"Dubbed the "carpet bombing" bug, this was disclosed by independent researcher Billy Rios in May and patched by Apple - after some foot-dragging - in June."

... and only then patched by Mozilla - after an ADDITIONAL month of foot-dragging - in mid-July.

I'm sick and bloody tired of Firefox updates, I'm seriously considering going back to Internet Explorer.

If you don't like it TURN OFF AUTO UPDATES!

It's not like IE has less bugs, they just tend to sit on them and do them all at once.

Bye!

'course you will still get updates to IE, but you can't walk away from that, can you, 'cos you looove Microsoft.

Agreed, why can't the Firefox developers get the code right first time like IE?

Oh, wait...

"I'm sick and bloody tired of Firefox updates, I'm seriously considering going back to Internet Explorer."

Well the latter has just the same level of updates, just the fixes are rolled up and issued less frequently, leaving you vulnerable for longer in theory.

Don't see why it's a problem for you though. It auto updates and takes a few seconds, and you don't have to reboot your computer unlike you probably would with IE.

Face it. Software will always need patches to update and fix issues that just could never be foreseen. Lack of updates on a software product generally concerns me more. Updates are a good thing.

Still, thank yourself lucky you're not running Linux. It's pretty much daily now that updates are issued and a very large amount of those are security fixes!

p.s. shock horror... a Mac OS X vulnerability! surely not? !!!! ;-)

Good idea, move from a browser that actually bothers with updates to one with a rather less healthy track record...

Why not restrict yourself to applying Firefox updates once per month on an arbitrary date like IE instead?

Yeah with IE you dont have to worry about those so tricky to install updates all the time, because MS will leave holes for months before fixing them

Great idea...

Don't do that, go to Opera.

It's faster than Firefox and IE and, let's face it, both of those browsers just steal things off Opera anyway (tabbed browsing, enhanced history, more I'm sure).

Ditto. Especially since the Firefox developers seem to find it unnecessary to fix the "Windows can't find ..." error message bug, that is caused by FF screwing up registry entries and was first raised against FF 0.9 in the first half of 2004 (!).

I'm sick and bloody tired of it.

Paris, because she knows how to keep the punters happy.

Will EVERY minor update to Firefox 3 result in our themes and extensions being incompatible until they are re-written AGAIN? GRRRRRRR!!!!

You sir are Steve Ballmer and I claim my 5 pounds[1].

[1] This joke is as tired as your complaint.

That's the great thing about Internet Explorer, a lack of updates!

Because its ages since i sifted though your mail and looked at all your local files from my international PC of mystery.

Bring back the good old days of hacking ;p

-ano

Yup, use IE and you can quite happily browse away and never be forced to fix any of the critical security bugs.

Pro-tip: You could also save yourself energy by not locking your doors at night.

And you think windows update doesn't patch IE? lol....

At least Firefox -tells- you when there's an update -before- your computer gets owned.

Would you rather they not patch it?

@AC - You can turn the updates off if you're not too bothered about having the latest & greatest & most secure version, you know.

update has killed noscript & ABP... the very reasons for using firfox... reinstall doesn't fixc it ... Bugzilla reporting is so complex i forget halfway thorugh most of the details i need to report. Well i suppose they are trying to emulate Microsoft.

Would you prefer firefox doesn't get updated? Look at the foot-dragging MS did for years with IE5 then 6. They still patch 6, as they should. Logic flaws will always be found in software. Some of this stuff is very sophisticated and may not be found during normal test cycles.

So since I'm sick and bloody tired of AC whinges, please please go back to internet exploder. You deserve it.

@ Webster Phreaky - is it the same carpet-bombing bug? Safari's one is concerning dumping downloads on the desktop from a malicious source. Firefox's is to do with CSS, which appears to be from a completely different part of the browser.

@ AC - IE does get updated, but remember that it took a number of years for Microsoft to bother to update IE seriously... wonder why? Could it be because it had competition?

So, FF has to be updated from time to time. IE does too. Since I bothered to get IE 7 for web-site testing purposes last week, there have been 2 hotfixes it wanted to download since then. I'd rather have a browser that does try to keep patched and secure (and doesn't require a reboot of my PC)

Interesting point of debate: considering that its source is available to anybody (and I don't think you can say the same about the others), hackers can browse through it looking for holes. Yet it doesn't get that many patches rolled out to users, the reason for which I can only conclude is that not too many problems get through the testing. Can IE say the same?

@AC: Ah, so that's why MS so rarely fix the vulnerabilities in IE, not because they can't be bothered / don't know how to, but so as not to trouble us with updates. Yes, you're right , better to have the vulns and not have to restart your browser now and again.

Certain websites taking forever to load for instance - including various torrent based ones.

Same issues not present in either IE or Flock - wtf is going on I wonder?

Answers on (this) a webpage please!

So, going back to a browser that is security updated once a month (ish), vs. one that is updated more frequently, because you are tired of a few seconds of uploading/updating?

Weird.

Pretty sure I prefer the latter. And at least I don't usually have to reboot for a Firefox update.

Just Firefox, not sacking windows because you are sick and tired of windows updates too?

Yes, it has taken sometime to get this update out, maybe they were testing to ensure it didn't break anything else or introduce even more insecurity. Something Microsoft don't seem to give a shit about. Of course they could just be recovering from the hangover caused by the celebrations after version 3 release. Or, if they are anything like me they are just bone idle.

I'm sick and bloody tired of people moaning about Firefox updates, I'm seriously considering suggesting they write their own web browser.

fixed the video bug in FF3 yet? The one that crashes it when playing wmv etc?

It not really a hardship to do the update. Firefox tells you it has downloaded the update, all you have to do is close FF and open it again when you are ready. I didn't even have to reboot the PC. If FF doesn't provides updates it gets flamed, if it does, FF still gets critised.

Don't get me started on IE and the retarded system restarts that are "required" at 5 minutes notice just when you have started some online gaming session or have work open have just walked away from the PC for a few minutes. I mean, surely the update engine can look at the system uptime of the PC and see it was only turned on 20 minutes ago and so it can trust me to turn off the PC when I have finished with it.

Yep, I have only received 2 updates in how many months, rather than M$ that only gives an update when forced to, and only when it is a bad security issue.

I have to use both, because my firm will only launch external access through IE (what a bad idea).

Paris, because she will always give you a choice.

Why? Do you prefer the Windows updates for when Internet Explorer needs patching? Do you prefer to be kept in the dark about exactly when your browser is updating? Or would you prefer Mozilla didn't patch Firefox when they find bugs?

Out of interest, why are you sick and tired of them? They take a very small amount of time to download and install (about 30s max on the 2 machines I updated today with v3.0.1), your current browser state (tabs, history etc) is retained after the restart, and they keep your system as up-to-date against threats as possible.

IE has updates too, it's just they're included with all the other windows updates, and probably require a PC reboot after install. You can always disable the automatic search for updates in firefox from Tools->Options.

Use whichever browser you prefer, but this seems to be a strange thing to base your browser choice on.

I'm getting a Mac next week/tomorrow!

That'll be the extention/theme developers needing to adjust the max value for the install version... that's not mozilla's fault.

Only one extention broke here, thanks to VMWare having not updated it for a while... Oh look... the developers of the extention are at fault.

If you -really- need to use them, read up on how to overide the max value on the xpi.

"I'm sick and bloody tired of Firefox updates, I'm seriously considering going back to Internet Explorer."

Eh?! You mean, you'd rather use an insecure browser because it bothers you less? That's just stupid.

How hard is it to click two buttons and wait for Firefox to restart itself and you're back exactly where you were before, only safer? Answer: not very.

Webster? Are you OK, mate? :O)

I mean just how quick would ie fix a flaw ?

You can fix that yourself.

Download the XPI. It is just a renamed Zip file.

Unzip it.

Find the install.rdf file and open it in an editor.

Look for the targetApplication section with the id of {ec8030f7-c20a-464f-9b0e-13a3a9e97384} and change the maxVersion to 3.*

Re-zip it and change the extension to .xpi.

Drag and drop your new file into your Firefox browser.

Dance joyously.

@AC - Broken extensions/themes

Only if you use extns from devs who don't read the documentation and specify a version number of 3.0.0 rather than 3.0.* in their XPIs. Unless an update changes a feature unzip the XPI and change it yourself.

@JohnP

"It's faster than Firefox and IE and, let's face it, both of those browsers just steal things off Opera anyway (tabbed browsing.."

Yet another ill-informed Opera fan boy - for the umpteenth time - OPERA DID NOT INVENT TABBED BROWSING

@Pete

"fixed the video bug in FF3 yet? The one that crashes it when playing wmv etc?"

I take it a Google search is just too much for you?

http://www.google.co.uk/search?hl=en&q=firefox+wmv+plugin&btnG=Google+Search

*I'm sick and bloody tired of people moaning about Firefox updates, I'm seriously considering suggesting they write their own web browser.*

I did but its still too buggy for me so, from now on, sod bloody browsers; I'm going to go on the bus to all these places in the web pages and look at them with my eyes. I'll be round the El Reg Offices next week to watch you type all the stories and then coming round all your houses to watch you type silly comments. I'm sending this by Royal Mail.

Maybe for a while yeah. This is one of the reasons why the 2.0.0.X branch is still maintained, you don't have to use FF3.x until you're satisfied its stable enough to run all your plugins.

You have to bear in mind also that sloppy plugin coding can be a factor, if a security fix breaks a plugin then that would suggest to me that that plugin wasn't necessarily that well written / secure to begin with.

Roger Heathcote.

Much as others have said, extensions can be fixed.

Regarding ABP and NoScript, I've had no downtime at all on those two, or any of the other 5 that I use. I just checked to make sure they were all working, but FF 3.0.1 has them all online with no gripes or complaints. *shrugs*

posters out there , whose biggest problem in their lives is getting updates and bug fixes for Firefox.

One day you might actually get some problem (Health , family or financial) that will take your mind completely off this eenie , weenie ,teency weency irritant .

Peace and Joy.(from me and Paris)

Having installed the latest update, I find that when I click a link in the Reg newsletter, the FF window no longer pops up over the mail window. FF is already running and sometimes the program icon in the taskbar flashes orange (windows xp), sometimes it doesn't.

Bit disconcerting - deliberate revenge on Reg by FF?

...that annoys me, it's the fact that code for handling extensions uses the main software version number in order to determine compatibility of the extensions I have installed.

It's likely that the changes made wont affect 99% of the extensions out there, but regardless, Firefox will disable a number of the extensions I've installed because the compatibility number in their XPI file is 0.0.0.1 less than the new version.

I know that this is partially down to the extension developers, and assuming that they ever update their plugins using the Mozilla site (which some don't, due to some of the methods the site uses being cumbersome), they'll update on their own, but at the same time, I wish that there was a better system for determining compatibility.