Feeds

back to article Firefox and Opera squish big buffer overflow bugs

It's time to update alternative browser software again, with new releases of Firefox and Opera out this week. Firefox 17, released Tuesday, features improved support for social networking functions, such as Facebook Messenger, as well as new features to prevent blacklisted extensions from running without user permission. Support …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

overflow

"The critical flaws include memory corruption and beer overflow"

That vaguely sounds familiar, but I can't quite remember the beer overflowing last night. Not sure if that's because the beer didn't overflow or my memory being corrupt?

Either way... pub.

5
0
Silver badge
Thumb Down

With seven major releases this year alone I suggest the secret to eliminating all of these damned bugs is slowing down and getting it right.

None of my Mozilla add-ins work any more and I find myself going to Chrome more and more for the added functionality. If an upgrade exposes thousands of bugs, then I will just stick with my V14 that DOES work with the add-ins I use.

0
6
Silver badge

With seven major releases this year alone I suggest the secret to eliminating all of these damned bugs is slowing down and getting it right.

So you moved to Chrome, who have had how many major number releases this year?

4
0
Bronze badge

None of my Mozilla add-ins work any more...

All of mine still do.

Note that if v17 had been called v12, and they'd just gone from v11 at the start of the year to v12 now you'd still have that same problem.

The issue is not the number/frequency of releases of Firefox, but more likely the age and oddity(?) of the extensions you are using.

9
0
FAIL

"The issue is not the number/frequency of releases of Firefox, but more likely the age and oddity(?) of the extensions you are using."

That's not true. The problem is the frequent release of MAJOR versions.

You see, when writing a plug-in for Firefox, you have to specify for which versions of it the plug-in works. Of course, if you specify either a particular version (e.g., 16.0.1), or a hard diapason of versions (e.g., 4.0-16.0), then the plug-in will stop working as soon a new version is released. However, it is possible to specify a fuzzy diapason of versions - e.g., 4.*-16.*. Then if the new releases change only the minor version number, the plug-in will continue working (unless, of course, it uses something that gets broken - but that's extremely unlikely in a minor version).

However, you can't specify wildcards for the major version number and because Mozilla change the major version number of their browser so often, lots of plug-ins stop working.

In addition, Mozilla take half of forever to approve a new plug-in (or a new version of an old plug-in), so even if you update the ones you've written immediately, it will take considerable time until their new versions become available to their users.

2
2

Firefox ESR

Opera remains my main browser, but the work laptop came with Firefox pre-installed and that introduced me to Firefox Extended Support releases.

They clearly target organizations with them, not end users, but I only use ESR releases of FF nowadays - the major release sticks for about a year, with only minor upgrades in between.

You'll mostly get security updates with those minor releases obviously, not all the latest features.

But at least it won't break your extensions, and you definitely get a stable browser.

Which is exactly what I need for my backup browser!

https://www.mozilla.org/en-US/firefox/organizations/faq/

0
0
Silver badge

@Doc

That's how it used to be before Jetpack plugins came along. If you're using old pre-Jetpack plugins, you will still have that problem.

0
0
Silver badge

Re: Dr. Vesselin Bontchev

It's extensions, not plugins. Plugins are different and don't have to specify a version that they work with. Flash is a plugin. NoScript is an extension.

You're either using some very old extensions or a very old version of FF. I haven't had problems with my extensions not working with the latest version in about a year. I use a lot extensions including privacy extensions like Ghostery and developer extensions like Firebug.

4
0
Silver badge

Re: Firefox ESR

Like @Florence says, use firefox ESR.

Here: <http://www.mozilla.org/en-US/firefox/organizations/all.html>.

Now all you have to do is install it.

0
0

I believe you are referring to extensions rather than plugins? Firefox hasn't disabled most extensions since v11, if I recall correctly. For those where they have, it's easy to manually enable them, see:

http://support.mozilla.org/en-US/kb/re-enable-add-ons-disabled-when-updating?esab=a&s=compatibility+check&r=0&as=s

0
0
Anonymous Coward

Opera and OWA

Opera still can't load the 'full' version of Outlook Web Access though. Firefox, IE, Chrome and even Safari all can.

1
1
Anonymous Coward

Re: Opera and OWA

and somehow I think its still shit at proxy exceptions <rolling those eyes forever>

0
0
Silver badge

Re: Opera and OWA

And this is Opera's fault because…? Not that it doesn't have issues but website problems in Opera are generally caused by servers sniffing for UAs as opposed to feature detection* and only letting their "friends" into the garden. This is sloppy coding and unfortunately unsurprisingly on the rise again.

* check out the support for feature detection with CSS in Opera. Even if you don't use Opera as your standard browser this feature will make site development easier and Opera offers a head start. To me, that's all good.

2
1
Silver badge

Re: Opera and OWA

feature detection is not any better than looking at the UA string. It's actually a bit worst because changing the UA string takes a whole 5 seconds while there is no real way from the client side to fix a borked feature detection. From a theoretical point of view both techniques are despisable and contrary to the whole "spirit" of the 'net. Website content should not be browser-specific or platform-specific. There is a standard, adhere to it (yes, I know the standard is looking more and more like the Ftrankenstein monster, but that's no reason to actively push towards more fragmentation).

0
1
Anonymous Coward

Re: Opera and OWA

Don't blame Opera, blame Microsoft. It is not like Microsoft has never ever singled Opera out before .

2
1
Silver badge

Re: Opera and OWA

@Pierre you really haven't a clue - if the site was properly written it would "degrade gracefully" either by UA detection, which takes a lot less than 5 seconds, or by client-side feature detection (in action since HTML >= 3.2). Neither, however, would explain Microsoft singling out a specific browser. And neither has to do with "pushing towards more fragmentation"; done properly then detection provides the best possible experience for all browsers.

Applications like OWA are why the specs need to develop. I'm not sure that I'm in favour of turning browsers into runtimes but I'm also not going to play Canute.

0
1
Silver badge
FAIL

Re: Opera and OWA

> @Pierre you really haven't a clue - if the site was properly written it would "degrade gracefully" either by UA detection, which takes a lot less than 5 seconds, or by client-side feature detection (in action since HTML >= 3.2).

You know, the first thing with "having a clue" is "understanding what the discussion is about".

"5 seconds" is the time it takes me -or anyone with half a clue- to change the UA string from the client side, allowing me to get whatever content I want from a website with a borked UA recognition.

"never" is when I can get content from a website that relies on a borked feature detection.

"Done properly" the server should just send the content and not try to be smarter than it really is.

Please leave the "user experience" to the user, thank you very much.

"Neither, however, would explain Microsoft singling out a specific browser."

What the Eff?

"done properly then detection provides the best possible experience for all browsers."

most certainly not. You're playing Microsoft's game here. I suggest you read the definition of "standard", and work from that.

0
0

This post has been deleted by its author

Unhappy

Drop back

I had to drop back to 16.02 because cookie handling is borked. If you just allow all cookies by default, like most, you will never have an issue. However, if you use the tools to make a lot of sites into session only, or to block cookies, you get stuck in an endless cycle of prompting for cookies since it now ignores your settings.

0
0
Anonymous Coward

Fix the existing bugs first

before adding more with the new 'features'.

2
1
WTF?

Re: Fix the existing bugs first

Why should they be the first software company EVAH to use this approach?

0
1
Meh

The problem I had in accessing my Gmail account in Opera 12.10

was simple - when I attempted to type in my password on the Gmail log-in page, the password box remained blank. After fooling 'round a bit, however, I found a simple work-around : I could type my password in Gedit (I'm running a 64-bit Ubuntu 12.04 machine), copy it, and then paste it into the password box, which, for some reason was kind enough to accept it. Ticking the little «Remain logged in» box, which Opera also kindly allowed me to do, and pressing «Enter» then got me to my Gmail inbox, and the next time I attempted to launch Gmail I was home clean. But I have to confess I was glad to see that version 12.11 eliminated the bug....

Henri

0
0
This topic is closed for new posts.