Page 1 of 6
Firefox browser and Thunderbird client
Posted: Wed Nov 30, 2005 5:06 am
by ckit
Posted: Thu Dec 01, 2005 11:50 am
by ckit
If you were using "Jump Link 1.3.1" extension and are waiting for an Firefox 1.5.0.0 update, you could try "Redirect Remover" extension which does pretty much the same job and works with Firefox 1.5.0.0.
Firefox -> Tools -> Extensions -> Get More Extensions -> Search for Redirect Remover
Posted: Thu Dec 01, 2005 3:15 pm
by ckv
Yeah! As a note, most of the old extension don't work in 1.5 (was surprise for me
)
Posted: Fri Dec 02, 2005 9:18 pm
by VuDu
"don't work"
...yet
Posted: Fri Dec 02, 2005 9:56 pm
by Drahken
The old extension probably do work, they just think that they don't because the maxversion was set too low in the installer. You can try downloading the XPI, unzipping it (it's just a zip archive), and changing the file to make it install on a higher version of FF.
Posted: Mon Dec 05, 2005 12:40 pm
by VuDu
all the extensions i use are working with this version.
Posted: Sat Dec 10, 2005 8:41 am
by ckit
To fix the security issue with Firefox 1.5.0.0 final set your History options to "0" days (Tools -> Options -> Privacy -> History) The developers at Mozilla refuse to fix this problem so this is the workaround for now.
Also, Jump Link 1.3.2 has been released and is Firefox 1.5.0.0 compatible.
Posted: Sat Dec 10, 2005 11:25 am
by ckv
SessionSaver extension is 1.5 compatible
The version in addons.mozilla.org is outdated. Get the latest version here.
http://adblock.ethereal.net/alchemy.cgi/SessionSaver/
I personally use SessionSaver only for crash backup. So if windows or firefox crashes I don't need to find all the pages again.
Posted: Sat Dec 10, 2005 11:38 am
by ckit
NoScript 1.1.3.5 security extension for Firefox has been Released.
This new version addresses the security issue raised in my above post!!!!
I won't be making a habit of posting every single new extension but at the moment I'm bored and sober... so sue me
Posted: Mon Dec 12, 2005 11:53 am
by Drahken
The setting history to 0 is only a partial solution. It prevents the crash, but doesn't prevent your history file from becoming massive (which may include hazardous code),
Use either prefs.js or user.js and add
user_pref("capability.policy.default.HTMLDocument.title.set","noAccess");
To block this issue completely. You can also use noscript and block javascript on all sites except those in the whitelist.
Edit: If you want to test your browser to see if it's vulnerable, you can use this page:
http://www.findhard.com/firefox-1.5-buf ... rflow.html
WARNING! The above page is designed to trigger crash in gecko based browsers such as mozilla, firefox, k-meleon, etc. Going to the page is harmless, but clicking on "click me" on that page will attempt to trigger the vulnerability. If you use the user_pref trick, the browser will hang for a moment, then return to normal. If you use the history:0 trick, you will suddenly find that your history.dat file is massive.
Posted: Mon Dec 12, 2005 2:50 pm
by ckv
Cuite simple code in that page :/
Code: Select all
<script type="text/javascript">
function ex() {
var buffer = "";
for (var i = 0; i < 5000; i++) {
buffer += "A";
}
var buffer2 = buffer;
for (i = 0; i < 500; i++) {
buffer2 += buffer;
}
document.title = buffer2;
}
</script>
But I still don't see any reason to take any extra caution because of this. My mind might change after I hit on page what will actually exploit this.
Posted: Sat Feb 04, 2006 2:19 am
by ckit
...
Posted: Sat Feb 04, 2006 4:07 pm
by Dreamer
ckit wrote:Helmut,
Could you please delete this entire thread.
Really? I can do it too now, but why not delete the other 'firefox' topic with just 3 posts and just 1 not yours? You could copy that posts here, you can even edit your posts, it would be better IMO...
Posted: Tue Feb 07, 2006 8:35 pm
by XnTriq
This might be of interest to Firefox users who are looking for a way to install the
v1.5.0.1 update (en-US, 751K) offline:
Posted: Tue May 02, 2006 5:12 pm
by marsh
XnTriq wrote:This might be of interest to Firefox users who are looking for a way to install the
v1.5.0.1 update (en-US, 751K) offline:
Wiki's patch method failed for me. There has been a .MAR file at the FTP release location for several days. Oh well, another release should be available any moment now for those willing to wait and upgrade by easier ways.