Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Netscape Releases Security Update

Posted by Zonk on Fri May 20, 2005 10:42 AM
from the at-least-they're-prompt dept.
Security Netscape The Internet
daria42 writes "Less than 24 hours after releasing Netscape 8, Netscape has released a security patch bringing the browser up to version 8.0.1. The patch address security vulnerabilities in version 1.0.3 of the Firefox code on which Netscape is based. The update comes amid online criticism from Firefox developers that the browser was insecure."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Netscape Releases Security Update 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • No thanks (Score:2, Funny)

    by Anonymous Coward

    i prefer to get my browser from the organ grinder [getfirefox.com], not the monkey [netscape.com]

  • software and bridges (Score:4, Insightful)

    by Virtual Karma (862416) on Friday May 20 2005, @10:45AM (#12589997) Homepage
    Don't you think it is wiser to wait 24 hours longer (or maybe a week or so) and then release a quality product rather than issue patches. Imagine if civil engineers started doing the same with buildings and bridges.
    • Imagine if civil engineers started doing the same with buildings and bridges.

      "Started"? Where do you live? I get an opportunity to see our local civil engineers filling (patching) the same potholes once a week! These aren't small bumps in the road, either. Some of them are big enough to fit a 1/4 tonne pickup (sometimes I wonder if one actually fell in and they paved over it).

    • To be fair, buildings and bridges aren't quite as susceptible to little kids launching attacks from their basement thousands of miles away...
    • They probably did wait a short time...Firefox 1.0.3 wasn't finalized and released in a day...

      What is cool, though, is that the bug was found AND fixed in Firefox in less than a week and Netscape also updated a few (three?) days later (or one day after the release, depending on how you want to look at it). Ever see Microsoft do that?
    • Imagine if civil engineers started doing the same with buildings and bridges.

      Imagine if software developers were held to the same standards as engineers.

      I get tired people comparing software development to real engineering when developers refuse to follow the same rigorous standards that engineering disciplines have to follow. There are some software engineers out there, but most of the people with that title are simply software developers. Not that every piece of software needs to be engineered, b

      • That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

        That's what you think. New structures are found to be unsound all the time, which usually requires that the structure be patched in some form or another.

        Take the case of the London Millennium Bridge [wikipedia.org] which suffered from Resonant vibration (a common problem with suspension bridges). It wasn't planned for because it was assumed that such vibrations couldn't happen from mere pedestrian traffic. The solution was to retrofit 37 fluid-viscous dampers and 52 tuned mass dampeners.

        In short, don't think that engineering is that much different from software. They're quite similar, to the point of being frightening.
        • Now that is pathetic. With the famous Tacoma Narrows Bridge bringing to life the issues of resonance and designing to eliminate such a test case they had decades of lead time to make sure their bridge is protected.
          • Did you miss the memo? They've lowered the age on developers to 5 years of service or promotion to senior developer position, whichever comes first. (No, I'm not annoyed by idiot hiring practices that are driving companies into the ground, not at all.)

  • Netscape's Original 8.0 Release (Score:5, Informative)

    by Anonymous Coward on Friday May 20 2005, @10:45AM (#12590005)
    ZDNet Australia [zdnet.com.au] has a scathing report [zdnet.com.au] on problems with Netscape's original 8.0 release, which shipped with known critical security bugs. ZDNet notes that several key Mozilla devs have lashed out at Netscape, including Firefox lead developer Ben Goodger [mozillazine.org], who posted a live exploit [mozillazine.org] of the known vulnerability. Gervase Markham [mozillazine.org], another Mozilla employee found Netscape's claim that Firefox 1.0.4 is "outdated" ridiculous [mozillazine.org]. Ali Ebrahim [ebrahim.org], another contributor commented that Netscape's claim of "more security choices" is based on a false premise [ebrahim.org]. To their credit, Netscape has since released Netscape 8.0.1, based on Firefox 1.0.4 which plugs the most severe known issues, though the question still remains as to why they released 8.0 in the first place if it contained such severe security issues.
    • Its is not only that it contains such severe security issues but that they are KNOWN as have been fixed!

      This is what the software industry and versioning is becoming, just ship crappy software first and then provide patches, god, as someone said in other post imagine of other that was an accepted behaviour for other professions???

      Patient: Doctor, my appeniccitis operation was not ok, I think my bowel is going out in this hole... can you please add a patch to fix my body?
      Doctor: Oh, sorry I am affraid I

      • The reason they released it was it was all they had. They didn't have time to test and integrate a new version. It's the firefox people's fault for having the vulnerabilities, I think they're just trying to distract from their own failings.

        This is frankly a load of bollocks. If Netscape is going to harp about their commitment to security, then holding off release to include the fixes from Firefox 1.0.4 would have been the only right thing to do.

        Sure, the problems existed in Firefox itself, but Netscape

  • Why didn't they wait? (Score:5, Insightful)

    by drsmack1 (698392) * on Friday May 20 2005, @10:46AM (#12590028)
    I did not understand why it was based on 1.03 anyway; were they completely unaware of what was going on at the firefox project?
    • Wouldn't be surprised, I mean they were completely unaware of how they lost so much browser marketshare, or if they did know, they didn't do anything to gain it back.
    • What were they supposed to do? They have to do a code-freeze sometime. If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out. You know that another security bug will be found in Firefox again. They can't just keep holding off releasing a product because of security exploits that haven't been discovered yet.
      • Obviously it didn't take them long to apply the security patches from 1.0.3. Would it really have been that difficult to just wait another day and release the version we now call 8.0.1 as the initial release of 8.0.0?

        If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out.
        Who would anyone be doing that? There's currently no known security problems with 1.0.4, so why would anyone care about waiting until 1.0.5?

        You know that anothe
  • What is the deal with Netscape 8? It sounds like they basically downloaded the source code for Firefox, recompiled it, and then distributed it as something new.

    First, why isn't Firefox going after Netscape and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

    I think I might get the Firefox code myself and create a browser called LOL-I'm-Really-Just-Firefox. It will be huge.

    • Re:I don't get it. (Score:4, Informative)

      by Jarnis (266190) on Friday May 20 2005, @10:52AM (#12590115)
      As long as you abide by the license of the code, you can do that. Open source and all that...
    • First, why isn't Firefox going after Netscape

      Firefox is open source.

      and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

      Now, you've got me there. Uh...brand recognition? Maybe?

    • Re:I don't get it. (Score:5, Informative)

      by justforaday (560408) on Friday May 20 2005, @11:03AM (#12590288)
      The big deal with Netscape 8 is that it offers the choice of using the IE or Firefox/Gecko rendering engine on different pages. For instance, you can have it set to display /. using the Gecko engine, while using the IE engine to render your company's intranet page (you know, the one that requires that you use IE for "full functionality"). The main reason for it, however, is for the brand recognition that AOL gets out of it. Of course, the dual-rendering ability will only complicate matters for Joe Sixtooth.
      • The big deal with Netscape 8 is that it offers the choice of using the IE or Firefox/Gecko rendering engine on different pages.

        The fundamental security flaws that are inherent in the Microsoft HTML Control can't be fixed by a wrapper, because they're in the HTML control itself, not the IE "shell". So you're no safer using the "IE Engine" inside Netscape than just using IE.

        So this is no different than just using IE for the pages that need IE, except that people who think they're being safer using Netscape
          • it seems like it'd be a lot easier just to switch rendering engines when you hit a bad page than to copy the link, open another application, paste the link into it, etc.

            It seems like it would have been a lot easier to add an "open in internet explorer" menu/contextual menu/accelerator key, and a lot less likely to lead to people getting confused about whether they're in a "safe" (relatively) browser or not.
      • Oh boy, Netscape now has to watch both sides of the flaming candle stick, less they get burned with additional vulnerability (from EITHER side).
    • Take it as a challenge and go with that (create your own browser). In fact, if you manage to complete the browser, I promise I'll even pay suport for it. Heh? :-)
    • First, why isn't Firefox going after Netscape

      You don't get the whole "Open Source" thing, do you?
        • I guess I just don't know exactly how the licensing works.

          There are very few open source projects that limit commercial redistribution of the software. Oh, there's a broad range of licenses, from the "you can do it as long as you don't sue us if it breaks" modified BSD license, through to "you can do it as long as you make the result open source" GPL, but products like the dual-licensed Ghostscript or the no-commercial-use Kermit have become fairly rare.

          That's a pretty important thing to understand about
  • There were only 3 bugs fixed in 8.0.1, not 44! See the Release Notes [netscape.com] for yourself.

  • Show offs! (Score:5, Funny)

    by khendron (225184) on Friday May 20 2005, @10:48AM (#12590050) Homepage
    Netscape just wanted to show off how they can produce patches faster than Microsoft and Firefox.

    The promo goes like this: "Miscrosoft leaves holes unpatches for weeks, maybe months. Firefox sometimes takes a few days. But *we* can produce a patch in less than 24 hours! Na na!"

  • In other news... (Score:4, Funny)

    by kniLnamiJ-neB (754894) on Friday May 20 2005, @10:51AM (#12590098)
    Netscape released a statement saying that people who downloaded the browser labeled 8.0 actually got a mis-labeled copy of 7.9.9.9.9. The new version 8.1 will actually be 8.0 and the following patches labeled 8.1.1, 8.1.2, and 8.1.2.1, which will be released daily starting tomorrow, will be relabeled as 8.0.1, 8.1.0, and 8.1.2, respectively. ***NO CARRIER***

    We apologize for the above post. Those who were responsible for sacking those who were just sacked, have been sacked.

  • Huh? (Score:2, Interesting)

    by bsquizzato (413710)
    Why did Mozilla release Netscape 8, based on Firefox 1.0.3, AFTER they had released the fix? (1.0.4) Why wouldn't they just wait an extra day? Now there will be vulnerable Netscape 8's floating around if people aren't consciencious enough to check for updates daily.

  • Rather embarassing (Score:3, Insightful)

    by Phil246 (803464) on Friday May 20 2005, @11:53AM (#12590978)
    Regardless of the reasons why - For a software company to release a patch for a product they released 24 hours ago is , to say the least embarassing.
    I would imagine there are quite a few red faces around netscape today
  • Internet Explorer rinses and uses paper towels in the bathroom.
    Netscape washes thoroughly and uses the automatic air dryer.
    Firefox doesn't piss on its hands.

  • Really a patch or complete download? (Score:3, Interesting)

    by klui (457783) on Friday May 20 2005, @12:51PM (#12591735)
    I'm really curious if this is indeed an incremental patch or Mozilla's idea of one--namely a complete download of the product.
  • I installed Netscape 8 the day it came out for testing purposes. I saw this story, went to Netscape with their default skin and found they had nothing similiar to the Firefox's red ! to alert me that updates were necessary. I went to Tools->Advanced->Software Update and found Automatically Download and install updates was checked by default, so I checked my UA string to find it was still Netscape 8.0. Went back to Software Update and ran Check Now and it did not find any updates. Switched to their oth
  • Reminds me of my favorite slashdot poll of all time: "Netscape 6 is out. Do you care?" The resounding winner was "no," as I recall.

    Well I can't find it in the poll archives. I was pretty sure it was a slashdot poll. Funny anyway.

    RP

    • Re:Browser boys are back (Score:4, Insightful)

      by Soybean47 (885009) on Friday May 20 2005, @10:47AM (#12590036)
      Are the browser wars really back? Has anyone tried the new Netscape? Given that they pretty much peaked around 4.7 or something like that, or earlier depending on who you ask, I just don't see any reason to even try it. What is Netscape likely to give me that Firefox can't?

      • Re:Browser boys are back (Score:5, Informative)

        by Stibidor (874526) on Friday May 20 2005, @10:53AM (#12590125) Homepage
        As I recall from yesterday's news [slashdot.org], one thing Netscape will give you that Firefox does not is "a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed." The Best of Both Worlds(TM)
        • Another thing from yesterday's post (Linked in previous comment): The netscape browser seems to come with a lot more 'features' built in than firefox. And many of those features can be quite difficult to disable. One user reported that Netscape would not stop asking him if he wanted it to remember his passwords, even after unchecking "remember passwords" boxes in 3 different places in his preferences.
        • Firefox also has the best of both worlds...hehe
        • Has anyone discovered if this can be used with wine and IE on Linux? If not, such an extension could actually be useful to provide the catch all support for a browser on Linux. Of course to actually use this legally you have to have a legal copy of IE and a desire to ever let the code onto your machine, but if your online banking (or some other personally _vital_ site) won't work any other way would it not be better to be able to enable the working rendering engine in your normal browser, rather then fi
        • As I recall from yesterday's news, one thing Netscape will give you that Firefox does not is "a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed."

          Cool. Where do I download the linux version that has that feature?
    • I got a page like that one when trying to use a brand-new nightly, released THE NIGHT BEFORE, when trying to visit the Firefox extension list page. I had to hack my user-agent string to explicity claim to be 1.0.4 even though I was using a NIGHTLY OF THAT BROWSER, and it wouldn't let me in.

      Yeesh. Some coder needed a good tongue-lashing that day.
    • Some web site will work only with IE or netscape.
      If you find a site like that, email the admins and let them know this is the 21st century. There are more than two browsers on the market, and they're losing at least 10% of their visitors if the site doesn't work in Gecko (Firefox), Presto (Opera), and WebCore (Safari) browsers.
    • Some web site will work only with IE or netscape.

      I use FireFox. I will not use IE. If a site does not work with Firefox(not too many sites are still like this) I will not use that site. That means no advertising revenue and no retail sales from me.

      I admit I have to use IE for 3 webapps at work. One of these is developed and maintained by my group and we are currently in the process of making it browser neutral. Everything else I will use with Firefox. The difference is I am paying for using other sites (

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.