Is the Firefox 3.0 in the Mandriva repository the official release?

firefox-3.0-3mdv2008.1.i586 in the main backports is described as:

"This Firefox 3 Release Candidate is a preview release of Mozilla's next
generation Firefox browser and is being made available for testing
purposes only."

And yet the changelog and datestamp suggests that this is based on the
Firefox 3.0 official release. I don't want to install release
candidates, when I've only got to wait a little while for a release, and
anyway, I've been having enough issues lately with various standard
2008.1 packages. And I'm not going to get the generic Linux version from
Mozilla, because although most people find them OK, there's likely to be
extra work involved in its future maintenance and update.

What's prompted this is that I stumbled across a site, the Washington
Post, that dumped on my Firefox 2.0.0.14. When I arrived at a story
there, after following a link from Digg, that page's Google-powered
rotating adverts popped up a very nasty "anti-virus" site.

DON'T VISIT THESE PAGES IF YOU'RE USING A MICROSOFT OS:

Here's the Washington post story. I guess it's OK most of the time since
the ads are rotating. Firstly, the annoyance is that they've found a way
to break Firefox 2's view-source, so I can't see the source html to find
the follow-on link. The text "DELETETHIS" in this URL must be removed.

http://www.washDELETETHISingtonpost....6073-2004Apr15

And secondly, here's the ad that popped up. It does stuff that Firefox
shouldn't allow. Its script resizes the window, and immediately starts
up the dialogue box saying that you've chosen to open a DOS/Windows
executable. If you close that dialogue and then try to close the window
with the usual terminate-window decoration, then it pops up another
window saying that a virus has been discovered on your machine, and the
open-file dialogue opens again, and this time you can't close it until
the virus-warning popup is closed first. The only way to terminate the
window is with the ctrl-alt-esc cursor of death. Presumably Windows
users would be in trouble here. I thought that browsers had fixed tricks
like this long ago.

http://virDELETETHISus-scanonline.com/nag/

I get the feeling that I should report this somewhere. Anybody know if
Mozilla is still doing security updates to Firefox 2? Firstly the method
by which the scumbags at the Washington Post were able to break the
source code inspection should be fixed, and secondly, the ability of the
fancy scripting used by the vastly worse scumbags at the virus site to
mess with the window management should also be disabled.

--
Dave Farrance

On Tue, 01 Jul 2008 08:56:48 GMT, Dave Farrance wrote:

> And secondly, here's the ad that popped up. It does stuff that Firefox
> shouldn't allow.

You have firefox controls, have you not set your preferences.
If you have java* enabled, then you give up control to the programmer.

Black hats have been cracking AD servers, not to mention WEB servers.
Since I have installed the privoxy package and installed NoScript Add On,
my browsing speed has increased not to mention MUCH better security.

http://groups.google.com/group/alt.o...c4674ee714a691

As for waiting for third party app updates, I think it is stupid to wait.
Usually exploits are out there within 24 hours of patch update release
hunting for people with unpatched apps.

I keep a /local/opt partition for third party installs.
Example firefox 3.0 install commands follow:

--------------------------------------------------------------
#* Package downloaded from
#* http://download.mozilla.org/?product...nux&lang=en-US

cd /local/opt
tar xvpjf /downloads/firefox-3.0.tar.bz2
mv firefox firefox-3.0

# move the runtime app's link

/bin/rm -f /usr/local/bin/firefox
ln -s /local/opt/firefox-3.0/firefox /usr/local/bin
ls -al /usr/local/bin
--------------------------------------------------------------


My PATH variable has /usr/local/bin moved towards the front so my
installs run instead of default package installs.

echo $PATH
/sbin:/usr/sbin:/usr/local/bin:/usr/local/bin:/bin:/usr/bin:/usr/bin/X11:/usr/games:/usr/lib/qt4/bin

Dave Farrance wrote:

> Is the Firefox 3.0 in the Mandriva repository the official release?
>
> firefox-3.0-3mdv2008.1.i586 in the main backports is described as:
>
......
> 2008.1 packages. And I'm not going to get the generic Linux version from
> Mozilla, because although most people find them OK, there's likely to be
> extra work involved in its future maintenance and update.
>
Not so much work. It is updateable just like the windows version.
However, your user must have write permission to the firefox program folder.
Since I don't want to give these permissions permanently, I _do_ start
firefox with sudo _just_ for updating.

> What's prompted this is that I stumbled across a site, the Washington
> Post, that dumped on my Firefox 2.0.0.14. When I arrived at a story
> there, after following a link from Digg, that page's Google-powered
> rotating adverts popped up a very nasty "anti-virus" site.
>
> DON'T VISIT THESE PAGES IF YOU'RE USING A MICROSOFT OS:
>
> Here's the Washington post story. I guess it's OK most of the time since
> the ads are rotating. Firstly, the annoyance is that they've found a way
> to break Firefox 2's view-source, so I can't see the source html to find
> the follow-on link. The text "DELETETHIS" in this URL must be removed.
>
> http://www.washDELETETHISingtonpost....6073-2004Apr15
>
Probably, either the washingtonpost site or - more likely - one of the
adservers that are called in rotation, were hacked and cracked.
Now I have adblockplus and noscript in place and don't see that crap.
Even more so though the privoxy :)