back to article Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade

Mozilla has released a bug-and-security update for Firefox, with 11 security fixes, three of them critical. Chief among the security patches is a use-after-free bug the organisation says was discovered by one James Kitchener. From the advisory: “Mozilla community member James Kitchener reported a crash in DirectWrite when …

Silver badge

firefox ESR updated too

after that ugly as sin UI change in a recent firefox I converted all my systems to ESR. I heard a couple folks say the new firefox UI looks more like chrome (I've never used chrome). I suppose if I wanted Chrome's UI I would use that.

8
1
Gold badge

Re: firefox ESR updated too

Damned straight. I started converting most of my sites to Chrome or Opera after the UI change. They didn't have a "stop sucking" button in the browser, and I don't particularly enjoy being Microsofted. So fuck 'em, I've got better things to do than try to contort 50 plugins into shape just to make the bloody thing look normal.

8
9
Silver badge

Re: firefox ESR updated too

Why would you switch to Chrome if you don't like Firefox looking like Chrome but are not prepared to configure it so it doesn't look like Chrome?

You might as well stay put, unless you particularly like the data mining, memory hogging, and battery sapping that Chrome brings to your browsing experience.

16
0
Gold badge

Re: firefox ESR updated too

Two reasons:

1) Firefox's new look is a horrible, mutated, awful mess of fuckery compared to Chrome's fairly smooth interface. It's "like chrome" in the same way that AOL is like Windows 8.

2) Chrome has a task manager that has increasingly proven useful.

Given that Chrome has finally almost reached plugin parity (on plugins that matter) with Firefox, Mozilla has to actually compete on merit. If you betray me by changing the GUI without giving me a simple option to return to the previous GUI then I will abandon you. Pure and simple. Give me choice or get right fucked.

13
6
Happy

Re: firefox ESR updated too

And at this point I chip in with the usual...Chrome? Surely you mean SRWare Iron?

1
0
Silver badge
FAIL

Re: firefox ESR updated too

Here's the Mozilla video Why Tabs are on Top in Firefox 4 (just over 7 minutes long).

Apart from the fact his argument is very weak (was any ergonomic research done?), he faithfully promises that we will have the option to keep "Tabs Not On Tap".

They've broken that promise.

P.S. My updated ESR version arrived during the night.

4
0

Re: firefox ESR updated too

@Trevor,

You have my sympathy, even if I'm ready to let them a chance still.

For people that are looking "where the <BIP> is the about/update button" it is hidden in "new bizarre menu bar on the right"/"tiny interrogation mark button I never spotted before"/About Firefox.

Geez.

2
0
Anonymous Coward

Re: firefox ESR updated too

after that ugly as sin UI change in a recent firefox I converted all my systems to ESR.

Alternatively, install the Classic Theme Restorer extension. It reverts the fucking awful new interface to a usable one.

7
1
Gold badge

Re: firefox ESR updated too

"Alternatively, install the Classic Theme Restorer extension. It reverts the fucking awful new interface to a usable one."

No it doesn't. Not without a LOT of fucking around. Even then, you can't get something that's exactly like the true classic theme. You know, the theme you got when you enabled menus on the previous version? You just sort of end up with an awkward abomination. Worst of all, there's no way to create a configuration that's "mostly usable" and then push it out to all users. You have to set it up manually for each user/system you install on.

Awesome.

5
2
Silver badge

Re: firefox ESR updated too

Firefox is the only cross-platform browser that isn't a Chrome clone, so as objectionable as the change was when it happened and the 10-or-so minutes were to put it back the way it was before, the competition is even more objectionable. Classic Theme Restorer isn't difficult to install and none of the other browsers let me change their UI the way I like anyway. It seems like cutting off your nose to spite your face.

5
2
Gold badge

Re: firefox ESR updated too

Except that the classic theme restorer

a) doesn't bring back the UI I actually used and wanted

b) have a mechanism for management at scale

Who cares if the others are webkit based? Chromium or Opera are fine browsers, and with better enterprise management.

2
4
Silver badge

Re: firefox ESR updated too

Agreed. I also messed around with Classic Theme Restorer for a while, got sick of the bodging (plus it didn't originally play nice with some of my other tab-manipulating add-ons), so I ended up moving to Pale Moon. Like Firefox, with add-on support, but without the awful new interface.

1
0
Anonymous Coward

Re: firefox ESR updated too

No it doesn't. Not without a LOT of fucking around. Even then, you can't get something that's exactly like the true classic theme.

It looks exactly like the previous version here. From memory the only thing I had to change once I'd installed it was the tabs on top to put them beneath the toolbar. Works on my Linux machines and the wife's Windows machine (essential, as even the slightest change to an interface on her PC results in a screaming rage).

3
0

Re: firefox ESR updated too

Hadn't heard of ESR before so looked it up. Seems like they are about to switch the ESR base version from v24 to v31 so when main version gets to v33 the ESR version will switch to the new UI ... prepare to be assimilated!

2
0
Silver badge

Re: firefox ESR updated too

One would hope the ESR version won't pull the rug out from under everybody's feet with the UI change. If they keep the UI configuration the same instead of resetting it to default when running the new version for the first time then that would be most people's problems solved.

As for CTR, I've got everything just like in FF3, old-style menu bar and window title included and application icon/small boxy menu which I never liked excluded.

0
0

Re: firefox ESR updated too

It's not too hard to get Firefox looking like a decent web browser again.

Here's my Firefox UI.

And here's my userChrome.css if you want to use it as a base.

You need to enable the oldschool Menu Bar (File, Edit, etc) by rightclicking on the menu area and selecting that option, it's not part of the CSS (it probably could be but I was too lazy to figure it out). You'll probably also want to change the hex colour codes in the file since they were selected to blend in with my desktop theme.

1
0
Silver badge

Re: firefox ESR updated too

Seems like they are about to switch the ESR base version from v24 to v31

It seems they already have.

1
0
Gold badge

Re: firefox ESR updated too

"It looks exactly like the previous version here." probably because you used the default UI for the previous version and not the truly "classic" UI that was obtained by enabling the menus. You know, the actually usable UI? The one without the stupid single "Firefox" pull-down button/menu thing?

0
0
Gold badge

Re: firefox ESR updated too

@fibbles

No home button. I only see a back button, not a back and a forward. No "star" button for enabling bookmarks. Buttons for common apps like lastpass, ghostery and refcontrol aren't visible, so I am unsure if you just don't have them installed, or you UI doesn't show them.

There doesn't appear to be a bottom status bar, so I'm unsure how integration of things like TrackMeNot works, and it gives the impression that it will be one of those ADD nightmare "appears when it wants to, disappears when it wants to" sort of things. No idea where NoScript shows up in your config.

Your config may look superficially like a usable browser, but it's missing a lot of the critical elements.

0
2

Re: firefox ESR updated too

Years ago I discovered that I could use a Firefox Extension to put my tabs down the left hand side of the screen. I can see the full title for 30-odd tabs at a time, and on a 1920x1080 screen, the one thing I'm not short of is room for a 2 inch column of tabs.

I've never made the switch to putting my Windows taskbar on the side of the screen, but for browsers, this single feature has made Firefox so "sticky" that there's no moving away from it. My only reaction to "Tabs on Top" is Why?

3
0
Facepalm

Re: firefox ESR updated too

"[...]tiny interrogation mark[...]"

Thanks buddy.

P.S. typing this made me hit the ALT-key and the menu popped up above the tabs and "about" is there too.

Geez indeed.

0
0

Re: firefox ESR updated too

No home button. I only see a back button, not a back and a forward. No "star" button for enabling bookmarks. Buttons for common apps like lastpass, ghostery and refcontrol aren't visible, so I am unsure if you just don't have them installed, or you UI doesn't show them.

There's no home button because I don't use a home page. Adding it to the toolbar is a couple of menu clicks though, as is the bookmarks button and any addon buttons (I don't use the ones you listed). There is a forward button but it only appears when there's a page to actually go forward to.

There doesn't appear to be a bottom status bar, so I'm unsure how integration of things like TrackMeNot works, and it gives the impression that it will be one of those ADD nightmare "appears when it wants to, disappears when it wants to" sort of things. No idea where NoScript shows up in your config.

The status bar appears when it needs to. I prefer it that way since it just takes up screen real-estate otherwise but I can see how some would find it annoying. If I hover over a link it appears to show the url, if something important needs my attention it pops up a message. I don't let NoScript use it though since it's a whitelist. I don't need to know about all the things it's blocking by default. If a page isn't working I use the button on the toolbar to unblock stuff.

Your config may look superficially like a usable browser, but it's missing a lot of the critical elements.

It's incredibly useable for me, but that's because I catered the UI to my own needs. That was my original point really. It's not difficult to hack up a bit of CSS so that you've got a UI exactly as you want it. You could then distribute that userChrome.css to your users.

0
0
Gold badge

Re: firefox ESR updated too

Maybe with enough work I could make the UI into what it was before, and thus how I want it to be. "Distributing" it to my users then would be another challenge, as the corporate management capabilities of Firefox are quite shit, so I get to come up with new scripting methods. And of course, after all that effort, assuming that it actually recreates the old UI - which I am not convinced of - there's zero guarantee they won't just decide to screw me again.

Alternately, I can take my custom elsewhere, cease all my donations to Mozilla and tell them to go fuck themselves. They decided to force an unwelcome change upon me in a very Microsoft manner with the justification that if I did whole bunch of extra work I could sort of have things somewhat like the way they were. For now.

Nope. Fuck that, fuck the developers and fuck anyone and everyone who thinks that's an acceptable way to do things. You don't pull the rug out from under people then tell them it's their fault because they aren't willing to do the hard work of sewing a new rug to stand on.

If there is a change that you as the developer want to see occur then it's your job to convince me as the user that I should embrace it. If I don't want to embrace it then you should give me the choice of sticking with what I like and know. If not, I go elsewhere, and take my money with me. I have no moral obligation to continue supporting any company that refuses to meet my needs.

1
0

Re: firefox ESR updated too

You're going to be consistently disappointed if you're expecting to be consulted before every major design change. All software companies (besides those making bespoke stuff,) make changes that they think users will like / attract more users, it's always been mostly speculative. If you were that desperate to make your opinion known to Mozilla you could have joined the public beta test and given feedback.

I have no moral obligation to continue supporting any company that refuses to meet my needs.

Nobody suggested otherwise. If the software doesn't meet your needs, go use something else. Just stop over-blowing how difficult it is to revert the UI changes; it'll take ten minutes of your time if you're even semi competent. I'm also at a loss as to how you think distributing one file to a standard location on each user's computer and then forcing a restart of the browser is going to require a mass of scripting.

1
1
Gold badge

Re: firefox ESR updated too

See, the problem is that it doesn't take "just ten minutes" to get the UI back. You can get part of the way there in 10 minutes, but at best that's 80% of the functionality, and it still has an issue where things that used to be in the status tray end up to the right of search bar instead. Not good enough.

And yes, it is an issue to distribute the file, especially in an environment where users will log into a mixture of stateful and stateless VDI instances, and where I expect to be able to push out the file to my users so that they don't experience a change in UI, but where if they choose to change the UI, their choice is respected.

Funny that. Respecting choice.

And you're damned right I expect to have a choice regarding every single major UI change to every single piece of software I use. As the customer, why shouldn't I? It is a standard I enforce on any developer I pay for my software and if they don't feel like complying then fuck them.

It's not that hard a concept, really: offer customers choice. Let them decide if your new idea is better than your old idea. Don't Microsoft your customers and tell them "it's for their own good". That's bullshit.

The correct way to have handled this on Mozilla's part would have been to have a little dialogue box pop up when Firefox started that said "Hi there, we made a new UI. We think the benefits of this new UI are A, B, C and D. If you want to use the new UI hit this button. If you want to use the old UIs (both the truly classic UI and the one we now call classic) then hit this button. You can change at any time by going here and clicking this."

Bam. Problem solved. Users have choice. They can shift from old to new at their leisure, or not at all. There's no plugin. There's no cursing at the fucking thing because it gets part of the way towards the old UI but never quite all the way. You are asked if you want the new UI, and if not, you are given the old UI with zero fucking around.

That's the experience I strive to give my users, and I consider anyone - developer or fanboy sycophant - who seeks to deny me (or anyone else) that choice to be an outright soulless bastard. Fuck all such people. With a tractor. Sideways.

1
0

Re: firefox ESR updated too

As I said, prepare to be constantly disappointed. Also, your melodrama is ridiculous.

Bam. Problem solved. Users have choice. They can shift from old to new at their leisure, or not at all. There's no plugin. There's no cursing at the fucking thing because it gets part of the way towards the old UI but never quite all the way. You are asked if you want the new UI, and if not, you are given the old UI with zero fucking around.

Yeh, problem solved... Apart from it means Mozilla now have to maintain two UI's. Much like you'd have to support two UIs. Why on earth are you offering a choice and doubling your support workload? Presumably you're employed to manage your business's IT efficiently, not offer pointless choice everywhere and ramp up the costs. Unless of course the users you're going on about are your cats and Mittens is so precious he must have his right to choice respected at all times...

0
2
Gold badge

Re: firefox ESR updated too

"Why on earth are you offering a choice and doubling your support workload?"

Because I respect people as human beings and don't see them merely as offal. My users do not exist to do my bidding, I exist to ensure that they have the most efficient possible tools to accomplish their tasks.

A new UI is not more efficient simply because some developers say that this is so. If you've worked with a UI so long that all basic tasks are entirely autonomic then switching away from that UI is highly inefficient. Any supposed efficiencies of the new UI must be pretty damned impressive to be worth the switch.

I am also aware that not everyone is the same. Not everyone learns the same things at the same pace and not everyone has time to learn a new UI just because I feel like pushing it down.

It is my job to provide a stable and efficient working environment for the people I serve. In turn, I will only give my money to companies that provide tools that help me meet this goal. If several tools are available that can meet the goal, then I will choose the tools from the company which has most proven itself to respect choice, because providing that choice is an intrinsic part of meeting the diverse requirements of the very human people that I serve.

You, personally, might be as asshole alpha geek with a god complex, but I don't need to wave my phallus around and proclaim it mighty. In fact, I have nothing but contempt and loathing for those who do, be they sysadmin or developer.

Sysadmins serve users and vendors serve sysadmins. End of.

Edit: to answer your question about why should Mozilla/Microsoft/etc maintain two UIs the answer is simple: because they have absolutely no way of knowing which is better until it's been deployed to the mass market. They can run every study they want, every beta they want, but it's end user acceptance that is all that matters. Creating a new UI and saying "this is how it is Und Zou Vill Like Ut" is the height of arrogance. I don't tolerate arrogance in my vendors at all.

By all means, create a new UI. But make it optional. If it's better than the old UI then over time people will switch voluntarily. Eventually those using the old UI will be in a distinct minority. Then you can release the code for that old UI and let the community manage it, if there's interest.

That is a respectful and orderly way to transition from one UI to another. The Microsoft and Mozilla model is nothing but contempt manifested as code. Why the hell should I support any vendor who treats me with contempt?

By extension, why should any business or group of users put up with a sysadmin who treats them with contempt? We provide a service. We don't dictate terms.

1
0
Anonymous Coward

Re: firefox ESR updated too

probably because you used the default UI for the previous version and not the truly "classic" UI that was obtained by enabling the menus. You know, the actually usable UI? The one without the stupid single "Firefox" pull-down button/menu thing?

Err, no. From the top of the application I have:

- conventional menu bar with 7 menu items

- toolbar with home, back, forward, reload and URL bar

- tabs

- web page

Perhaps you're problem is OS related? Are you using dog shit like Windows 8?

0
0

Reg wrote: "an update to Firefox 31"

the update is, in fact Firefox 31

I believe

1
0

Confusing wording indeed

Twice in this article, the wording seems to imply that there's been an update to Firefox 31 (e.g. to, say, 31.0.1 or something): "a bug-and-security update to Firefox 31" and "users are advised to update to the latest version of Firefox 31 and Thunderbird 31".

As another poster pointed out, the update is actually from Firefox 30.0 to 31.0 and from Thunderbird 24.6.0 to 31.0 (yes, I know, 7 major version jumps in one go - Mozilla like to sync the Firefox/Thunderbird versions occasionally, which is a bit perplexing).

On Windows, the Mozilla Maintenance Service should take care of this (assuming you didn't disable it) and on Linux, the usual updating commands (apt-get upgrade, yum update etc.) will bring in the new release when it's ready.

1
0

The difference between "update to [get to] V31" and "update [applied] to V31": the ambiguities are strong in this one.

5
0
Silver badge

Re: Confusing wording indeed

Twice in this article, the wording seems to imply that there's been an update to Firefox 31 (e.g. to, say, 31.0.1 or something):

Wouldn't that be an update from? :)

"a bug-and-security update to Firefox 31" and "users are advised to update to the latest version of Firefox 31 and Thunderbird 31".

Yes, that should have something like "which is" in it somewhere. You're right, it's all mixed up.

1
0
Anonymous Coward

Re: Confusing wording indeed

"[...] "a bug-and-security update to Firefox 31" and "users are advised to update to the latest version of Firefox 31 and Thunderbird 31"."

It is typical of English that you can interpret a sentence in two ways. In the first phrase "to" = "to become". In the second phrase "of" = "which is". Both seem perfectly normal usage to me - even if potentially ambiguous when read out of context.

0
0
(Written by Reg staff)

Re: Re: Confusing wording indeed

Chaps, if you've problems with the wording, please use the "send corrections" link at the bottom of the article rather than posting about it publicly. Not all comments get read by us and we're far more likely to spot and make the correction if you send it to the appropriate place.

5
1

Re: Confusing wording indeed

No way! It's much more fun making snarky comments at the bottom of the article. That's what life is all about.

8
0
ZSn

Re: Confusing wording indeed

Sorry to be snarky here, but the "send corrections" link fires up my mail client, which is not the mail client that I signed up with. I know that I could do it via resetting it, however it would be more convenient just to go via your website. I submitted an error via the comments section and got it deleted for my pains (not annoyed, just amused). Perhaps a less round-about method might help.

4
0
Silver badge

Still holding out at v28

I am not worried, I do most of my math using my fingers.

0
0
Silver badge
Coat

Re: Still holding out at v28

I am not worried, I do most of my math using my fingers.

I probably have less fingers than you, but you're might be right. Whenever they announce a new vulnerability it's likely a good idea to roll back a version or two. Obviously "updating" doesn't work in the long run.

0
0
Holmes

Mozilla is as stupid as any big company.

Big companies think that because they made the software, and they spend a lot of time and money in changing things around to reflect the latest fad, they know much more than their customers on how the product should be used.

WRONG!

Functional changes to GUI interfaces (and more so big changes) should only be done when they fix severe deficiencies, and should always allow to revert back to the old behaviour when their purpose is merely aestetic.

Also stop thinking a customer is wrong because he's using the product not the way you envisioned, all you do is alienate them.

The GUI in the browser is a solved problem, stop fucking with it, of all the changes people ask of Mozilla, I have never ever seen: "Pleaze change the GUI completely to make it more like Chrome a coz chrome is cool and you're not"

Most of what people ask for is: Make it stable, make it use less memory.

One last thought if you plan to implement a massive change to the UI of a program for the sake of it (not because the program is impaired if you don't do it) Be sensible and add an option somewhere to select either New Interface or Classic interface. Your userbase will not be alienated and you will not lose them.

16
0

Re: Mozilla is as stupid as any big company.

Just like MS did with Windows 8.........DOH!!!!

5
1
Flame

Re: Mozilla is as stupid as any big company.

> The GUI in the browser is a solved problem, stop fucking with it ...

> Most of what people ask for is:

> Make it stable.

> Make it use less memory.

> Make it use less CPU cycles.

Exactly ...

The last time I upgraded my 'browsing experience' turned into endless torture.

Had to go back to the previous version.

I fear that this once fantastically good browser is slowly but steadily turning into a piece of shit.

What to do?

1
0
Anonymous Coward

Browser Wars

Chrome 36, Mozilla 31... I'm still using Lynx 2.8.8

3
0
Silver badge

Re: Browser Wars

You may be joking, but 'w3m' works great for 'El Reg' - especially for long comments as you can use 'vi' or any other editor of choice.

If anyone knows a way to spawn vi under android browsers (I have a terminal emulator, I have 'vi') let me know and you can have my babies!

0
0

This post has been deleted by its author

Memory growth in v29+ on Win 7

I tend to leave my machine on during the week and FF is always open overnight. I upgraded to v29 "fisher price" and found that after 2-3 days of being open, memory would gradually balloon to 1.5GB+ and never be released, leading to massive swapping and an ususable browser. I'd never noticed this with v28 with a broadly identical set of tabs and use pattern.

Reverted to 28 and that problem's not happened in 3+ weeks. Not particularly scientific but there's definitely something in it.

I honestly don't understand why they spent so much time modifying the UI to apparently try and save 1-2px of screen real estate. IMO they pretty much nailed it with the old UI.

On another note, anyone use Firebug? I used to but it seems basically unusable these days, taking about 10s to display the window, since maybe v24+ or so. The built-in developer tools do the same job but just wondered if anyone else has noticed this with Firebug? Might kill that extension off.

1
1

This post has been deleted by its author

Anonymous Coward

Re: Memory growth in v29+ on Win 7

Yeah, FF 29 broke Firebug 1.12, so you need 2.0, but there have been serious bugs in that too. 2.0.2 came out last week; maybe that's the long-awaited fix.I can't confirm, as I reverted to FF 24 when 29 came out, and I shifted to Chrome for development earlier this year. In that time I've learned that Chrome has some nasty bugs as well. Screw 'em all.

1
0

I like the new Firefox UI

The old menu bar can be restored by right-clicking 'plus' icon to the right of the tabs and selecting 'Menu Bar', at least on Linux and I guess this is the same for Windows too.

The two gripes I have with the new UI is that the reload button is in an inconvenient place and can't be moved and the back/forward buttons can't be relocated: I prefer to have navigation buttons (back, forward and up (via Uppity), stop and reload) to the left of the address bar and tools to the right of the address bar.

Other than those two gripes, the new modern UI works well.

0
0
Anonymous Coward

Re: I like the new Firefox UI

In Windows you can keep the Menu Bar in the default mode - Hidden - and show it only when you desire it by hitting the ALT key.

The UI is new. It took me a bit to get used to it - it's not really that bad. I hate the fact that new bookmarks automatically get filed in "Unsorted" (requiring a second-click on the bookmarking star to bring up a menu that allows you to move your new bookmark to any folder you please) but, otherwise, is isn't as bad as so many people here made it out to be.

Most people hate change. I will openly admit that sometimes I don't want change, but other times just calming down and letting things settle makes the river flow smoothly. I got used to the minimalist interface, it is not the end of the world to me. I've got other things to freak out about.

1
0
Silver badge
Stop

not liking the "prettiness"

Didn't like it in FF; and like it less in TBird. Been using TBird for my email client for three different networks now, for quite a while. The new "pretty" one seems to have lost it's mind in how it uses my address book and is suddenly pulling up wrong addresses for folks i regularly write. Please just stop.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018