Firefox browser security fix

If you’re running Mozilla or Firefox, head over to mozilla.org and download the patch.  Or maybe just upgrade to Firefox 0.9.2.  Mozilla announced today that a vulnerability in the Mozilla and Firefox Web browsers allows the execution of arbitrary code in Windows NT, 2000, and XP systems.  See this page for more information.  My understanding is that the security hole isn’t all that bad as it’s difficult to trip, but it’d be a good idea to install the patch or updated version just to be safe.

The Open Source community is trying to make points with their discussion of this vulnerability, saying that they were able to identify, discuss, fix, and distribute a patch within 24 hours of discovering the problem.  They contrast this with Microsoft’s recent one week response to a vulnerability.  An interesting read and an impressive achievement, but I could do without all the “rah rah, we’re number one” cheerleading.  See this NewsForge article for an example.

Mozilla Firefox

It’s been years since I last tried any version of Mozilla.  I’ve been hearing good things about Firefox 0.9 (the revamped Mozilla browser), though, so I thought I’d give it a try.  Download and install on my Windows system took just a couple of minutes, although it did crash trying to import my Favorites, cookies, and history.  I restarted the thing and told it to just import my Favorites.  I’ll re-generate the cookies if I need them.  With a total of about 30 minutes time actually using the browser, I’m reasonably convinced that I won’t be using Internet Explorer anymore on this machine.  IE will have to implement tabbed browsing, popup blocking, and a much better “Organize Favorites” interface before I give it another serious look.  The rendering problems and clunky user interface I remember from the Mozilla browser of years ago are gone.  The user interface for Firefox is clean and slick, and the browser’s feature set outshines IE.  At least it does for the things I use.  We’ll see how I feel after working with it for a week or two.

I was unable, though, to get Firefox 0.9 running on my SuSE Linux system.  I went to the Firefox page, downloaded the package, and followed the directions in the README file.  They need to update their README.  The document is full of references to files that have the “mozilla” prefix, but everything in the downloaded archive has the “firefox” prefix.  That’s a minor nit.  The major problem is that I simply can’t get the thing to run.  I think the installer ran okay, but when I tried to run the browser, I got the following error message:

Xlib: connection to “:0.0” refused by server
Xlib: XDM authorization key matches an existing user!
(firefox-bin:4525): Gtk-WARNING **: cannot open display:

I suspect that means something to somebody, but it’s Greek to me.  It might have something to do with me running the install and the browser from within an X console.  I wonder if the startup script is trying to start the X window server?  I’m also installing as root so that everybody has access to the browser.  Whatever the problem, I couldn’t make it work after futzing with it for an hour so I gave up and installed Firefox 0.8 from the SuSE distribution DVD.  I guess I’ll see if I can get a Firefox update from SuSE’s site.

One thing did strike me funny about the Firefox installer running on Linux.  The first screen that pops up tells me to exit all Windows programs before continuing.  I got a pretty good chuckle out of that one.