Mozilla released Firefox 1.5 Beta 1 (code-named Deer Park) on Friday, a preview of the next major release of its popular open-source-based browser.
The company said the beta is intended for the early adopter community, Web site and Web application developers, and Firefox extension developers, and does not come with technical support.
Later in the day, Mozilla also announced it has posted a new workaround for a potentially serious security flaw in which hackers could remotely execute arbitrary code on an affected host.
The final 1.5 version will be released in November or December, Mozilla Corp. products manager Chris Beard told eWEEK.com. Beta 2 is expected in October, he said.
The release, which can be downloaded here, includes faster browser navigation with improvements to back and forward button performance, drag-and-drop reordering for browser tabs, and an upgrade in usability—including descriptive error pages, redesigned options menu, RSS discovery and “safe mode,” Mozilla said.
There is added support for Mac OS X (v10.2 and greater), including profile migration from Safari and Mac Internet Explorer, and improvements to its popup blocking, the company said.
In extensions, Answers.com has replaced Dictionary.com for built-in dictionary lookup. “We received a lot of user requests for this,” Beard said.
Beard said the application is faster overall thanks to the next-generation Gecko layout engine the application uses.
“There has been a full years worth of development on it, the code is a lot tighter, and it gets pages and renders them faster from the Web,” Beard said.
Mozilla has taken a tip from Microsoft Corp. and other software makers in adding an automated update to streamline product upgrades. Notification of updates is more prominent, and updates to Firefox may now be half a megabyte or smaller. Updating extensions has also improved, Mozilla said.
The beta release apparently still has a serious security flaw involving buffer overflows. Security researcher Tom Ferris of Security-Protocols.com posted an advisory and a proof of concept about the buffer overflow security problem to his Web site Thursday night.
“A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions (including the new beta) which allows for an attacker to remotely execute arbitrary code on a affected host,” Ferris said. A bug fix was not issued for the vulnerability with the Friday release.
Bug Fixes Are a
Firefoxs chief of engineering, Mike Schroepfer, told eWEEK.com that the workaround was completed Friday and that it was “a simple procedure. The problem involved using international fonts in the URL; we simply turned off that feature. This buys us more time to go in and do a complete patch (for the final 1.5 version).”
Apparently, if an attacker used a specific 12-character URL in a particular foreign font, he or she could have hacked into an affected computer.
Beard told eWEEK.com that his security team only learned about the vulnerability “less than 72 hours ago, and we responded to the bug reporter in 20 minutes. Of course this will be a priority for us.”
But Beard would not commit to saying the flaw would be remedied by the final 1.5 release in November.
An early Beta 1 adopter emailed eWEEK.com with a complaint that although “theres nothing obviously wrong with the software itself (download was fast, installation was smooth, pages loaded with impressive speed …) 5 out of 7 Firefox extensions on this system are incompatible with this beta version, including several that are indispensable in my daily use.”
Beard addressed this complaint directly, saying, “This is exactly what the beta is for—to find the flaws now. We want people to kick the tires and tell us what they find out. We want to make sure all the extensions people use are readily portable. Were very good at responding to users.”
“Regarding extension compatibility, in the next couple of days the community can look for an extension compatibility posting that will include an up-to-date listing of developer extensions as they become compatible with Firefox 1.5 beta 1. This will be available at addons.mozilla.org,” Schroepfer told eWEEK.com.
Beard also told eWEEK.com that Mozilla has launched a new developers Web site to consolidate communication between the company and the Web development and extensition-writing communities. The site includes blogs, tools, and a tutorial on developing extensions.
Browser analyst Michael Gartenberg of Jupiter Research told eWEEK.com that this release “carries nothing dramatic enough to change the equation. Firefox is basically the same as ever, although current users will certainly want to upgrade. Its business as usual.”
Gartenberg said he doesnt expect the 1.5 release to make much of an immediate difference in boosting Firefoxs market share, which has stagnated recently.
The company reported that in July alone, Firefox lost about two-thirds of a marketshare point, bringing it to just over 8 percent, although some analysts claim Firefox may actually own as much as 20 percent of the browser market. Microsofts Internet Explorer has owned the field with more than 90 percent of the market for nearly eight years.
Microsoft has said it will not upgrade its browser to version 7.0 before the next release of Windows Vista, due out next year.
“Microsoft is going to crank up the IE message soon, in response to Firefox,” Gartenberg said. “Theyre not about to let their market share slip away.”
Notable bug fixes since Firefox 1.5 Alpha 2 include the following:
Page rendering and interaction:
- POST responses remained in the memory cache when using XMLHttpRequest, causing a “huge” memory leak.
- Links didnt become “:visited color” if URL was loaded in another window/tab/frame.
- Submit button often did not work.
- Weird scrolling sometimes occurred when auto-scroll over iframe/frame was used.
- Windows often split into an inner and outer object.
- After searching bookmarks, the results were not editable.
- A menu option was needed for Bookmark All Tabs (Ctrl+Shift+D on Windows, Cmd+Shift+D on Mac) and bookmark options in the right-click menu for tabs.
- Loading live bookmarks bypassed cache.
- Bookmark keyword quicksearch needed a way to specify character encoding for query URLs.
In a specific Windows bug fix, Mozilla remedied the “Set as Wallpaper” command—which changed the wallpaper for all users at once, rather than only the current user.
In other general fixes, the Firefox clearing cache—which often failed—was repaired, and the “sanitize on shutdown” command now works if the last closed window is not a browser window.
A list of fixed bugs can be found here.
Editors Note: This story was updated to include a list of bug fixes, analysts comments and more information from Mozilla spokespeople.
Check out eWEEK.coms for the latest open-source news, reviews and analysis.