Firefox 2.0 Update To Remove Phishing Detection 351
An anonymous reader writes "Computerworld and others are reporting that Firefox 2.0.0.19, the last security update to be released before 2.0 goes end-of-life, will remove the phishing detection at the request of Google. The browser is using an older version of the Safe Browsing protocol that Google will discontinue. According to the latest NetApplications report, about 25% of all Firefox users were still on version 2.0. This move ought to result in an increased adoption of Firefox 3.0 and other browsers, unless it goes unnoticed by most users."
A security update that reduces security (Score:5, Interesting)
Hrm.. I don't think that's the intended use of security updates that causes users to be willing to accept and enable such updates.
In a way, it's a breach of trust if they were intentionally holding back on upgrading to 3.0. Users would be in slightly better shape if they refused to accept this update (at least until Google finally does turn it off).
I anticipate not necessarily a massive increase in users updating to Firefox 3.0, but more likely a massive increase in phishing targetting 2.0 users who still think they're protected (they didn't pay attention to the update release notes).
Hey... it's open source! (Score:3, Interesting)
(sorry about all the commas... I have no idea why I used them)
Fix (Score:1, Interesting)
# echo ">www-client/mozilla-firefox-2.0.0.18" >> /etc/portage/package.mask /etc/hosts
# echo "127.0.0.1 www.google.com" >>
There, problem solved
Mac Os X 10.2.8 (Score:2, Interesting)
Re:People on older distros (Score:3, Interesting)
Why not just download the firefox binary, and unzip it to your home directory? Then you can just run it from there.
Re:Why would anyone use FF2? (Score:1, Interesting)
The reason I consider it bleeding edge, is a bunch of plugins don't work at all with FF3. It's a relatively new, unproven release, in the grand scheme of things.
Probably the single most important reason I don't want to use FF3 though is it's stupid handling of sites with self-signed certificates. The circuitous steps required to "add an exception", make you think you're about to give some russian hacker full control of your computer.
Try explaining to a user how to view their sites which suddenly don't work in FF3, because of this. If someone complains about the site not working and describes that message, I tell them to downgrade to FF2, which actually lets you still access the site (with just a simple dialog box).
FF3 keeps needing updates frequently, security bugfixes (I guess), and I kept running into crash bugs with FF3, several times a day, even the latest version of FF3, whereas FF2 and FF1 were rock solid, rarely ever crashed.
FF2's issues are pale in comparison to some of FF3's.
I was thinking of converting back from 3.0 (Score:2, Interesting)
the anti click jacking code and the really miserable handling of self signed certificates is starting to really annoy me.
Re:A security update that reduces security (Score:3, Interesting)
I still don't see why they're pushing people so hard to upgrade to 3.0. The version 3.0 still seems slower and more buggy than the version of 2.0 I have been using for some time. Does the firefox corperation get more money from google every time you download the latest version or something? I would argue that FF 2.0 is not and obsolete product - it does everything I need perfectly, and I would consider myself a power user. The mozilla corp. has been pushing people to upgrade now pretty hard for about six months and I really don't see the need to upgrade.
I prefer v.2 to v.3 so much that I still use v.2 at work, although I will boot into v.3 at work to check and see how it renders our website at work differently from 2.0 (we have bad code and in most cases there's a significant difference). v.2 has everything I need and a smaller memory footprint - why would I upgrade?
Re:Why would anyone use FF2? (Score:3, Interesting)
I totally agree. After how much trying is one entitled to simply decide that one does not like a particular piece of software?
FF3 has decided that people like me, who actually like using URLs to access on-line resources (crazy, I know) would rather have some higher-level language based address system which trawls through your history and bookmarks and spews them forth into the address bar whether you want them there or not. I have tried everything to disable this "feature" without success.
It would be trivial for them to include options about this stuff, but apparently the old ways are forbidden and options are 'confusing'. That kind of attitude is what ultimately loses you users.
Re:Why would anyone use FF2? (Score:2, Interesting)
If you have been using Firefox 2, then you *haven't* been giving Firefox 3 a chance "since it was introduced"; you only gave it a chance until you switched back. It's obvious that you're too stubborn to use the awesome bar regularly because it learns which sites you like to type into it, and it only takes *one* try. If you type a single letter in the bar, then select the site you want from the list, the very next time it will appear at the top of the list. In the worst case, you have to type the whole url *once*, then the second time only three or four letters, and after that it should only take one. And here's a hidden feature for you: if one of the bar's suggestions offends you for some reason, you can banish it by pressing shift-delete (this also works for form autocompletion).
I miss the Aweseome Bar's learning when I use Chrome. GMail's URL does not start with G, but Firefox learned that when I typed G I wanted GMail. In Chrome I have to remember to type "M" for GMail, becuase no matter how many times I type "GMail", then scroll down and select https://mail.google.com/mail/ [google.com], it won't remember.
Re:A security update that reduces security (Score:2, Interesting)
The version 3.0 still seems slower and more buggy than the version of 2.0
Well it might SEEM slower and more buggy, but objective tests I've done (as I wanted to know which was better) indicate this isn't true.