've decided not to wait any longer. I will put version 7.1 on my triple boot system that includes Windows Me, Windows XP Pro, and Red Hat Fedora Core Linux. When version 7.2 eventually does come out, I'll just uninstall 7.1 before installing 7.2 (at least on Windows Me/XP, I'm new to Linux and will have to figure out what to do for that OS).

More information on the Resource Leak here: Resource Leak in Netscape 7.1


Also apply the Shell Protocol Security Patch, if you run W2K, or WinXP which is found here: ShellBlock 1.0

Any user who is running Windows XP, and possibly W2K, should either apply Mozilla's shellblock.xpi security patch, or upgrade to Mozilla 1.7.1, Firefox 0.9.2, and Thunderbird 0.7.1. See Mozilla 1.7.1 Released for the links to the downloads. Netscape 7.1 and previous versions are also affected, however the patch has been confirmed to work only for Netscape 7.1, and 7.02.

Read more....

Ensure that you have Software Installation enabled. That is done here:
Edit | Preferences | Advanced | Software Installation

Once the patch is installed, close the browser, then restart, in order for the patch to take effect.

Windows 98 users are not affected by the vulnerability. See these comments which I found in the Netscape 7.1 Newsgroup:


The pref user_pref ("network.protocol-handler.external.shell", false) doesn't appear in 7.1 either, the user has to add it with a value of "false". Netscape 7.2 already has it fixed in the distro. And from what we've see so far the exploit does not affect Win98, just XP and possibly Win2K

--
Jay Garcia Netscape Champion - Mozilla Champion

_____

From the cases I've read, shellblock.xpi works on 7.1, but not on 7.0x.

It works. In Netscape 7.1, shell links will still appear as links, but clicking on them will do nothing.

Also, make sure you restart Netscape after installing shellblock.xpi.

--
Chris Ilias - Mozilla Champion

If you are able to access the Newsgroup, this is the thread:
snews://secnews.netscape.com:563/40...304@indiana.edu

Ramona

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.1) Gecko/20040707

[ChrisI]

From the cases I've read, shellblock.xpi works on 7.1, but not on 7.0x.
--
Chris Ilias - Mozilla Champion

If you are able to access the Newsgroup, this is the thread:
snews://secnews.netscape.com:563/40...304@indiana.edu

I have received responses to that, saying shellblock.xpi does work on Netscape 7.02.
So far:
7.1: yes
7.02: yes
7.01: ???
7.0: no

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040625 Netscape/7.2 (ax)

[cuppettcj]

Thanks Ramona, but now I've got even more questions.

1) I posted the same questions at the secnews Netscape7 newsgroup, but got a reply with different answers. Here's the reply I got from Don Luchini:

"In response to your questions:
1) The resource leak affects Windows 95, 98, 98SE, and ME.
2) This problem does NOT exist in anything besides the OSes listed above.
3)The workaround helps, but does not completely resolve the issue.
4) No. "

So who's right?

2) If the resource leak affects all Windows versions, then why does SillyDog recommend version 7.02 only for Win98 users?

3) Why would SillyDog recommend version 7.02 at all, if the workaround solves the problem? Aren't the updates and new features included in 7.1 enough to outweigh the hassle of adding a single line to about:config?

4) I included this question in the secnews forum, but forgot to here. What about Linux? No resource leak? Absolutely no need for workaround?

Thanks again for your time and help.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[Antony]

Hello cuppettcj,

I will just answer a bit regarding the SillyDog701. Before that, to my understanding, this problem (GUI in NS 7.1) is a problem in all Windows platform. However, in Windows 2000 and XP, there are some system resource protection built-in (by the OS). The resource usage problem is basically non-exist (in most cases) because it was solved by OSes. This protection feature is not available in Windows 98.

2) If the resource leak affects all Windows versions, then why does SillyDog recommend version 7.02 only for Win98 users?

see reason above.

3) Why would SillyDog recommend version 7.02 at all, if the workaround solves the problem? Aren't the updates and new features included in 7.1 enough to outweigh the hassle of adding a single line to about:config?

We have some reports saying such workaround does not work (for Win98 users).

It would be less trouble for end users of Win98, they don't need to come back to seek solution for the resource leakage, OR have dissatisfactory on NS7.1

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8

[cuppettcj]

Thanks Antony for your quick reply. Yet I'm still a bit confused. Why do you only recommend for Windows 98? Wouldn't Windows 95 and Windows Me also suffer from the same lack of system resource protection?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[Antony]

Thanks Antony for your quick reply. Yet I'm still a bit confused. Why do you only recommend for Windows 98? Wouldn't Windows 95 and Windows Me also suffer from the same lack of system resource protection?

Well, I can't remember remember if this occurs in Win95 or WinMe. But, Windows 95 is not officially supported, and I guess I did not have much feedback from users of Windows Me.

And Ramona is the expert in this matter, you will need to wait response from her on all issues in the system resource leakage.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8

[cuppettcj]

Well, I can't remember remember if this occurs in Win95 or WinMe. But, Windows 95 is not officially supported, and I guess I did not have much feedback from users of Windows Me.

Without knowing, my assumption would be that Windows 95 and Windows Me would also be affected by this issue, since both of those OS's are very similar to Windows 98. I often see them referred to together in tech support forums as "Win9x/Me".

BTW, although Windows 95 is no longer officially supported, there are still a lot of people who still use it and would benefit in knowing how well Netscape 7.1 works with it. And who can blame them for sticking with Windows 95? It's the only Microsoft OS that doesn't have Insecure Exploiter embedded inside of it.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[Antony]

BTW, although Windows 95 is no longer officially supported, there are still a lot of people who still use it and would benefit in knowing how well Netscape 7.1 works with it. And who can blame them for sticking with Windows 95? It's the only Microsoft OS that doesn't have Insecure Exploiter embedded inside of it.

That's true. However since Netscape does not officially support Windows 95, it does not make sense for Netscape Browser Archive to say it was supported.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8

[Mandrake]

The resource leak is just as bad in Windows ME as it is in Windows 98.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.1) Gecko/20040707

[Ramona]

cuppettcj,

If you will read the Bug Report 204374 which is referenced in the Resource Leak in Netscape 7.1 page, you will see these two comments, which answer your questions:

--- Additional Comment #70 From Kim Scarborough 2003-06-05 08:35 ---

Haven't we kinda known this for a while? Somebody said a long time ago that the workaround was to turn off the memory cache.

Anyway, let's keep in mind that this problem wasn't created by bug 105344, just exacerbated by it. This behavior has been around for awhile. Backing out of 105344 shouldn't be considered a permanent fix, if it comes to that.

Also, it's not just Win9x, contrary to some of the comments here. It's been reported on Win2K and XP.


--- Additional Comment #246 From David G King 2003-07-31 20:59 ---

Anything that uses/implements Win32 GDI handles has the potential to exhibit this bug. The main reason Win 9x sees it most is because there are a lot of users, but mainly because it takes far less time for the problem to occur due to Microsoft giving those versions of Windows such a small space for GDI to work in. Win NT, 2K, XP and XP 64bit all suffer from the same problem, it just takes longer to see it due to them having a bigger space for GDI to work in.

Ramona

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.1) Gecko/20040707

[Ramona]

From the cases I've read, shellblock.xpi works on 7.1, but not on 7.0x.
--
Chris Ilias - Mozilla Champion

If you are able to access the Newsgroup, this is the thread:
snews://secnews.netscape.com:563/40...304@indiana.edu

I have received responses to that, saying shellblock.xpi does work on Netscape 7.02.
So far:
7.1: yes
7.02: yes
7.01: ???
7.0: no

Thanks Chris, I believe that I covered that information here:

Netscape 7.1 and previous versions are also affected, however the patch has been confirmed to work only for Netscape 7.1, and 7.02.

Ramona

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.1) Gecko/20040707

[katten41]

I use Window 98 Second Edition and deleted 7.1 because of the resource drainage. Has the problem been solved in 7.2 for Win98 users? Thank you.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1

[Andrew T.]

I use Window 98 Second Edition and deleted 7.1 because of the resource drainage. Has the problem been solved in 7.2 for Win98 users? Thank you.

Yes, the resource leak has been fixed in Netscape 7.2.

UserAgent: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)