|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
Mar. 3, 2005 Hi. This is a newsletter update by Brian Livingston from the Windows Secrets Newsletter. The Mozilla Foundation released on Feb. 24 Firefox 1.0.1, a security upgrade for its wildly successful 1.0 browser. More than 25 million people have downloaded 1.0 since its release on Nov. 9, according to the foundation. I immediately felt that the security improvements in Firefox 1.0.1 warranted me publishing a newsletter update. But I held off until now because installation problems were causing severe confusion. I found it extremely difficult to nail down the best upgrade procedure. Firefox 1.0's "check for updates" feature, for example, didn't report that any Firefox updates were available for six days after 1.0.1 became available. The foundation had kept the feature from reporting the existence of this update because of concern that 25 million people downloading the update simultaneously couldn't be supported by the existing infrastructure. This problem was apparently solved by Mar. 1, and checking for updates now reports that 1.0.1 is ready. Rumors had also been flying that installing 1.0.1 required that Firefox 1.0 first be uninstalled. It's now clear that uninstalling 1.0 is necessary only if you want to install a ".exe" version of 1.0.1 over an instance of Firefox 1.0 that you obtained in a ".zip" file. Downloading 1.0.1 and installing it on top of a 1.0 .exe setup file you downloaded (as most people did) is fine. We've tested this and it works without deleting any bookmarks or Firefox extensions. I recommend that Firefox 1.0 users upgrade to 1.0.1 immediately. The new version fixes a security problem with international domain names (IDN). The address bar can appear to show "paypay.com," for example, by composing a domain name of look-alike Unicode characters. Some registrars, unfortunately, are selling Unicode domain names that look identical to ASCII domains. Firefox 1.0.1 cures this by displaying all Unicode in "punycode," a plain-text equivalent. The punycode for the PayPal fake wouldn't fool anyone: "www.xn--pypal-4ve.com". This is a better fix than the two workarounds we published in the paid version of the Feb. 10 and 24 newsletters. Firefox 1.0.1 also closes 16 other bugs, some of them potentially serious security weaknesses. This update is a good one to have. Here, therefore, are the steps I recommend for this upgrade: 1. Read the Firefox 1.0.1 release-notes page carefully to see if any issues affect you: http://www.mozilla.org/products/firefox/releases/ 2. To be safe, back up your PC, or at least make a copy of Firefox's Profiles folder, which contains your bookmarks and other settings. The location of the Profiles folder differs in various versions of Windows. See the release-notes page for the exact location. 3. In Firefox 1.0, click Tools, Extensions and make a note of any extensions you've installed. After upgrading to Firefox 1.0.1, you may need to re-enable or re-install one or more extensions. 4. Close the Extensions window. In Firefox 1.0, click Tools, Options, Advanced. In the Software Update section, make sure "Periodically check for updates to Firefox" is ON. Click the "Check Now" button. A window should open to announce that a 1.0.1 ".exe" file is ready to download. Download this file, which will save itself to your Desktop and then start to install. You'll need to close any open Firefox window when prompted to do so. 5. The download process may present you with Firefox 1.0.1 in a language other than your preferred one (for example, en-US for U.S. English instead of it-IT for Italian). If so, halt the download and go to the foundation's All Downloads page, which offers language- specific versions (note: British English is not yet available): http://www.mozilla.org/products/firefox/all.html 6. If you're running the ".exe" upgrade, but you originally installed Firefox 1.0 from a ".zip" file, you'll need to halt the upgrade and uninstall Firefox 1.0 before continuing. Running the ".exe" file to upgrade a version of Firefox 1.0 you originally installed from a ".exe" file, however, doesn't require uninstalling anything. (Some people recommend uninstalling *any* program before you install a new version, but this seems unnecessary.) 7. After Firefox 1.0.1 is installed, make sure your bookmarks are still intact and check that your extensions still work. If an extension isn't certified to work with 1.0.1, Firefox may disable it. In that case, click Tools, Extensions and try to download a new version of the extension. (We'll print in the Mar. 10 newsletter a way to make any Firefox 1.0 extension run in 1.0.1, even if it hasn't been certified to run in 1.0.1 by its developer yet.) 8. If you installed Firefox 1.0.1 over 1.0, the Add/Remove Programs applet in your Control Panel will show two uninstallers: one for "Mozilla Firefox (1.0)" and one for "Mozilla Firefox (1.0.1)." Running either routine at this point will uninstall Firefox 1.0.1. This is a known bug. Don't run either uninstall routine unless you want to uninstall Firefox 1.0.1. That's it. In my opinion, the Mozilla Foundation should have written better instructions and made the process much smoother for Firefox users than they did. Hopefully, this will open the foundation's eyes to the usability problems that can arise with even a minor upgrade. One fundamental issue with Firefox 1.x, which both Paul Thurrott and I have written about previously, is that it doesn't offer the kind of tools that Internet Explorer does for deploying the browser in a corporate environment. The best method I've seen for doing this has been described by a Firefox user who modified the FFDeploy routine. The procedure is explained on the independent Microsoft Software Forum Network: http://www.msfn.org/board/index.php ?showtopic=40138&st=0&p=279478 &#entry279478 If you find issues or concerns with the Firefox 1.0.1 upgrade, please send me an e-mail message and explain what you discovered. That's all for now. Take care, and look for the next regular issue of the newsletter on Mar. 10. Brian Livingston Editor, Windows Secrets Newsletter WindowsSecrets.com/contact/ |
WINDOWS SECRETS NEWSLETTER |