Comments for Mozilla Security Blog http://blog.mozilla.com/security Thu, 19 Nov 2009 15:36:11 -0800 http://wordpress.org/?v=2.8.6 hourly 1 Comment on Component Directory Lockdown – New in Firefox 3.6 by Daniel Veditz http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108403 Daniel Veditz Thu, 19 Nov 2009 15:36:11 +0000 http://blog.mozilla.com/security/?p=213#comment-108403 I read too quickly and assumed you were talking about this blog post, but you were talking about addon compatibility version checks which is something else entirely. Beta users do sign up for a little pain in that regard, but you can help if you like by using the Addon Compatibility Reporter which will reenable all of your addons and let you report which ones work and which don't. https://addons.mozilla.org/en-US/firefox/addon/15003 Or you can wait until after we ship 3.6 by which point most of the addons should be compatible. I read too quickly and assumed you were talking about this blog post, but you were talking about addon compatibility version checks which is something else entirely. Beta users do sign up for a little pain in that regard, but you can help if you like by using the Addon Compatibility Reporter which will reenable all of your addons and let you report which ones work and which don’t.

https://addons.mozilla.org/en-US/firefox/addon/15003

Or you can wait until after we ship 3.6 by which point most of the addons should be compatible.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Daniel Veditz http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108402 Daniel Veditz Thu, 19 Nov 2009 15:30:00 +0000 http://blog.mozilla.com/security/?p=213#comment-108402 This feature is not about addons, this prevents 3rd party software from hooking into Firefox in a way that is guaranteed to break (and does) at the next major update. Possibly on a minor update for binary components depending if they were using an interface we had to patch. This was never a recommended or even documented mechanism for extending Firefox, and we've found a large percentage of the crashes experienced by Firefox 3.5 users is due to 3rd party components hooked in this way. Plugins and Addons hooked in through the documented places certainly do cause their share of stability problems also, but since it is possible for users to know about and manage them we do let you make your own tradeoff between functionality and possible instability. This feature is not about addons, this prevents 3rd party software from hooking into Firefox in a way that is guaranteed to break (and does) at the next major update. Possibly on a minor update for binary components depending if they were using an interface we had to patch. This was never a recommended or even documented mechanism for extending Firefox, and we’ve found a large percentage of the crashes experienced by Firefox 3.5 users is due to 3rd party components hooked in this way.

Plugins and Addons hooked in through the documented places certainly do cause their share of stability problems also, but since it is possible for users to know about and manage them we do let you make your own tradeoff between functionality and possible instability.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Zetaprime http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108399 Zetaprime Thu, 19 Nov 2009 06:10:50 +0000 http://blog.mozilla.com/security/?p=213#comment-108399 Is there anyway to disable this feature? I'd like to be able to decide which addons I can keep and not have Firefox tell me I can't use them. I already had to uninstall 3.6 beta 3 and go back to beta 2 to get my addons back. Let me decide if I can live with a certain degree of instability in exchange for the functionality many of these addons provide. Is there anyway to disable this feature? I’d like to be able to decide which addons I can keep and not have Firefox tell me I can’t use them. I already had to uninstall 3.6 beta 3 and go back to beta 2 to get my addons back. Let me decide if I can live with a certain degree of instability in exchange for the functionality many of these addons provide.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Daniel Veditz http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108397 Daniel Veditz Wed, 18 Nov 2009 19:47:10 +0000 http://blog.mozilla.com/security/?p=213#comment-108397 In what other application is it normal to modify their installation directory? We have published for years several appropriate ways to extend Firefox and this was not one of them. It happened to work, but it was never a supported way for 3rd parties to modify a Firefox installation. In what other application is it normal to modify their installation directory? We have published for years several appropriate ways to extend Firefox and this was not one of them. It happened to work, but it was never a supported way for 3rd parties to modify a Firefox installation.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Dis Gruntled http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108396 Dis Gruntled Wed, 18 Nov 2009 18:35:51 +0000 http://blog.mozilla.com/security/?p=213#comment-108396 Once again, Mozilla shows love to their large developer base by easing in a significant change thru a tried-and-true deprecation process, whereby developers are encouraged to make the necessary changes over a period of time, many months in advance of Firefox dropping a key feature. Wait... um... OK, scratch that. Nevermind. Once again, Mozilla shows love to their large developer base by easing in a significant change thru a tried-and-true deprecation process, whereby developers are encouraged to make the necessary changes over a period of time, many months in advance of Firefox dropping a key feature.

Wait… um… OK, scratch that. Nevermind.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Daniel Veditz http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108390 Daniel Veditz Tue, 17 Nov 2009 21:42:03 +0000 http://blog.mozilla.com/security/?p=213#comment-108390 To put "20 times a day" in perspective that's about how many crashes we're currently seeing from a few hundred 3.6 Beta users put together. To put “20 times a day” in perspective that’s about how many crashes we’re currently seeing from a few hundred 3.6 Beta users put together.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Daniel Veditz http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108389 Daniel Veditz Tue, 17 Nov 2009 21:35:16 +0000 http://blog.mozilla.com/security/?p=213#comment-108389 Firefox 3.6 has not been released yet, you do not have "ff 3.6 final". Keep reporting those crashes: that's how we know which ones are the most important to focus on. If you're crashing 20 times a day, though, you're suffering from some software incompatibility between Firefox and something else on your system. Please visit the forums at http://support.mozilla.com and they can help you figure out what's going on from you reported crashes and probably help you identify the culprit. Firefox 3.6 has not been released yet, you do not have “ff 3.6 final”. Keep reporting those crashes: that’s how we know which ones are the most important to focus on. If you’re crashing 20 times a day, though, you’re suffering from some software incompatibility between Firefox and something else on your system. Please visit the forums at http://support.mozilla.com and they can help you figure out what’s going on from you reported crashes and probably help you identify the culprit.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by Babua http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108387 Babua Tue, 17 Nov 2009 13:25:05 +0000 http://blog.mozilla.com/security/?p=213#comment-108387 ff 3.6 final has also been crashing frequently in my Windows 7. About 20 times today. It is a very poor show. I installed the latest version today only. ff 3.6 final has also been crashing frequently in my Windows 7. About 20 times today. It is a very poor show. I installed the latest version today only.

]]> Comment on Component Directory Lockdown – New in Firefox 3.6 by David Naylor http://blog.mozilla.com/security/2009/11/16/component-directory-lockdown-new-in-firefox-3-6/comment-page-1/#comment-108386 David Naylor Tue, 17 Nov 2009 10:38:13 +0000 http://blog.mozilla.com/security/?p=213#comment-108386 Woah, huge user win. No more shady deals when installing other software. At least not with Firefox add-ons bundled. Being in control is one of the main reasons for using Firefox, and that just got even better with this change. Woah, huge user win.

No more shady deals when installing other software. At least not with Firefox add-ons bundled.

Being in control is one of the main reasons for using Firefox, and that just got even better with this change.

]]> Comment on Mozilla Plugin Check Now Live by Daniel Veditz http://blog.mozilla.com/security/2009/10/13/mozilla-plugin-check-now-live/comment-page-1/#comment-108338 Daniel Veditz Mon, 09 Nov 2009 18:50:08 +0000 http://blog.mozilla.com/security/?p=186#comment-108338 sendadiet: The Plugin Check page was released as a bit of an experiment. We're working on translations but wanted to get feedback before we got that done. The upcoming Firefox 3.6 refers people to this page and we expect translated versions of Firefox will have translated versions of the Plugin Check to link to. (from Google translate): La página Plugin cheque fue lanzado como un poco de un experimento. Estamos trabajando en la traducción, pero quería recibir comentarios antes de llegar a hacerlo bien. El próximo Firefox 3.6 se refiere la gente a esta página y esperamos versiones traducidas de Firefox se han traducido las versiones de los Comprobar plug-in para el vínculo. sendadiet:

The Plugin Check page was released as a bit of an experiment. We’re working on translations but wanted to get feedback before we got that done. The upcoming Firefox 3.6 refers people to this page and we expect translated versions of Firefox will have translated versions of the Plugin Check to link to.

(from Google translate):
La página Plugin cheque fue lanzado como un poco de un experimento. Estamos trabajando en la traducción, pero quería recibir comentarios antes de llegar a hacerlo bien. El próximo Firefox 3.6 se refiere la gente a esta página y esperamos versiones traducidas de Firefox se han traducido las versiones de los Comprobar plug-in para el vínculo.

]]>