This thread is a continuation of two previous ones in General Discussions:
http://forums.winamp.com/showthread.php?threadid=61877
http://forums.winamp.com/showthread.php?threadid=70708

In this thread I'll be posting news on Microsoft Internet Explorer's security holes. Since alleged security flaws come up almost every week, I'll try my best not to raise unnecessary alarms, by reporting only the really grave ones, and only those that affect the latest version. (As of now that means IE6.)

The latest, disclosed on 14 January, is described in this securityfocus.com article (http://www.securityfocus.com/bid/3867). It allows for arbitrary apps (or even CLSID objects, like the Control Panel) to be launched at the local machine when an HTML embedded object within a web page is clicked, without asking the user for confirmation first.

No solution has as yet been offered, and Microsoft has not yet acknowledged this exploit in its security bulletins (http://www.microsoft.com/technet/security/current.asp) page. I will post again when updates are available.

Reported in SecurityFocus (http://www.securityfocus.com/bid/3887):

When you have IE6 in a Win9x/ME system, and have over time applied various security patches through Microsoft's Windows Update, and then upgrade your OS to Windows XP Professional, the patches for IE6 cannot be carried through. What's worse, when you visit Windows Update, those patches do not show up as available for re-installation.

If this applies to you, take a look at the solution (http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=3887) offered in SecurityFocus. It contains pointers to Microsoft download pages where you can manually download IE6 patches and re-apply them.

This is probably old news already, but I've been away on a short vacation. So here goes...

Microsoft has released a cumulative patch for Internet Explorer (http://www.microsoft.com/technet/security/bulletin/MS02-005.asp) on 11 February. In addition to all old bugs in IE 5.01, 5.5 and 6.0, it also covers various bugs that have been reported in securityfocus.com and elsewhere from January to early February.

These bugs include buffer overruns (which allow a cracker to e.g. craft a URL in certain ways so your browser will execute arbitrary code of the cracker's choosing), and loopholes in the file saving/executing mechanism (when exploited, they cause the browser to execute a file right away instead of asking you to save it). So it's important that you update your Internet Explorer with this patch as soon as possible.

Another cumulative patch for IE 5.01, 5.5 and 6.0 has just been released to cover "2 vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone."

Read the MS security bulletin (http://www.microsoft.com/technet/security/bulletin/MS02-015.asp), and install the patch now.

Nice job dude.. thanks for the heads-up on the latest one. :)

Thanks for keeping us apprised griffin. :up: These critical updates don't usually make it to the Windows Update page for days (or weeks).

Thanks Griffinn.
This is another good and helpful thread.
I appreciate it.
Patch installed.
btw...I usually get notices like this from the LangaList Newsletter (http://www.langa.com/default.htm),
along with allot of other educated help and news concerning computers.
I highly recommend it.
It's a free, no spam, no spyware deal.

Thanks Griffinn. I'm applying the latest patch now.

"Internet Explorer users who click their browser's back button open the Windows operating system to a malicious hack attack."
http://www.wired.com/news/technology/0,1282,51899,00.html

The scariest part for me: I wouldn't describe myself at all as "anti-Microsoft," but sometimes I do wonder about them...The proposed exploit scenario requires the attacker to compel the users to click on the back button while visiting a malicious website. This scenario does not constitute a viable threat to users following standard best practices," the [Microsoft] spokesman added.

Some users were surprised to find out that Microsoft believes that using the back button is not a standard, best security practice.

"Why the hell did they put a back button into the browser toolbar if they didn't want me to use it?" Martin Montez, a stockbroker, wondered. "I'm one of the few people in the world who actually reads the manuals and there's no warning anywhere that using the back button could compromise your system."LMAO!!! That pretty much sums up what I was thinking as I read what MS has to say about the issue. :D

Since the last cumulative patch, a number of vulnerabilities, from innocuous to deadly, have been reported in Internet Explorer 5.0, 5.5 and 6.0. Microsoft has just released another cumulative patch (Q321232) to address "six new vulnerabilities, the most serious of which could allow code of attacker's choice to run".

The patch is already available via Windows Update. For the gory details, read MS Security Bulletin MS02-023 (http://www.microsoft.com/technet/security/bulletin/MS02-023.asp). (At the time of writing this page is not yet online. But it will be soon.)

HINT ALERT!!!! Just use Netscape..... :up: Don't be a Gate's drone, down with IE... :down: (waving "GO NETSCAPE" flags to the masses)

You see? This is why you should be using a real browser (http://www.opera.com/). Give me Opera (http://www.opera.com/) or give me death! Multiple browser windows hogging up the taskbar doesn't make sense. Opera (http://www.opera.com/) keeps them all in one place like they should be. Opera (http://www.opera.com/) is 100% compliant with all the latest W3C (http://www.w3.org) standards, and any proprietary browser-specific stuff (like MARQUEE and BLINK tags) is cut out and unsupported like it should be. Oh, and whoever invented mouse gestures is a genius!

Originally posted by Indyrod
HINT ALERT!!!! Just use Netscape..... :up: Don't be a Gate's drone, down with IE... :down: (waving "GO NETSCAPE" flags to the masses)

Netscape sucks dick. 6.x is bloated with AOL crap, and 4.x can't do shit these days. If you're really hardcore-obsessed with Netscape, then the next-best alternative for you would be Mozilla (http://www.mozilla.org/). It's like a heavily stripped down Netscape 6.x with all of the functionality but none of the bloat. As a matter of fact, Netscape 6.x is built on Mozilla (http://www.mozilla.org/)... I'd go as far as to say that Netscape 6.x is just Mozilla (http://www.mozilla.org/) with a bunch of unnecessary bloat slapped on top of it. With Mozilla (http://www.mozilla.org/), you get everything that Netscape 6.x is useful for (such as the tabbed surfing,) without the useless crap that nobody would ever want in the first place (such as AIM and "Netscape Activation".)

Sadly, many large websites out there are b0rken / do not offer full functionality when viewed by Netscape.

Example #1: Webmonkey (http://www.webmonkey.com/)'s DHTML navigation menu does not expand/collapse in Netscape; it only brings you to another page. The geeks at Webmonkey know what they are doing. If they decide not to tweak their scripts to support Netscape, I tend to believe it's simply because Netscape's DHTML sucks.

Example #2: PriceWaterhouseCooper (http://www.pwcglobal.com/)'s corporate site. I haven't tried to find out what causes the page to come up funny in Netscape, but I think it's Netscape's b0rken CSS support.

Example #3: KPMG (http://www.kpmg.com/)'s corporate site. Again, probably caused by bad CSS support in Netscape.

From the "gory details":

"An information disclosure vulnerability related to the handling of script within cookies that could allow one site to read the cookies of another. An attacker could build a special cookie containing script and then construct a web page that would deliver that cookie to the user's system and invoke it. He could then send that web page as mail or post it on a server. When the page executed and invoked the script in the cookie, it could potentially read or alter the cookies of another site. Successfully exploiting this, however, would require that the attacker know the exact name of the cookie as stored on the file system to be read successfully."

I wonder if this is why my Norton AV just recently stopped a JS.Seeker virus hidden in a cookie? If so, I wonder if the MS patch will prevent it from happening in the future?

Either way, a good reason to be running an up to date virus program.

Originally posted by griffinn
Sadly, many large websites out there are b0rken / do not offer full functionality when viewed by Netscape.

Which is why you use Opera (http://www.opera.com/). If any web pages don't show up properly in Opera, it's because they've probably got a stupid, lazy, uninformed webmaster who uses proprietary, browser-specific HTML code. Studies show that Opera 6 is actually MORE standards-compliant and compatible that Internet Explorer 6.

Oh, and if a website refuses to show up properly in anything but Internet Explorer, view the source code and inspect the "Generator" META tag. Chances are that site's been made in Microsoft FrontPage. If that's the case, there's your answer as to why the page won't show up in anything else. Every web page made in Microsoft FrontPage is specifically coded to intentionally screw up on any browser other than Internet Explorer. That said, those pages contain a much larger source to pack in all that proprietary code, which makes them load a lot slower if the page contains a lot of content, and is being viewed with a slow Internet connection.

With the above said, I think this is the perfect opportunity for me to pimp out Macromedia Dreamweaver (http://www.dreamweaver.com/) and Macromedia Dreamweaver UltraDev (http://www.ultradev.com/), the best WYSIWYG webpage editors on the face of the earth. Both create clean, perfect HTML which will work on any browser, without any browser-specific proprietary garbage. If you do use it to include proprietary stuff, not only must it be done manually (so you're the only one to blame for it,) but in most cases it'll warn you that you're about to add proprietary code to your page (if you click "Yes" when it asks you "Are you sure," then you're just an idiot.)

Originally posted by BDA7DD
Which is why you use Opera (http://www.opera.com/). If any web pages don't show up properly in Opera, it's because they've probably got a stupid, lazy, uninformed webmaster who uses proprietary, browser-specific HTML code. Studies show that Opera 6 is actually MORE standards-compliant and compatible that Internet Explorer 6.

Note that if a page doesn't show up properly, the page uses DHTML, CSS or scripting properties and/or functions that non-IE browsers don't support. There are no Internet Explorer specific HTML tags that I know of.

Originally posted by baafie

Note that if a page doesn't show up properly, the page uses DHTML, CSS or scripting properties and/or functions that non-IE browsers don't support. There are no Internet Explorer specific HTML tags that I know of.

The marquee tag is one of them...

Also Microsoft have introduced many non-standard HTML tags over the years that have been adopted by other browsers to maintain compatibility with web pages.

Originally posted by baafie
Note that if a page doesn't show up properly, the page uses DHTML, CSS or scripting properties and/or functions that non-IE browsers don't support. There are no Internet Explorer specific HTML tags that I know of.

Opera has more CSS and DHTML support and compliancy than Internet Explorer. There are specific CSS and DHTML tags which are proprietary to Internet Explorer, however, so that may be the reason if you encounter a CSS or DHTML compatibility error in Opera. But it terms of complaince with open-industry, W3C-approved web standards, Opera runs laps around Internet Explorer hands down.

Originally posted by c2R
The marquee tag is one of them...

So are CSS font filters, such as glow, dropshadow and xray. Again, my point about how Microsoft has made proprietary tags in CSS. If they can make proprietary tags for HTML, it's just as easy for them to do so with CSS and DHTML.

Originally posted by c2R
Also Microsoft have introduced many non-standard HTML tags over the years that have been adopted by other browsers to maintain compatibility with web pages.

Exactly. Also, the authors/companies which make those browsers that support IE-specific functions have to pay Microsoft for the licence to use those specific functions if those features are protected by some sort of patent, and quite frankly I think that's just plain greedy. If my web browser doesn't support an IE-specific feature, I don't blame the creators of the browser, I blame Micrsoft. Browser authors shouldn't have to pay for the right to include support for a proprietary feature anyway. Besides, a lot of those IE-specific, proprietary features are either just plain annoying and useless (marquees and glowing text,) or horrible security vulnerabilities (ActiveX, VBScript and WSH embedding.) I'm glad that Opera doesn't support proprietary non-standards. I think it's better that way, personally.

Besides, Opera doesn't just have Internet Explorer beat in terms of open standards compliancy, but it's also got Internet Explorer beat in terms of innovative and useful features as well.

First of all, I've become hooked on mouse gestures. For those of you who have been using mice with scroll wheels for a long time, you probably know the feeling when you're using a mouse without a wheel (such as at a friend's house,) and you keep instinctively reaching between the left and right mouse buttons for a wheel, only to not find one there, don't you? Well, it's the exact same feeling you get once you're hooked on mouse gestures.

Secondly, the F12 menu. All you gotta do is hit F12 and menu will pop up which'll let you enable, disable and change certain key features. Either click the menu item or hit its keyboard shortcut (which I recommend) after hitting F12 and the settings will automatically apply. Then just reload the page if necessary. (EDIT) I was going to attach a screenshot of it to this message, but unfortunately I'm a dumb idiot and forgot to attach the damn thing before submitting this post. It's attached to the message below this one... *krrgh*

Last but not least, the "G" key. Just tap "G" on your keyboard to enable and disable graphics. This is a god send if you're stuck on a dialup connection like I used to be. If you want to see the graphics on the page you're viewing, just hit Shift+G to load them up without having to refresh the entire page.

All in all, Opera reigns superior over every other web browser out there. It's available for Windows, Macintosh, Linux/Solaris, BeOS, OS/2, QNX and Symbian, so go get it now. http://www.opera.com/

Crap, I forgot to attach that file... oh well, here it is:

i know, you should get the patch! those bastard from ms suck. like really! they have enough more to put out a more securer explorer than the ones those monkies are putting out right now

opera's so cute, especially when my 50 or so bookmarks disappear without reason.

sheesh... why do i keep windows on this hd, every time i boot i need another 12 patches...

If it wasn't for the fact that IE loads a lot faster then Netscape 6.2.3 then I would use netscape (as I used to, but really stared to be downed out by the loading tmes). I am a pure Netscape fan, it deals with web pages a lot better then IE does, Java WORKS! and, and, there aren't as many holds in it (yes, there is a few, but you know compared to the 700 tillion that IE has....). Also Netscape looks better!

But damn IE/OS intergration!!!

Yeah, I used to have mozilla on my computer as well, and used quick launch when I had both netscape. I'm just waiting for the official public release so that I don't have to check it every five days. Also mozilla loads of a lot faster than netscape even without quick launch.

Originally posted by Sawg 2.0
Ditch Netscape 6 and get Mozilla. You do not have to put up with all the commercial crap AOL adds to Netscape. And it is updated faster.

Yes, definitely get Mozilla if you love Netscape too much to switch over to Opera. Both Mozilla and Opera are great browsers, but I'm personally an Opera fan (like I need to tell you guys that.)

Originally posted by Sawg 2.0
Edit > Preferences > Advanced > CHECK "Enable Quick Launch"

Quick Launch is just a useless resource hog. I suggest keeping it disabled unless you can't handle waiting 2.5 seconds for it to start up.

Originally posted by Aeroe
opera's so cute, especially when my 50 or so bookmarks disappear without reason.

Are you speaking from personal experience, or are you just reciting some rumour you heard from a friend of a friend? I've never had something like that happen to me in all the years I've been using Opera, so my best guess is that you either screwed something up yourself, or that you're just plain lying.

Actually, every time I start up my computer, Opera's settings are reset. :confused:
/me awaits the next Opera version..

nope no joke, i closed opera and a little later re-opened it to see all my bookmarks were gone... no crash or anything.
i bookmarked a page where i was to buy something.
http://mp3playerstore.com/buy_it_now__/soul-2.htm
heh the cd/mp3 player is sexy.

but the interesting thing it was still in my history, along with the bookmarked pages. it's v6.02.1101.

Originally posted by baafie
/me awaits the next Opera version..

Well don't just sit there with your thumb up your ass, submit a bug report, damn it! Geez, you complain about these problems but do nothing to try and solve them? What's with you people anyway? They won't know if the problems are there if nobody speaks up about them! If they don't know about the problems, they can't fix them, because as far as they're concerned at the moment, those problems don't exist!

http://www.opera.com/support/bugs/ <-- Submit your Opera bug reports here.

hmmm you need a beer kid.

As long as it's Canadian beer (none of that cheap American piss,) toss me a bottle, lassie!

Hey, HEY!!!! No dissing on my American beer... so what it's water, it has it's uses!!!

Yeah as I said, I'll switch to Mozilla soon (even though it is really Netscape but anyway).

Oh btw, for you people in the know, there are a lot of other programs that use the IE base, such as Morpheus, MusicMatch (ack, I mentioned another mp3 player aside from winamp... forgive me gods, fooooorgive meeee), AOL, etc. So it will be in your best interests even if you don't have IE as your base browser to upgrade it.

Originally posted by BDA7DD


Well don't just sit there with your thumb up your ass, submit a bug report, damn it! Geez, you complain about these problems but do nothing to try and solve them? What's with you people anyway? They won't know if the problems are there if nobody speaks up about them! If they don't know about the problems, they can't fix them, because as far as they're concerned at the moment, those problems don't exist!

http://www.opera.com/support/bugs/ <-- Submit your Opera bug reports here.

I was rather busy when I first noticed it. I will look into it when I have more time available.

A new IE security hole involving the gopher protocol has been discovered by Oy Online Solutions (http://www.solutions.fi/index.cgi/news_2002_06_04), and reported on Yahoo (http://biz.yahoo.com/ap/020604/microsoft_security_flaw_1.html). This bug would allow a hacker to craft a gopher link to r00t your machine when the link is clicked.

Microsoft hasn't formally acknowledged this bug.

The gopher protocol is an antique predecessor of HTTP, the protocol behind the World Wide Web. You're not very likely to come across it nowadays. Nevertheless let's hope a security patch will be released soon.

Originally posted by BDA7DD
Canadian

Figures :rolleyes:

ps. griff, keep up the good work :-) Your frequent heads-up are much appreciated.

The official BugTraq mail (http://online.securityfocus.com/archive/1/275344/2002-06-03/2002-06-09/0) on this exploit has a lot more details for the technically inclined.

The BugTraq mail also offers a temporary solution until the official patch is released:Internet Explorer users can protect themselves from the flaw by disabling the gopher protocol. Barely any gopher servers exist on the Internet today, so this is unlikely to cause problems. If needed, a gopher client or some other web browser can be used to access the gopherspace.

An easy way to disable processing and displaying gopher pages is to define a non-functional gopher proxy in Internet Options. Select Tools -> Internet options -> Connections. Click on "LAN settings". Check "Use a proxy server for your LAN". Click on "Advanced...". Here you can define proxy servers to be used with different protocols. Go to the Gopher text field and enter "localhost", and "1" in the port text field. This will stop Internet Explorer from fetching any gopher documents.

After installing the patch from Microsoft you can remove these gopher proxy settings (or restore them to values they had before).

tiki?

Microsoft has formally acknowledged the Gopher exploit in its Security Bulletin MS02-027 (http://www.microsoft.com/technet/security/bulletin/MS02-027.asp). Patches are still "under development", though.

A new vulnerability regarding SSL (for secure HTTP sessions, usually used when you shop online or sign up to something with personal information) has been reported, but Microsoft has not yet acknowledged the issue.

In short: IE's handling of intermediate SSL certificates is flawed. This allows man-in-the-middle attacks, i.e. a bad guy intercepting your SSL traffic to, say, www.amazon.com, posing as the Amazon server (your IE should warn you about "invalid SSL certificates" at this point but an implementation flaw causes it to just silently go ahead and talk to the spoofed server).

BugTraq mail by original discoverer (http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2)
The Register's take on the matter (http://www.theregister.co.uk/content/4/26620.html)

Temporary countermeasure? Don't shop on the net, I guess. :igor: Or just give up and be assimilated -- As Scott McNealy, Sun's CEO, once put it (http://www.wired.com/news/politics/0,1283,17538,00.html), "You have zero privacy anyway... Get over it."

or use fake credit card details :p

... or use a better browser!

Microsoft has released a TechNet article (http://www.microsoft.com/technet/security/news/IARWSV.asp) acknowledging the SSL flaw. They assert that exploiting the flaw is difficult, but will nevertheless develop a patch to eliminate it.

why patch when you can go download mozilla :)

or opera ;)

(edit) and later uninstall ie (http://www.98lite.net) (/edit)

Originally posted by griffinn

Example #3: KPMG (http://www.kpmg.com/)'s corporate site. Again, probably caused by bad CSS support in Netscape.

That is totally untrue. Netscape 6+ is based on Mozilla (http://www.mozilla.org/). And W3C (http://www.w3.org/) has previously stated that Mozilla has the *best* CSS support of all browsers. So it is actually crappy code that makes sites look bad, not Netscape.

Secondly I will urge you not to use Netscape, but use Mozilla instead.
Netscape 6.2.3 is based on Mozilla 0.9.4 which is over a year old now, while Mozilla 1.1 is probably going to be out if not today, then next week.

Netscape 7.0_PR1 (ftp://ftp.netscape.com/pub/netscape7/english/) is based on Mozilla 0.9.9 and whenever Netscape 7.0 comes out it probably will be based on Mozilla 1.0. But Mozilla 1.1 is quite a step forward featurewise compared to 1.0, so I still do recommend it instead.

The way around slow (though it is much faster now comparing to 0.9.4) startup time is simple and the same as IE uses - never close it. ;) But then again, I'm connected to the net 24/7 and I don't mind it hanging 24/7 in my taskbar. Maybe you are different. :)

Why do I prefer using it to anything else? Security, power, flexibility and outstanding standards support which is enough to make you orgasm.

IE and Outlook Express are nothing but virus installation programs. :D

And IE web standards support right now is the *worst* of all browsers. (Except for IE for MacOS which deserves much respect)

Originally posted by Delicates
Secondly I will urge you not to use Netscape, but use Mozilla instead.

I whole heartedly agree with this sentiment. I made the switch from Opera to Mozilla not too long ago, and I must say that I am in love with Mozilla. Many web pages which Opera couldn't handle were rendered PERFECTLY in Mozilla. Also, there isn't much third-party support for Opera in the way of plugins and such, where with Mozilla there are tons of plugins and other add-on features available for download, since plugins are developed both natively for Mozilla and for Netscape (which are compatible with Mozilla 99.9% of the time.)

The thing I also hate about Netscape is the bloat of it all. Mozilla has no bloat at all (with the exception of Composer, which is useless and unfortunately integrated,) where Netscape wants you to install AIM and all other sorts of AOL middleware crap. Netscape is basically just a cheap, effortless hack of a web browser. The people at Netscape just take Mozilla, load a bunch of crap onto it and call it a new web browser. Well, screw them. Mozilla is the real deal, my friends.

Originally posted by Delicates
Mozilla 1.1 is quite a step forward featurewise compared to 1.0

Damn straight. Especially the download manager and improved JavaScript filtering features. Gotta love Mozilla's built-in popup killer! :D

Originally posted by Delicates
The way around slow (though it is much faster now comparing to 0.9.4) startup time is simple and the same as IE uses - never close it. ;)

Actually, just enable Quick Launch. It allows Mozilla to sit in your system tray when you're not using it. Needless to say, it does hog up resources, so only use it if you feel it's necessary.

Originally posted by Delicates
Why do I prefer using it to anything else? Security, power, flexibility and outstanding standards support which is enough to make you orgasm.

The security is amazing. Unlike IE which will allow web-based viruses to load themselves stealthily onto your system, Mozilla doesn't do anything without your prior consent. Mozilla is also a lot better than Internet Explorer when it comes to secure HTTP layers such as SSH and TLS due to its superior standards compliancy.

The power is mind-boggling. The JavaScript filtering is a feature which no browser should be without, a feature which allows you to prevent annoying things like popup windows and status bar scrollers from rearing their ugly faces with the click of a mouse button. The cookie control is also to die for. I always set Mozilla to only accept first-party cookies, and only accept them if it has my prior consent. If Mozilla comes across a cookie it hasn't seen before, it asks me if it's okay or not to accept it, and it remembers my decision for the next time. The power of Mozilla can all be summed up in one word: CONTROL. When you're using Mozilla, YOU are in control of your browser, not the other way around like it is with Internet Explorer.

As for standards complaincy... go and see for yourself why it kicks seven shades of ass: http://www.mozilla.org/start/1.0/demos.html

Originally posted by Delicates
And IE web standards support right now is the *worst* of all browsers.

The funniest part of that is how Microsoft completely denies the fact that Internet Explorer has such crappy standards support. They claim it to have full CSS1 and CSS2 support... LIES. Internet Explorer 6.0 does not have full support at all for CSS1 both and CSS2. As a matter of fact, all it has is core CSS1 and CSS2 support. That's CORE, not FULL. Learn the difference, Microsoft. The core of CSS1 and CSS2 are basically the "bare essentials," extremely small and limited parts of the entire specifications.

Oh, and how the hell can Microsoft claim to support open standards when they STILL haven't ditched support for the <MARQUEE> tag in Internet Explorer? At least Mozilla did the right thing when they said goodbye to the <BLINK> tag. God, I hated that damn thing.

Originally posted by BDA7DD
The funniest part of that is how Microsoft completely denies the fact that Internet Explorer has such crappy standards support. They claim it to have full CSS1 and CSS2 support... LIES. Internet Explorer 6.0 does not have full support at all for CSS1 both and CSS2. As a matter of fact, all it has is core CSS1 and CSS2 support. That's CORE, not FULL. Learn the difference, Microsoft. The core of CSS1 and CSS2 are basically the "bare essentials," extremely small and limited parts of the entire specifications.


Actually they never claimed to have full support for CSS1 and CSS2. The IE 6.0 was a milestone release for them because it (finally) had full CSS1 support.
They never claimed to support CSS2. IE supports just a little of CSS2. Mozilla on the other hand has full support for CSS1, CSS2 *and* a lot of CSS3 (http://www.w3.org/Style/CSS/current-work) which is currently in the Last Call Draft state.

However, the shameless claims by Microsoft that IE supports XHTML, is the funny thing here (everyone remembers the hillarious MSN incident). Not only IE does not recognise XHTML MIME type, but it also spews an error in XHTML DTD when parsed as text/xml!!! Basically it has *no* XHTML support at all!!! Shame, shame, shame.

Mozilla on the other hand supports XHTML brilliantly. It also has native support for many wonderful and powerfull standards (like MathML and MNG images), for which you need 3rd party plugins with other browsers.

The Unicode support is brilliant. You can check it at UTF-8 Sampler (http://www.columbia.edu/kermit/utf8.html). IE fails to display most of it miserably. While if *any* font on your system has a needed character, Mozilla *will* find it and display it.

IE reign on the browser market is basically coming to an end. AOL is releasing both AOL 7 and Compuserve 7 based on Gecko engine (Mozilla) instead of IE. This is the muscle that brings wonders of Mozilla to millions and millions of Internet users. The same muscle that one day launched IE to where it is now. And the muscle that will urge webmasters to fix their broken code that works with IE and nothing else.

Update on the SSL flaw: The flaw is in Windows (http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73507,00.html), not IE. The upcoming patch will therefore be applied to Windows 98, ME, NT, 2000 and XP.

Would be cool if you kept an unpatched holes count with your every post. That is how many holes in IE there currently are with no patches available to fix them.

Last time I heard someone do such count I think there was 14 security holes in it with no patches available. :D

Mozilla had a security hole once, and it got patched up within 24 hours. :up:

There is already such a list somewhere (http://www.pivx.com/larholm/unpatched/).

I can't seem to locate a similar list for Mozilla, Opera, Galeon, K-Meleon etc. The simplistic theory is that they simply don't have security holes to keep a list for. But an equally valid alternative theory is they're just nowhere used as much as Internet Explorer, so the potential publicity you get for uncovering bugs in them is not as great.

To all you people who are saying IE is not secure, okay, maybe it isn't the most well tested creation in the world, this I concede. However, only Internet Explorer has a decent patch system where users can download single libraries, instead of entire new releases to fix these flaws.

For all of the Netscape supporters out there, NS6 has a horrible load time, bad CSS, and is remotely exploitable (see GreyMagic's advisory on the XmlHttpRequest vulnerability here (www.greymagic.com) before you say NS6 is secure.

And for the Opera voices out there, have you already forgotten about the cross-frame scripting vulnerability (www.guninski.com/opera1-desc.html) discovered by Georgi Guninski in Opera 5, or the automatic file upload vulnerability (http://sec.greymagic.com/adv/gm001-op/)in Opera 6 (which Opera released an entire new version to patch btw), or the OpenSSL buffer overflow in all versions of Opera to date (which Opera plan to release a new version for, AGAIN).

And, as for the IE-specific technology crap -- Microsoft cannot patent data between angle brackets, and still expect developers to use it in HTML pages, let alone charge for such technologies to be used by other developers.
And, remember how I said Netscape had bad CSS? Opera's CSS support is next to nil, and there are numerous bugs in the Opera CSS implementation as is. Further, Opera cannot support relative references (that is, operations with a property or method on the SET side of the operand) like ALL of its competitors can. A simple:

<script>
document.scripts.item(0).text = document.scripts.item(0).text;
</script>

will demonstrate this. This means Opera gives no ability to set object values, and I'm damn sure I read that in the W3C JavaScript standards...

And, as for the folks who are saying "x had a security hole once, but they patched it in bla" -- bull. Mozilla didn't patch the XmlHttpRequest hole for weeks, and Netscape were even more sluggish. Further, Opera still hasn't patched the weeks-old OpenSSL overflow.

The reason we hear of long waits on MS security patches is both because of the very large number of systems that *each patch* must be tested on, and because security "experts" feel they can gain a quick 15 minutes of fame by making MS look bad -- after all, they're products are more than twice as widely used as all of their competitors' combined...

Unpatched IE vulnerabilities is here (http://pivx.com/larholm/unpatched)

But, the same developer has been an equally vocal critic of Netscape in response to their horrendous handling of the XmlHttpRequest vulnerability.

Originally posted by griffinn
There is already such a list somewhere (http://www.pivx.com/larholm/unpatched/).

Thanks a lot! :)

Originally posted by NetAddict
And, remember how I said Netscape had bad CSS? Opera's CSS support is next to nil, and there are numerous bugs in the Opera CSS implementation as is.


That is some of the most ignorant and uninformed statements I have ever read.

Originally posted by NetAddict
And, as for the folks who are saying "x had a security hole once, but they patched it in bla" -- bull. Mozilla didn't patch the XmlHttpRequest hole for weeks, and Netscape were even more sluggish.
...
Unpatched IE vulnerabilities is here (http://pivx.com/larholm/unpatched)

But, the same developer has been an equally vocal critic of Netscape in response to their horrendous handling of the XmlHttpRequest vulnerability.

Even the page (http://www.pivx.com/larholm/unpatched/N050502-01.html) you are reffering to says that Mozilla patched that vulnerability within 24 hours. Also note that it was even patched prior to Mozilla 1.0 release.

At the moment, since Mozilla 1.0 release there was *no* known security vulnerabilities. While IE has 23 (http://www.pivx.com/larholm/unpatched/) still *unpatched*.

Let me also point out once again that we here recommend using Mozilla, not Netscape, which are 2 different things.

You know, I'm starting to think that the "safety" and "security" provided by using an alternative browser (ie. not Internet Explorer) may have something else to do with it entirely. You see, the security experts and so-called "white-hat hackers" look for these security holes, root them out and report them. That's their job. However, it is also their job to find out the most important holes in the more popular software so that they can reach the masses quicker and help protect them.

Internet Explorer is arguably the most popular and the most used web browser in the world today. It comes preloaded and integrated with every Windows PC since Windows 98, and many people use Internet Explorer either out of ignorance that other browsers exist, or just that they don't want to be bothered with downloading and installing another web browser when they already have one.

With this said, the many parties involved with browser security will target Internet Explorer FIRST before trying to find any vulnerabilities in other browsers, simply because a security hole discovered and patched for Internet Explorer will help a hell of a lot more people than one for Mozilla or Opera or what have you.

This probably also applies to many other types of software. E-mail clients, for example. Outlook Express is apparantly the most "insecure" e-mail client out there. However, did it ever dawn on you that maybe that's because not too many people -- comparitively speaking -- could be bothered with probing Pegasus Mail, Eudora Pro and IncrediMail for security holes? Then again, the security holes in Outlook Express could also be on account of it being so tightly dependant on Internet Explorer, since it shares Internet Explorer's security settings and renders HTML messages with Internet Explorer, but that just takes us right back to my point about Internet Explorer being the top-priority browser for security experts and white-hat hackers.

For all we know, there could be tons of security holes out there for every browser. Internet Explorer, Mozilla, Netscape, Opera, K-Meleon, Galeon, Konquerer, you name it. The difference is that there are more people dedicated to finding holes in Internet Explorer than the other browsers. Metaphorically speaking, if there's a security hole in Mozilla, but nobody has yet discovered it, does it really exist at all?

Originally posted by Delicates
Let me also point out once again that we here recommend using Mozilla, not Netscape, which are 2 different things.

This deserves repeating for those of you who STILL DON'T FUCKING GET IT. Netscape is NOT Mozilla. Mozilla is NOT Netscape. GET IT THROUGH YOUR HEADS.

Microsoft has released a cumulative patch for IE 5.x and 6.0 (http://www.microsoft.com/technet/security/bulletin/MS02-047.asp). You can either download (http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp) the patch then install it manually or obtain it through Windows Update (http://windowsupdate.microsoft.com/).

This patch fixes the usual stuff involving <object> tags, ActiveX controls, cross-site scripting, and redirects, plus the Gopher bug (http://www.microsoft.com/technet/security/bulletin/MS02-027.asp) that was reported in this thread 2 months ago(!).

Note that this patch does not contain a fix for the SSL implementation flaw discussed earlier. That fix is expected to be a Windows patch, not an IE one, because encryption services are implemented at the OS level and IE is merely a user of those services.

'Bout fucking time.

For all the people out there saying "Mozilla patched it in 24 hours", that is ridiculous. The vulnerability was hidden from the public eye for weeks, marked as "SECURITY-SENSITIVE" on Bugzilla.

btw the reason Microsoft have such "insecure" software is both because everybody targets them and because everybody wants to make MS look bad.

So-called "researchers" whose sole objective is to sell a product mis-represent the truth and make the wait from MS seem like it is MS' fault that they have thousands of different configurations to patch.

The reason MS has long patch times is because they have so many features that each patch has to work with.

Meanwhile, researchers continue to bash MS because it is "accepted" in the community to do so, and more people read their .sig of "Developer of..." when scrambling to patch as opposed to skimming through the article.

I'd just like to say: with the ad blocker in Opera, that seems nice,
but I downloaded it and uninstalled 5 mins later: it has ads, full screen has no scroll bars (why would you not want scroll bars?) and I use adshield with ie, works even better, even blocks winamps ads...

its like netscape 4: the damned things can't be moved up, I use a small screen, alls I see is about this much with everything turned off:
1
2
3
4
5
6
7
8
9

thats how much space I see.

I'd advise going to http://adshield.org then go to google, find a decent hosts file and ad it to the block list. It turns off POPUPS. And you can turn it off, on, maintain block list with a right click...

I've been using IE since 3. To be honest I liked the look 3 had, but grew on 5.

Netscape was good in what? '93? Turned gay in 97+, (its hard to download the damned browser in the first place, smart update? just give me the fuckin link).

Now mozilla.... heard it was lovely... BUT I CAN'T USE THE STUPID INSTALLER....

So, I am download the zip, hopefully thats the same thing...????

I like the lil' dragon lizard thingy :-) and I just seen the default browser thing... I prefer IE. I don't wanna be pestered, does this turn off?

Mozilla gives me a flash back of netscape but a bit more speed :-)

IT MINIMIZES THE WINDOWS YAY... lol

Loads fast...

This one is the best alternative...
its free...
no ads
did I mention free?
And its like 2000000000 thousand times better than the rip off netscape copy cat garbadge...

It looks better anyway...

but yeah, about IE being pre installed, yah... most used... yah... and I feel IE isn't that bad... its great, does what it does, and deal with the troubles...

And Mozilla has a web developer option? SWEET. Image blocker, cookie blocker... sweet... (but I have the image, zoom in zoom out, etc from 3rd party things with IE, try the open frame in new window with IE, bet you can't do it :-) I CAN lol)

To be honest, I'd have to say the best alternative to IE is Well Mozilla... no 3rd party garbadge, "NETSCAPE" THE WAY IT SHOULD BE (YES I KNOW ITS NOT THE SAME, BUT IT LOOKS LIKE YAH KNOW 4 OR WHATEVER) Yeah, and it doesn't crash and slow down my computer like Opera. And note: I downloaded it all today.

Oh and on a side note: full screen mode works...

So forget paying 40 bucks for an ad free crap Opera, and try mozilla today...

This is my first impressions from using the browsers for 5 mins...

They work great, but Mozilla is the best alternative, decide for yer self,

and btw, the IE updates, I was vunerable to like that FTP thing... thanks for the updates, didn't know winamp had this type of info in the forums, and I've been using winamp for yrs... since like 99... I think...

(I am a 15 yr old kid, not wanting to buy a freakin browser, and not wanting garbadge either, I am a power user that hates ads, I hate pop ups, and I love zoom in zoom out, ad picture to block list, ad page to block list etc. I hate CRAP. So try what you want, this is a great place to learn new things... like IE having so many holes EEKK, and btw its 16 now, not 24 or whatever...) And dreamweaver is to RESOURCE HUNGRY to use... I'd rather code by hand. (FRONT PAGE is crap for those of you wanting to try it)

But thats all in preferences.

Keep the updates coming, and good luck with browser updates and likes and dislikes..


Jaz :D



:blah: :blah:

The hosts file works with Mozilla too....


God I love this world....



Jaz :D


:blah: :blah:

Did you just say Opera slows down your computer?

I didn't know anyone still used 386's.

I have a 386 computer with win95, and I have a 366!!!! PROCESSOR with ME. And if yer referring to me, no it doesn't slow it down, its just crap. Opera sucks, use IE, or maybe Mozilla.

Read before you post, 366 is not 386, a big difference...

if not for me, then DAHHH WHAT?


Jaz :D

Hey, this forum works like HTML? Sweet...

so would make it go in OH yeah... (I never use options with this :-) SWEETTT...

I found a new bad habit....

Actually I meant a 386 cos you must have a really lame computer if Opera is slow for you. (Opera being the least resource intensive of all the browsers by far).

Like I said before, read before you post, I never said it was slow,
just that it was GARBADGE, and by the way

256MB RAM, with an empty slow for more :-)
366 Intel Celeron Processor,
X86 Based System,
with a 5 GB drive and a 2 GB, slave
With 3 CD rom drive holders, 2 floppy drive holders.

I doubt its that bad. This was top of the line '4 yrs ago' :D Most newer-ish computers have less ram than that, this computer works fine. Opera isn't slow, its like any other browser, except its crap, and has ADS!!!!!

And yes, there is better are more costly computers, but I'm 15, how am I to afford a brand new computer with a 1.2 GHERTS Anthon or Duron processor... Think... THINK... :)

Come on now
:D :blah:


Jaz :D

Originally posted by Jaz
To be honest, I'd have to say the best alternative to IE is Well Mozilla... no 3rd party garbadge, "NETSCAPE" THE WAY IT SHOULD BE (YES I KNOW ITS NOT THE SAME, BUT IT LOOKS LIKE YAH KNOW 4 OR WHATEVER) Yeah, and it doesn't crash and slow down my computer like Opera. And note: I downloaded it all today.


*shrugs*

and with the lil thingy about crashing, it only does that with, lets see, mozilla, ie, winamp, aol, and tons of other things opened, how come it becomes so shitty with nothing left? I try to download stuff from it, it messes up, I try to go to an enhanced site, it messes up,
tripod sites, sure, if it can't handle the stuff I want to display, and it crashes (crashes, hmm, my system doesn't stop responding, my computer doesn't restart, it becomes shitty :-) )BECAUSE OF THAT, thats slow, and shitty, but no it doesn't slow my COMPUTER down literally. Learn me, know me, and don't patronize me for who I am... :-), if you notice, most people aren't power users, are you one with yer 2000 dolla computer and preppy clothes :-) (just playin, I dunno)

Anyways, New Subject, I'm not replying to this anymore,

Opera Sucks, even if its the best for hand helds,
it costs money, and not all want to pay for a browser that doesn't support the non-things, and its not supported for small viewed screens (trust me), and you can't get rid of the things (bars) like in netscape, mozilla, and IE. Live and learn, then you stick with what you like.

So no more on what I say, and just use what you like, you like downloading new browsers when you got dialup, can't use things like GO!ZILLA (even if it is spyware), and the like? But you have a decent one installed ALREADY, most peeps are lazy, I take care of the computers in the house, win95! win98! winME! YAY... And by the way, winamp 2.72 works in a 33 MHERTS enviroment, just, uh not that well :)

I may be wrong with what I say, or what others think, but I feel IE is the best out there, with Mozilla second in line. And this is a good place for updates too :)

Jaz :blah: :cry: :weird: :igor: :o :eek: :winamp: :winamp: :winamp: :winamp: :winamp: :winamp: Winamp User for life :-)

BTW, to get scrollbars in fullscreen mode, press Ctrl+F7

Mozilla 1.1 (http://www.mozilla.org/releases/) is out.

By the way apart from Image Blocking, Mozilla has popup windows blocking, status bar link text blocking, and so on...

You want add-ons for Mozilla? Sure! Knock yourself out (http://www.mozdev.org/)! Over 80 projects. Skins and everything.

Especially I recommend checking out Optimoz. It's Mouse Gestures and Pie Menus should blow you away. :D

And if Mozilla's built-in tabbed browsing support is not enough for you, there's always MultiZilla. ;)

I'm not sure if all these projects will work with new sizzling-hot 1.1 release though. They might require 1.0

EDIT: Crap, beaten to it.

Microsoft has issued a patch to fix an exploit that would allow a malicious website or HTML mail to wipe out your cryptographic certificates (used for SSL web transfer and S/MIME e-mails). Details are here:
http://www.microsoft.com/technet/security/bulletin/ms02-048.asp

Windows 98/ME/NT4/2000/XP are all affected. You can download a patch for your version of Windows from the link above. It should also be available from Windows Update shortly.

This one is actually a Windows patch, because (as previously mentioned) cryptographic functions areimplemented in Windows and IE is a mere user of those functions. However I cover it here nonetheless because IE is tightly coupled with the cryptographic functions in Windows.

Thanks, Griff. Keep up the good work, it's appreciated.

SO THATS HOW YOU GET SCROLL BARS IN FULL SCREEN. Do you have to do that everytime you get full screen?

I dunno, but thanks, don't see why they assume EVERY person has that scroll on their mouse... Its costs extra and we have to replace our mouse every 2-4 yrs anyway.

Yeah, about the 80+ projects for mozilla, isn't it true there is only like 8 skins?

But the Tiny skin is sweet :-)

Oh well, thanks for the 411!!! MUHAHAHA


Jaz :D :winamp: Winamp User For Life

Optimoz is cool.... Try it, the dude knows what he is talking about, this makes me love Mozilla even more...

But IE is still for me...

For now :D




Jaz :D :winamp: Winamp User For Life

Originally posted by Jaz
don't see why they assume EVERY person has that scroll on their mouse...

I think what they're assuming is that every person has arrow keys on their keyboards. I could be wrong, though. :rolleyes:

Originally posted by Jaz
isn't it true there is only like 8 skins?

LIES.

http://mozilla.deskmod.com/?show=showcat&cat_name=mozilla
http://www.mozdev.org/redirect/themes/
(There are some on DeviantArt (http://www.deviantart.com/), but the link to the Mozilla skins section is broken for some reason.)

I love doing that :D

Yeah, but that wastes time with the key board... its the MOUSE DAMN IT lol. (Shift and Space kick ass too :) TRY IT!)

YAY! DIRECT LINKS TO THEM DAMN IT! I only managed to find like 20 on my own, (to lazy...)

And on assuming, they assumned EVERYBODY used the keyboard to go up down left and right. Thats to slow and not precise enough (SPACE AND SHIFT BABY). I wasn't thinking of the keyboard cuz who the hell in their right mind wouldn't use the damned bars to go up and down? I use a tribrid of options. Keyboard, MOUSEEEEEE, and space (Well this is Keyboard2). But I rarely use anything other than mouse. They assume to much, and its not custimizable to my needs... I don't want to look up how to make the bars appear, I don't want to have to pay for it to have a decent view on the screen. There're a cheap company trying to jip people into buying its decent payed software. Its good for some things, just not for me :-) HEH...

But Mozilla is FINE. Nothing stupid :-). Its slower than IE, on this computer, but barely noticeable. Operas fine for those of you who like it. :-)

http://themes.mozdev.org/ this site only has 16 anyways.

http://mozilla.deskmod.com/?show=sh...at_name=mozilla

what about that site? You gotta log on to get em? or just search? I can't find them in a few mins. Isn't this the site with 8! GRRR..

Im still searching that fuckin deviant site... its a bullshit site too. Im not much of a skinner, but come on, at least I got a msn lookalike for yahoo .... lol

I dunno, seems like decent sites, go there for the skins they got, Im short on time, so its not easy to speed search with ease. Nice looks, perfect for skins,

and yes, if your not into the damned things, no one would of found these sites easily, I only found the second one, then the top one later after I posted, so they expect people to be into them. Thats an OUCHY on my part, but thats me,

perfect sites for mods, skins, etc for anything, and everything.

Jaz :D :winamp: Winamp User For Life

Originally posted by Jaz
Its slower than IE, on this computer, but barely noticeable.

You may want to enable "Quick Launch". Just to warn you, it does take up a bit of memory, but if you have a lot of that to spare then by all means enable it. Click on the Advanced options in Mozilla's preferences and choose "Keep Mozilla in memory to improve startup performance." By doing this, Mozilla will start up just as quickly as Internet Explorer, if not quicker. You even get a neat little Mozilla tray icon. :)

Originally posted by Jaz
http://themes.mozdev.org/ this site only has 16 anyways.

16 good ones, that is. Sky Pilot is my personal favourite, and is the theme I'm using right now as I post this. Try it out, I'm sure you'll love it. Other good ones to try are Orbit Retro and LCARStrek (if you're a Trekkie like me, you'll adore that last one.)

Originally posted by Jaz
http://mozilla.deskmod.com/?show=sh...at_name=mozilla

what about that site? You gotta log on to get em? or just search?

???

I've never had to log into anything to get themes from this site. There's a link on every theme listed there that says "Install". It's at the bottom of every theme description, next to a link that says "Large View". Just click those links to install your themes.

Originally posted by Jaz
Im still searching that fuckin deviant site... its a bullshit site too.

You DID NOT just call DeviantArt a "bullshit site." Repent, sinner!

Originally posted by Jaz
and yes, if your not into the damned things, no one would of found these sites easily

I'm guessing you've never clicked the "Get New Themes" button in the Appearance -> Themes section of the Mozilla preferences. If you did, you'd have seen the first two links I posted. As for DeviantArt, it's pretty much assumed that any skin fanatic knows about that site ;).

Hmm, I remember reading news somewhere that AOL plans to make the software they use to intergrate better with Netscape. Any truth to it?I knows it seems obvious since Netscape is pratically AOL. Personally, I don't like it, though. Will this also affect software relations with IE?

Originally posted by Signal Box
Hmm, I remember reading news somewhere that AOL plans to make the software they use to intergrate better with Netscape. Any truth to it?

They're completely redesigning the AOL software so that the upcoming AOL 8.0 will be built on the Gecko rendering engine. That said, we can assume that the AOL browser which is integrated into the AOL software will be replaced with a modified version of Netscape, since Netscape is built on the Gecko rendering engine (as is Mozilla.)

This won't affect any other software, just the AOL software, so you don't need to worry about it screwing up anything else you have installed on your system. Even if you have Mozilla or Netscape already installed when you install AOL 8.0, it still won't be affected, since those are external applications and are not integrated with the AOL software.

Microsoft has released a patch for Windows NT 4.0 and XP (but not yet for 98/ME/2000) for the SSL certificate chain validation flaw reported here earlier.

TechNet article (http://www.microsoft.com/technet/security/bulletin/MS02-050.asp) about the flaw
Patch for Windows NT 4.0 (http://www.microsoft.com/ntserver/nts/downloads/critical/q328145/default.asp) and Windows XP (http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42562)

Originally posted by BDA7DD


They're completely redesigning the AOL software so that the upcoming AOL 8.0 will be built on the Gecko rendering engine. That said, we can assume that the AOL browser which is integrated into the AOL software will be replaced with a modified version of Netscape, since Netscape is built on the Gecko rendering engine (as is Mozilla.)

This won't affect any other software, just the AOL software, so you don't need to worry about it screwing up anything else you have installed on your system. Even if you have Mozilla or Netscape already installed when you install AOL 8.0, it still won't be affected, since those are external applications and are not integrated with the AOL software.

Thanks. Though I think it will be no improvement aesthetically if the look remains the same. I always use external browsers anyway.

Yep.

Thanks for the Information heh :-). And as for quick enable, I know of it, but I use Mozilla for Browser-FTP. Its the best for it. :-) And its only a second or so so the delay is not a problem. So a few 'uses' every couple days is no biggy.

Nah, not a theme fanatic. Just a user. I learned of Mozilla only a few months ago. Always disliked Netscape for some odd reason (who doesn't...)

AOL is crap, yet my parents still use it. Dynamic IP's seem nice... but Firewalls are fine, and you yeah. $26 US is it now to use AOL? We still use 5.0. They won't update to get rid of the bug where it dials twice. I'd rather use NetZero.

Oh and about the little sin, I was mad cuz I didn't feel like looking.
I repent!!!! Its a great site. Plenty of "crap" (thats a good thing) for all things. Deviant is great.

And I hate icons, desktop items, and the like. Winamp is sweet with None, and always on top. :-) Stays outta the way and still works great. Does '3' still have this option? I haven't had to much testing going on. Cuz clicking the playlist window to maxmize it to change the song is great, then minimize it to a bar to see song title. It doesn't block the 3 corner program buttons up top, nor the menus. So it works for me. Hopefully its still integrated in '3'.

And why doesn't classic change the playlist window in '3'? The light color hurts my eyes. I know its to be a new program, but others still like the FULL classic look. Such as me :D. So make the colors change, but keep the newish options, got it? But wrong place to post???

Yes I know of installing with the links in the mozilla website. I'm just new to the site. I was asking WHERE TO FIND THEM. Not how to download. But its pretty organized, and by the way, I use the wood theme and that one Small one? whats it called?:-).

Is AOL still giving away all those "free software" cds? Since we became a user, we don't recieve as MANY.


And with the Integration of the Modified Mozila (Netscape) with the Gecko engine in AOL, does that mean it will take longer to start up AOL? Just wondering.

Ever install IE from the aol cd? lol I hate that AOL icon where the windows icon should be, and America Online at the top of the <title>Title</title> bar with Microsoft Internet Explorer.

Is the 98/ME/2000 SSL update to come soon? Thanks for keeping us posted.

Thats all for now.

"Just cuz I'm wrong, doesn't mean your right." :-) Misquoted on purpose from somewhere.

Jaz :D :winamp: Winamp User For Life

Originally posted by Jaz
I learned of Mozilla only a few months ago. Always disliked Netscape for some odd reason (who doesn't...)

I'm confused by this. Are you referring to Netscape as being Mozilla, and vice versa? Because if so, you need to re-read this thread a few more times. Netscape is NOT Mozilla. If not, I apologize in advance for misinterpreting.

Originally posted by Jaz
AOL is crap

Come on man, that's just like saying "water is wet". It's just common knowledge that goes without saying. :D

Originally posted by Jaz
Dynamic IP's seem nice...

AOL is using dynamic IPs now? Last time I heard they were still having to use those AOL proxies since they had so many customers and not enough possible unique IP addresses on the entire Internet to give to everyone. Has this changed?

Originally posted by Jaz
Firewalls are fine

Exactly WHAT do firewalls have to do with AOL in particular? Don't tell me AOL has some brand new fancy pants integrated firewall feature, because if so, I'd be willing to bet my cock that it's got more holes in it than the contents of my sock drawer.

Originally posted by Jaz
by the way, I use the wood theme and that one Small one? whats it called?:-).

Wood theme? Excellent choice, sir. I am a fan of that as well. As for the small one... is it Pinball you are thinking of? Whatever it is, you can check the names of the themes you have installed by going into your preferences.

Once again, I strongly recommend Sky Pilot (http://themes.mozdev.org/skins/skypilot.html). It is my most favourite Mozilla theme at the moment. Very stylish and very "comfortable" (ie. the interface is actually USABLE, unlike a lot of others where everything is all over the place and the backgrounds blend in too much with the buttons.)

Originally posted by Jaz
And with the Integration of the Modified Mozila (Netscape) with the Gecko engine in AOL, does that mean it will take longer to start up AOL? Just wondering.

Not really. The AOL software still takes its time to load up now, because it loads all the other useless AOL crap and not just the AOL browser when you run it. Chances are it'll actually IMPROVE the startup time of the AOL software since the Gecko rendering engine is pretty damn fast.

You're probably still comparing the startup time of Mozilla to Internet Explorer, which is NOT a very intelligent comparison seeing as Internet Explorer is integrated into Windows 98 and above, and therefore is ALWAYS loaded into memory and ready to run. Mozilla loads itself into memory when you start it up and releases itself from memory when you close it down unless you use the Quick Launch feature. Just so you know, this is the proper right way for any program to behave, so it isn't a flaw in Mozilla. Wouldn't you hate it if every program you THOUGHT you closed or THOUGHT you never opened was running in the background, hogging up resources and lagging your system to a crawl? See what I mean?

Originally posted by Jaz
America Online at the top of the <title>Title</title> bar with Microsoft Internet Explorer.

Ha ha ha, I hate that too. That's what's known as "browser branding," and the only way to get rid of it is with a registry hack. Besides, why the fuck would you want to install IE from the AOL CD in the first place? It's already included in Windows 95 and up (fortunately for you Windows 95 users (yes, I'm talking to both of you,) IE is an optional component,) and you can easily upgrade to the latest version by going to Windows Update.

Originally posted by Jaz
Jaz :D :winamp: Winamp User For Life

You really should just put that in your sig. It'll save you the hassle of having to type it in every one of your posts, and it'll save us the hassle of having to trim your posts when we quote you.

GRRRRRRR. It said I learned of Mozlilla a few months ago. NOT NETSCAPE. I used Netscape in the early 90's. Netscape is a cheap rip off of the Gecko Engine thing. The same thing Mozilla uses. (Heres the break down, Netscape is using the Gecko Engine with the crap, ie: the stupid messenger thing, and Mozilla is using the gecko engine and is something else, made by... users!?!?! and doesn't have all that crap.) Thats correct, right?

Yep, that "AOL is crap" Is common Knowlodge.

With "Dynamic IP's seem nice... but Firewalls are fine, and you yeah.", it was just saying they are nice, then the rest. Shouldn't of been there :D Like a two thing sentence with "to be continued" a second thought, my mistake.

(I dunno if they have them or not, I didn't read the plan, they prolly have cheap proxys like you said) :D

I don't have a firewall WITH AOL, but I use outside ones, everyone knows AOL doesn't have one, or do they? :D.

Oh, well, I am a kid. Its not slow :-). And quick enable does improve it, and I know of backgroud running programs.

And, with my signature, I wasn't sure how to change it, cuz the original thing is something different, (new to winamp forums :eek: )

And that article is funny. :D From that one dude:
"We all suck." LOL.

AND SORRY FOR ANY STUPID WRONG INFORMATION!!!

Shouldn't be to much??

How do you change your profile, signature, and so on anyway? I just log in and post... Is it that 'My Control Panel' thing?

I'll figure it out.

Jaz (none of the other crap):igor:

OHHHH yeah.

Why would I install from an AOL cd anyway? I wonder... Lets see:

I have a PC in my room. An old Win95 OS.

It had 3.0 or something of IE.

I didn't have the Install disk.

To old to upgrade to ME, 98.

No internet connection, so does it really matter with windows update?

What was I to do?

WHY YES!!! The AOL cd.... it has an upgrade!!!

So I use 5.0 in my win95 os.

No Internet. But... I use it to debug a few webpages I make.

3.0 DOESN'T EVEN SUPPORT CSS, DOES IT?

I know of the hack, just to lazy to do it. (Just run regedit and follow any basic downloadable instructions. "The Internet Has Infinite Possibilities" )

I use 5.5 with SP2 on ME and WIN98SE heh :D
Didn't even bother with 6... HOW does that look anyway? I don't care. As my Computer Illiterate dad says: If it works, use it, no need to upgrade.

(For some odd reason, Browser ftp doesn't work with IE... And its a hassle to use an outside program... so MOZILLA IS DA BOMB BABY)
Thats all.

Jaz

Originally posted by Jaz
3.0 DOESN'T EVEN SUPPORT CSS, DOES IT?

Hell, 6.0 hardly supports CSS. It supports the core specifications for CSS1 and CSS2 (the core specifications are the extremely limited "bare essentials", not the entire specifications,) and has no CSS3 support whatsoever. Mozilla has FULL support for the ENTIRE CSS1 and CSS2 specifications, and although it doesn't yet support ALL of the CSS3 specification, it supports quite a lot of it for what it does have and the developers are working hard to get Mozilla to be fully CSS3 compliant.

Originally posted by Jaz
As my Computer Illiterate dad says: If it works, use it, no need to upgrade.

Computer software is the LAST thing in the world you should take the "if it ain't broken, don't fix it" attitude towards. It may "work", but it may also be full of security holes and such. Also, new versions mean more new features and improvements on existing features. Besides, the more new software versions come out, the more the support for the older versions start to dwindle. Microsoft's tech support department doesn't officially support Windows 95 anymore, and I'm pretty sure they don't support Internet Explorer 3.0 anymore either (if they still do, then they probably won't be for much longer.)

Originally posted by Jaz
How do you change your profile, signature, and so on anyway? I just log in and post... Is it that 'My Control Panel' thing?

Yes, that's the one. Click on "My Control Panel", then look in "Edit Profile" and "Edit Options" for a plethora of customizable settings.

Hrm. I just tried to post this and things got messed up, so lets try again. Hopefully I rememeber what I was saying. :(

Ok, I have a question for you "browser gurus". Since we're talking CSS here, I'd like to bring up that IE is the only browser that supports scrollable layers. You can take a look at my old website for an example of what Im talking about. (please excuse the mess and the out-of-date-ness).

www.violentfluid.com

What you see is 3 "windows". What that actually is, is one background, created in Photoshop, with texted placed in layers made to fit the windows I created on the background. Now, this is a really good way to design a webpage in my opinion. It allows me to make custom graphics in Photoshop and design the actual elements in it, such as the transparent windows. Then I can just stick the text in on top of it in whatever manner I wish. It comes out looking very nice.

The problem with this, though, is that IE is the only browser that supports the scrollable layer like I have on the bottom left. I'm in the process of developing a new page and I have to do all sorts of crazy frames to make it compatable with all browsers. I hate frames. :mad: So whats the deal? Is it not a part of the CSS specification to make layers scrollable? Is that an IE only property? Either way, its really nice. :(

Originally posted by virulent
I'd like to bring up that IE is the only browser that supports scrollable layers.

You mean like this (http://www.meyerweb.com/eric/css/edge/complexspiral/demo.html)? Because if so, not only can Mozilla do it, but it can do it MUCH better than IE. Then again, this might be completely different from what you're talking about.

But as for IE being the only browser that can do this CSS feature, either you're lying (since Mozilla has full support for CSS1 and CSS2, unlike IE,) or it's just another one of IE's stupid non-standard CSS "additions" (which Mozilla won't ever support until and unless it becomes officially accepted as an addition to the CSS standard by the W3C, which is the way it should be done anyway.)

Uhm, why would I lie when asking a question?

Go to the site I posted. Im using Mozilla *right* now. The text doesn't stay in the layer, it just goes down the page. If you scroll down the page itself, you can read the text. What I'm talking about is the text itself staying inside a layer with a scroll bar on the side of the layer itself.

Again, why would I be lying. Look at the previously posted website with IE, then with Mozilla. You'll see what Im talking about. That page was made with Dreamweaver, so either Dreamweaver is writes non-standard IE only code or Mozilla doesn't support it. Believe me, if it did support it, it would make my life much easier.

Originally posted by virulent
Go to the site I posted. Im using Mozilla *right* now. The text doesn't stay in the layer, it just goes down the page. If you scroll down the page itself, you can read the text. What I'm talking about is the text itself staying inside a layer with a scroll bar on the side of the layer itself.

Look at the previously posted website with IE, then with Mozilla. You'll see what Im talking about.

Hmm... I see. However, that page does NOT follow the proper CSS specification, it uses IE-specific "add ons."

Originally posted by virulent
That page was made with Dreamweaver, so either Dreamweaver is writes non-standard IE only code or Mozilla doesn't support it.

Dreamweaver only writes non-standard IE code if you tell it to, which I'm guessing you did, since support for non-standard features in Dreamweaver is disabled by default. This is because Dreamweaver is designed with cross-browser compatibility in mind. However, if you're using an older version of Dreamweaver, it'll write non-standard code no matter what.

Dreamweaver MX 6.0 (which I use) follows proper W3C specifications, including the most important web standard of them all, HTML 4.01 Transitional. Your pages don't even have a DOCTYPE declaration, the first and most prominent sign of a web page which doesn't follow proper web standards.

Also, to quote some things from your site:

I realise that "layers" are not W3 compliant

You're right, layers aren't W3C compliant. However, you can get the same effects that you can get with layers using CSS instead. Take note that layers and CSS are not one in the same.

I'm sorry if layers are an evil MS invention

Layers are an invention of Netscape, not Microsoft. Support for layers was pulled from Netscape as of version 6.0 to promote standards compliancy, but Microsoft decided to add layer support in IE at some time (I forget which version of IE was the first to support it.) Get your facts straight.

Lets face it, the Battle of the Browsers is over. IE won.

Bullshit. The battle is still being waged, and if you ask me, IE isn't looking so good.

Netscape is already doomed to lose, that's a given. Netscape is nothing but old builds of Mozilla with tons of bloat packed on. Netscape sucks, plain and simple.

Mozilla and Opera, however, still have a fighting chance. As a matter of fact, Mozilla looks like it's winning due to its portability, its usage in other browser projects (K-Meleon, Galeon, Netscape, AOL 8.0, etc.) and its standards compliancy.

IE has a leg up over Opera, though, since IE is free, doesn't have forced ad banners and it renders more pages properly than Opera. Even though Opera has better standards support, it's more of a matter of quantity than quality. Opera supports a larger selection of standards, but the support for each individual standard is usually for old versions of their respective specifications.

If Netscape wants to compete at all, I think they need to adopt some "MS innovations".

Netscape doesn't want to compete. They've pretty much displayed that with their obvious incompetence anyway. Mozilla, on the other hand, is a different story. Also, CSS is not an "MS innovation" by any stretch of the imagination. CSS is developed by the community of open-source programmers, not by Microsoft code monkeys. If CSS was a Microsoft thing, you could bet your ass they'd close the source on Internet Explorer's CSS rendering engine and refuse to licence it to anybody in an attempt to make IE bigger.

If a good majority of webpages are designed to use IE then its not really giving in to include IE features, its simply making a browser that *works*.

Here's my position on this: If a good majority of web pages are designed to use IE, there are a lot of shitty and incompetent self-proclaimed "webmasters" out there. Find some better cross-browser compatible web sites if the ones you currently visit choke on anything but IE.

Simply speaking, you either include the features that people are using, or people don't use your browser.

Now that's a pretty damn stupid idea. As said above, "webmasters" who use IE-specific features need to get some friggin' education on proper cross-browser compatible web design. For those who use FrontPage to design their web pages, they need to get some sense beaten into them.

Finally, for all these "features" about Internet Explorer that you love, I present to you the following examples of beautiful things that can be done using proper open web standards. These will only work in Mozilla and other browsers that properly follow the latest W3C specifications, and suffice it to say, they will NOT work on Internet Explorer:
Transluceny effects using nothing but CSS1's "background-attachment: fixed" command (http://www.meyerweb.com/eric/css/edge/complexspiral/demo.html) (NOTE: This works on IE 5.5 for Mac OS, but not Windows, which is quite strange if you ask me.)
MathML (http://www.mozilla.org/projects/mathml/demo/basics.xhtml)
Dynamic PNG Alpha Masking (http://www.mozilla.org/start/1.0/demos/eagle-sun.html)
Customizable menu bar using DHTML, DOM and JavaScript (http://www.brainjar.com/dhtml/menubar/demo.html)
Scrolling credits effect using DOM Level 1 and JavaScript (http://www.mozilla.org/start/1.0/demos/credits.html)

Ok. A appreciate the information but Im aware of this already. As I said, it is my old page coded at the begining of the year (check the dates on the posts) when I didn't know standards from my ass. What I knew was that using Dreamweaver (MX was not avalible at the time it was coded) resulted in a page that only IE could render properly. Your tangent is taken with a grain of salt, however, because I know better due to educating myself on web creation a bit since the original conception of that page.

What Im asking you is whether Mozilla/Opera/Etc are able to do what Im looking to do. I thank you for informing me that the page *is* coded with IE specific things. That is what I was wondering about. I do not claim to be a super "webmaster" only a person that is attempting to make a new page that is standards compliant (after educating myself on what that means) and looking for a way to make my new ideas work in all browsers.

I think you need to calm down a little bit. You seem a little to agressive about web browsers. Take a deep breath man. :)

Originally posted by virulent
...Ok, I have a question for you "browser gurus"...

Your page fails both HTML (http://validator.w3.org/) and CSS Validation (http://jigsaw.w3.org/css-validator/) miserably.

In particular, in front of every rule that *tries* to implement your scrolling, you have "//-->". What is that? CSS has no such syntax. Yes JavaScript comments are done with "//", but CSS doesn't define how to handle those bizzare rules and as such they should be ignored, what Mozilla correctly (unlike IE) does. I would recommend you getting rid of all the comments in there.

If you bothered to learn some web standards, you would see that almost anything is possible with them.
---------------------
Anyways,

Stable release of Mozilla (http://www.mozilla.org/[/url) 1.0.1 came out. So if you're looking for stability and a solid bowser, this is it. Also bleeding edge 1.2alpha release is out (use at your own risk). Which is for you, if you are after new funky features and don't mind it crashing, losing your data and burning your house to the ground.

1.1 release is still there, which has a bit of both stability and features. ;)

So take your pick and be happy.

If you bothered to learn some web standards, you would see that almost anything is possible with them.

If you bothered to read the above post you'd see that I've already explained what that page was created with, why what BDA7DD said was absolutly correct, and that I admited to not knowing anything about standards at the time the page was created.

As far as "bizzare rules" goes, I suggest you speak with Macromedia, as it was their software that put them there. Again, as I already said, I've read a lot about web creation since the original conception and coding of that page ealier this year. What I asked here was whether or not what was done on that site could be done in a way that would fit standards and allow all browsers to view it. I wasn't aware that it was coded with IE only features, hence my very first post asking the question.

You people seem to be a very poor goup to get answers from. Rather than being educated on something I didn't happen to know (which is WHY I asked in the first place), I get condecending remarks made with each reply.

Finland-based Online Solutions has recently posted to several security mailing lists regarding multiple serious vulnerabilities in the Java VM of Microsoft Internet Explorer. The vulnerabilities range from file reading exposures, to buffer overruns and other more serious vulnerabilities allowing code to run on the vulnerable system.

Reportedly, the vulnerabilities occur in native code called by "safe" system classes added to the VM by Microsoft for integration purposes.

In a separate advisory, a group of Israeli researchers at GreyMagic have announced yet another vulnerability impacting pages with FRAME or IFRAME tags -- those pages can be used to attack visitors via a cross-domain scripting flaw.

GreyMagic explains that frames can be hijacked because DOM checking is performed, but checking is not performed on potential security violations in calls to window methods. By setting the location.href property of the frame to javascript: URLs, it is possible to hijack the frame for the purposes of running script as the opener of the frame.

This vulnerability is further worsened by the fact that many versions of Windows (Win98 and later) ship with static resources containing frames, such as "readme.htm", that can be used to access local files, as well as run script in the zone of "My Computer", which runs without any security restrictions.

GreyMagic also provided a simple demonstration that easily bypassed the protection against accessing res:// URLs in IE 6.0 SP1 with a simple HTTP redirect.

The following is not a direct IE vulnerability. Rather, it's in Microsoft's Java Virtual Machine.

There are a couple of flaws in the JDBC implementation of Microsoft's JVM, which can lead to arbitrary code execution. MS Security Bulletin here (http://www.microsoft.com/technet/security/bulletin/MS02-052.asp). All versions of Windows with any Microsoft JVM installed, up to and including MS JVM version 5.0.3805 (i.e. all current JVM versions), are affected.

At the time of this post, Microsoft is only providing updates through Windows Update (http://windowsupdate.microsoft.com). However, Microsoft expects to release KB article Q329077 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329077) (not yet a valid link at the time of this post) soon, which will discuss this flaw in details and will probably provide direct download links for security fixes.

I'm surprised nobody's commented on the security flaw in Windows XP (pre-SP1) that allows a simple one-line URL to delete the entire contents of your hard disk volumes. The Register (http://www.theregister.co.uk/) has an article (http://www.theregister.co.uk/content/4/27074.html) explaining about this.

At the Something Awful Forums (http://forums.somethingawful.com/), which I am a member of, "alyandon" had this to say about this security flaw:

(This security flaw) goes way beyond a simple fucking bug/oversight and wanders into MAJOR FUCKING STUPIDITY. They are passing an input parameter UNCHECKED to a component/script that can delete files. I've NEVER had flaws like this in my code because I am meticulous about such things when it comes to exposing a component interface that can theoretically be called from anywhere. I was on a discussion board last night where someone had posted a link to a supposedly relevant article -- and I wondered why the hell "hcp://system/DFS/uplddrvinfo.htm?file://c:\*" showed up when I clicked on the link. Good damn thing I don't run pre-SP1 XP.

What kind of brain damaged tards does Microsoft hire that would ever write code for an externally loadable component that doesn't sanity check input parameters? What kind of fucking half-assed code review practices does Microsoft have in place that can't even catch these types of fundamental errors?

I couldn't agree with him more. This really is a stupid and dangerous error which should never have existed. I hope whoever's responsible for this flaw is fired from Microsoft and shot in the face at point blank with a sawed off shotgun. What a fucking moron...

Originally posted by griffinn
Microsoft's Java Virtual Machine.

I have Sun's Java 2 Runtime Environment installed and told it to be the default runtime environment for Java applets in IE and NS6/Mozilla. Does this mean I'm immune to this vulnerability?

Originally posted by BDA7DD
I have Sun's Java 2 Runtime Environment installed and told it to be the default runtime environment for Java applets in IE and NS6/Mozilla. Does this mean I'm immune to this vulnerability?Try running "jview" from the command line. If it exists, that means you have the Microsoft JVM installed somewhere, in which case it would be wise to patch it anyway. You never know when some smart guy might find a way to reset your IE settings using a combination of unpublished flaws, and then exploit the Java vulnerability.

The MS Java VM vulnerabilities do not impact users of the Sun Microsystems VM. MS are the erring party in these vulnerabilities.

However, MS has a history of not respecting defaults. As such, the MS virtual machine will load in IE in most cases.

I will have to say that the Windows XP hole was about the dumbest coding error Microsoft have ever made. :-)

Another "critical" bug:
http://www.microsoft.com/technet/security/bulletin/MS02-065.asp

This time it's the MDAC component that's pre-installed in Windows XP/2000/ME by default, and comes as a standalone component (but is installed by most people anyway) in other versions of Windows.

This is a big one as it affects both web servers (those running IIS) and web clients (virtually everybody). Details about the exploit are sketchy, but it seems it involves a malicious web page making use of a buffer overflow condition to trigger Outlook 98/2000 to execute arbitrary code. The security bulletin states those who have set Outlook Express 6 or Outlook 2002 as their default mail client are not affected.

Go read the security bulletin (technical version (http://www.microsoft.com/technet/security/bulletin/MS02-065.asp), newbie-friendly version (http://www.microsoft.com/security/security_bulletins/ms02-065.asp)), and patch (http://www.microsoft.com/downloads/Release.asp?ReleaseID=44733) now.

Originally posted by NetAddict
However, MS has a history of not respecting defaults. As such, the MS virtual machine will load in IE in most cases.

No problem there! I use Mozilla like every sane individual should be doing.

Ooh, Microsoft is getting busy tonight. Two more security bulletins:

http://www.microsoft.com/technet/security/bulletin/MS02-050.asp
This is an update on the SSL certificate chain validation bug previously reported here. Apparently, the previous fix itself was flawed, and it didn't address all the issues. Go read the bulletin again, and apply the new patch (even if you've applied it before).

Techie: http://www.microsoft.com/technet/security/bulletin/MS02-066.asp
Newbie: http://www.microsoft.com/security/security_bulletins/ms02-066.asp
This is a cumulative patch, the motherlode of all patches, for IE 5.01/5.5/6.0. Read, download (http://www.microsoft.com/windows/ie/downloads/critical/q328970/default.asp) and patch now. (No, it doesn't include the fix for the SSL certificate chain validation bug, for some reason.)

Apparently, a site has decided to specialize in fixing all of IE's security holes.

www.mozilla.org

:D

Originally posted by griffinn
Apparently, the previous fix itself was flawed, and it didn't address all the issues
is it me, or is that one of the most stupid things you can do? make a security patch that doesn't work...

Binary,

Griff didn't say the patch doesn't work. The patch does work. The only problem is that by fixing the problem, the patch creates other problems which themselves need a patch and so on. This whole process is what keeps Microsoft alive, actually :D

Originally posted by Twilightseer
Apparently, a site has decided to specialize in fixing all of IE's security holes.

www.mozilla.org

:D

Gya ha ha ha ha...

Mozilla 1.2 (http://www.mozilla.org/releases/) is out.

Check out new document prefetching and Type Ahead Find features. :)

Originally posted by Delicates
Mozilla 1.2 (http://www.mozilla.org/releases/) is out.

YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES!!!!!

Originally posted by Twilightseer
Binary,

Griff didn't say the patch doesn't work. The patch does work. The only problem is that by fixing the problem, the patch creates other problems which themselves need a patch and so on. This whole process is what keeps Microsoft alive, actually :D
aah, that makes sense now.

Gah. Why does Mozilla still not have xft support enabled? AA'd fonts are so sweet. I tried compiling from CVS and failed miserably. -_- I just want pretty fonts. *wines*

Originally posted by virulent
Why does Mozilla still not have xft support enabled?Um, it does. You just need a modern freetype library, and a modern xfree86, and a modern window manager.

d00t!

You're right. It said in the release notes for 1.2 that xft wasn't enabled yet (still). I knew there was *some* sort of support for it, but I thought you had to compile it from source to turn it on.

There are at least 2 problems that happened to Mozilla 1.2 release:

Apparently some of the patches and fixes that are on 1.2 branch that should of been int it, are mysteriously missing from the release. (See bug 182506 (http://bugzilla.mozilla.org/show_bug.cgi?id=182506))
One patch on the branch has been backed out incorrectly, and this is causing a lot of grief. (See bug 182500 (http://bugzilla.mozilla.org/show_bug.cgi?id=182500))


Note, these are merely screwups in the branch management which affect this release, the main Mozilla trunk is free of these. So don't panic if you find yourself being unable to use some sites.
I'm not sure what they are going to do about it, and while first problem isn't critical, the second problem at the moment is a pain, so they (hopefully) might fix the release. If not, 1.2 will stay crippled until a next "stable" release comes out (planned for Feburary).

Alternatively 1.3alpha release is gong to come out in a week or two, with some absolutely fantastic new features. It won't have the above screwup, however being an alpha release will ofcoarse be Use-at-your-own-risk(TM).

Oops, ofcoarse the Feburary 1.3 release won't be called stable. Just a release.

The next "stable" 1.4 release will actually come around May.

so yeah, a big bummer.
let's hope they decide to fix it.

Just rebuilt Mozilla 1.2b from source with xft enabled as I couldn't figure out how to make it work with the standard build of 1.2 (which I noticed they've taken off the page for the reasons outlined above). In any case, it rocks. Fonts look beautiful. The best keeps getting better. :up:

Mozilla v1.2.1 was released (http://www.mozilla.org/releases/) yesterday. It's pretty much the same as Mozilla v1.2, the only difference being that they fixed that atrocious DHTML bug.

Another cumulative patch for Internet Explorer 5.5 and 6.0. It contains all previous fixes plus a new one that "eliminates a newly discovered flaw in Internet Explorer's cross-domain security model" (which allows scripts on one site to see the content of pages you've visited on another site, under special circumstances).

Geeks read this (http://www.microsoft.com/technet/security/bulletin/MS02-068.asp); newbies read this (http://www.microsoft.com/security/security_bulletins/MS02-068.asp); all download this (http://www.microsoft.com/windows/ie/downloads/critical/q324929/default.asp).

Another vulnerability... This one is a Microsoft Java Virtual Machine bug. It affects IE but is strictly speaking not a direct IE security flaw.

Newbie link: http://www.microsoft.com/security/security_bulletins/ms02-069.asp
Techie link: http://www.microsoft.com/technet/security/bulletin/MS02-069.asp

The patch fixes "eight vulnerabilities, the most serious of which would enable an attacker to gain control over another user's system." All variations of the attack are carried out using a malicious web page.

The patch seems to be available only through Windows Update.

And as always, a 10Mb or so GLOBAL fix for all IE's security flaws can be downloaded at www.mozilla.org :D

Microsoft has released another cumulative patch for IE 5.01/5.5/6.0 for a code execution exploit. "As usual", this bug can be triggered by visiting a malicious website and the intruder can read your files or execute arbitrary code on your machine using a specially crafted URL.

Read the security bulletin for nerds (http://www.microsoft.com/technet/security/bulletin/ms03-004.asp) and / or mere mortals (http://www.microsoft.com/security/security_bulletins/ms03-004.asp), and download the patch (http://www.microsoft.com/windows/ie/downloads/critical/810847/default.asp).

Another cumulative patch for Internet Explorer 5.x and 6.0 has been issued. The security issues addressed by this patch are rated as critical.

Customer bulletin (http://www.microsoft.com/security/security_bulletins/ms03-040.asp)

Technical bulletin (http://www.microsoft.com/technet/security/bulletin/ms03-040.asp)

Patch (for most people) (http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp)

Patch (for IE 6.0 for Windows Server 2003) (http://www.microsoft.com/windows/ie/downloads/critical/828750s/default.asp)