Mozilla® Firefox® is the browser successor to the Mozilla browser suite 1.7.x released as part of the OpenServer 6.0.0 product. Like the former releases of Mozilla for SCO platforms, Firefox is built from the source code open-sourced by the Mozilla Foundation. What previously was a single application with multiple functionality is now released as separate products; Firefox providing the browser and file download features. The e-mail client and news reader functions are provided by Mozilla ThunderbirdTM which is a separate component for OpenServer 6.0.0 users and is available on the OpenServer 6.0.0 Support/Supplements Download web page . The ChatZilla internet relay chat (IRC) feature of Mozilla is available through a Firefox add-on extension; see the "User Customization" section below.
While Firefox is the ultimate replacement for the Mozilla browser on OpenServer 6.0.0, installation of this Firefox release will install in parallel with the existing Mozilla browser. Installation of Firefox will not automatically remove Mozilla from your system. Because there are a variety of ways in which the "default browser" can be configured on any installed system, there is no simple way to automatically replace the Mozilla browser with the new Firefox browser. Allowing both browsers to be active on the system provides each site the opportunity to switch from Mozilla to Firefox at their convenience. If users have been using the Mozilla e-mail / news client, the Mozilla Thunderbird application will also need to be installed.
See the configuration discussion in the "Firefox Installation" section below as well as the "Removing the Mozilla Browser Suite" section.
Firefox 2.0.0.20 is the last planned security and stability update of Firefox 2 by the developers at Mozilla. Firefox 2.0.0.20 is current with all the security fixes recently released in Firefox 3.0.5. Mozilla recommends upgrading to Firefox 3 and SCO has scheduled a port of Firefox 3 for OpenServer 6.0.0. Stay tuned to the SCO OpenServer 6.0.0 support web page.
Until the port of Firefox 3 is availble for OpenServer 6.0.0 users, SCO
has captured all the security and bug fixes that have gone into the
recent June 22, 2009 releases of Thunderbird 2.0.0.22 (e-mail client)
and SeaMonkey 1.1.17 (complete browser suite) that is built
from the same source base as Firefox 2. These fixes address the following
Firefox security issues announced since the release of Firefox 2.0.0.20.
| MFSA 2009-33 | Crash viewing multipart/alternative message with text/enhanced part | ||||||||||||||||||||||
| MFSA 2009-32 | CVE-2009-1841 | JavaScript chrome privilege escalation | |||||||||||||||||||||
| MFSA 2009-29 | CVE-2009-1838 | Arbitrary code execution using event listeners attached to an element whose owner document is null | |||||||||||||||||||||
| MFSA 2009-27 | CVE-2009-1836 | SSL tampering via non-200 responses to proxy CONNECT requests | |||||||||||||||||||||
| MFSA 2009-26 | CVE-2009-1835 | Arbitrary domain cookie access by local file: resources | |||||||||||||||||||||
| MFSA 2009-24 | Crashes with evidence of memory corruption (rv:1.9.0.11) | ||||||||||||||||||||||
| MFSA 2009-21 | CVE-2009-1311 | POST data sent to wrong site when saving web page with embedded frame | |||||||||||||||||||||
| MFSA 2009-20 | CVE-2009-1310 | Malicious search plugins can inject code into arbitrary sites | |||||||||||||||||||||
| MFSA 2009-17 | CVE-2009-1307 | Same-origin violations when Adobe Flash loaded via view-source: scheme | |||||||||||||||||||||
| MFSA 2009-15 | CVE-2009-0652 | URL spoofing with box drawing character | |||||||||||||||||||||
| MFSA 2009-14 | CVE-2009-1303 | Crashes with evidence of memory corruption (rv:1.9.0.9) | |||||||||||||||||||||
| MFSA 2009-13 | CVE-2009-1044 |
Arbitrary code execution through XUL |
MFSA 2009-12
|
CVE-2009-1169
|
XSL Transformation vulnerability
|
MFSA 2009-10
|
CVE-2009-0040
|
Upgrade PNG library to fix memory safety hazards
|
MFSA 2009-09
|
CVE-2009-0776
|
XML data theft via RDFXMLDataSource and cross-domain redirect
|
MFSA 2009-07
|
CVE-2009-0772 | CVE-2009-0774
Crashes with evidence of memory corruption (rv:1.9.0.7)
|
MFSA 2009-05
|
CVE-2009-0357
|
XMLHttpRequest allows reading HTTPOnly cookies
|
MFSA 2009-03
|
CVE-2009-0355
|
Local file stealing with SessionStore
|
MFSA 2009-01
|
CVE-2009-0352
|
Crashes with evidence of memory corruption (rv:1.9.0.6)
| |
The following Firefox security announcements from mozilla.org are limited only to Firefox 3.0 and do not impact Firefox 2.0.
| MFSA 2009-02 | XSS using a chrome XBL method and window.eval |
| MFSA 2009-04 | Chrome privilege escalation via local .desktop files |
| MFSA 2009-06 | Directives to not cache pages ignored |
| MFSA 2009-08 | Mozilla Firefox XUL Linked Clones Double Free Vulnerability |
| MFSA 2009-11 | URL spoofing with invisible control characters |
| MFSA 2009-18 | XSS hazard using third-party stylesheets and XBL bindings |
| MFSA 2009-23 | Crash in nsTextFrame::ClearTextRun() |
| MFSA 2009-28 | Race condition while accessing the private data of a NPObject JS wrapper class object |
| MFSA 2009-30 | Incorrect principal set for file: resources loaded via location bar |
Firefox is provided under the terms and conditions of
the Mozilla Public License (MPL), versions 1.1. A complete copy of the
LICENSE will be installed in /usr/lib/firefox/LICENSE.
Portions of the source code are provided under various other open source licenses including the GNU General Public License (GPL) and the GNU Lesser General Public License (LGPL). Other portions are available under one of a variety of more permissive licenses. A complete list of licenses covering this release of Firefox is available from within the Firefox browser. To review these licenses and the list of various contributors to the Mozilla Project, enter "about:" in the address text field of the Firefox navigation toolbar.
Mozilla, Firefox, Thunderbird, mozilla.org and the Firefox icon are trademarks or registered trademarks of the Mozilla Foundation.
SCO and SCO OpenServer are trademarks or registered trademarks of The SCO Group, Inc. in the U.S.A. and other countries.
A complete list of copyrights and acknowledgements will be installed in:
/etc/copyrights/Firefox
/usr/lib/firefox/Copyrights
Supported SCO UNIX platforms:
When Firefox is installed, the packaging scripts will automatically add links to currently installed Mozilla plugins on the system. The Java 2 Standard Edition (J2SE) 5.0 Java plugin will take precedence if both J2SE 5.0 and J2SE 1.4.2 are installed on the system. Mozilla Firefox plugins currently available are:
The following versions of J2SE releases for OpenServer 6.0.0, posted on OpenServer 6.0.0 Support/Supplements Download web page on July 22, 2008, are not Firefox aware. Installing these or earlier versions after installing Firefox may result in Java plugins not being visible to the Firefox browser.
The next updates to both versions of J2SE 1.4.2 and 5.0 will be Firefox aware; order of installation will not be an issue.
The Flash Player 7 plugin that was included in Maintenance Pack 3 will properly install the Flash Player plugin in the Firefox plugins directory.
/usr/lib/firefox/README.html
/tmp/firefox
and extract it using:
tar -xf Firefox-2.0.0.20Ba.VOLS.tar
scoadmin softwareor double-click on the Software Manager icon on the desktop.
or
custom
The "World Wide Web" (WWW) application icon on both the XDT3 and KDE3 desktops and executabled with the script
/usr/bin/browserprovides for a default browser to be specified:The WWW script checks first for a user's browser preference, then a system-wide default browser setting. If neither are set, the WWW script presents, to the user, a selection of "known", available browser applications installed on the system. Once Firefox has been installed, the WWW script will notice that an executable
- at the individual user level by a command path set in
$HOME/.browser- system wide by variables in
/etc/default/browser/usr/bin/firefoxexists and include "Firefox" in the list of browsers.Users who previously selected a "default" browser and would like to revisit that decision should either:
rm -f $HOME/.browser
then click on the WWW icon and reselect a default browser.
- Edit
$HOME/.browser, changing the contents to/usr/bin/firefoxIf a system-wide default browser has been selected, the systems administrator should edit
/etc/default/browserand remove the previously selected graphical browser. Reset the line to:BROWSER=
Firefox, like the Mozilla browser suite, maintains a user's default profile containing that user's preferences, bookmarks, cookies and saved passwords. For Mozilla, that profile was typically in
$HOME/.mozilla, with:
default/<random-string>.slt/
Default User/<random-string>.slt/typical initial/default profile directory <profile-name>/<random-string>.sltnamed/additional user profile directory Firefox maintains user profiles in
$HOME/.mozilla/firefox, with:
<random-string>.default/typical initial/default profile directory <random-string>.<profile-name>named/additional user profile directory When a user starts Firefox for the first time, a default user profile is created. If previous Mozilla preferences do not exist or are not imported, the default user profile provides a "bookmark toolbar" containing a:
- "Getting Started" button that links to www.mozilla.com for some recommended, useful sites and tips.
- Menu for a "Latest Headlines" news feed.
- SCO folder with links to "The SCO Group, Inc.", SCO products, support, downloads, partners, solutions and OSR 6.0.0 DocView links to local installed or SCO hosted documentation.
Additional bookmarks are provided to the Mozilla Firefox web site for help, tutorials and customization guidance. The default Firefox home page is the "Firefox Start" web page with a Google search dialog.
Option #1 - typical
Previous users of Mozilla will have the option, on their first use of Firefox, to import their Mozilla 1.7.x preferences. If they choose that option, they can either use the new "Firefox Start" home page or continue to use their previously set default home page in Mozilla 1.7.x. This will copy the existing Mozilla 1.7.x preferences, bookmarks, cookies, browsing history, passwords and other data. None of the Firefox bookmark toolbar buttons or Firefox bookmarks will be in your preferences.
Option #2 - advanced (use with care)
An alternative method is to first accept the Firefox default set of preferences; then import the settings from your Mozilla 1.7.x preferences. As a previous Mozilla user, when starting Firefox for the very first time and when presented with the "Import Wizard", select "Don't import anything". Continue through the initialization and allow the Firefox browser window to open. At this time you will have the default bookmarks and bookmark toolbar described at the beginning of this section.
Before editing any preference settings, import your existing Mozilla preferences by selecting the "Import ..." function in the "File" menu. Complete the Import Wizard; this will import your existing Mozilla 1.7.x cookies, bookmarks, and saved password. The bookmarks imported from Mozilla 1.7.x will be in a bookmark folder labeled "Netscape 6/7 Mozilla". Use the bookmark manager to reorganize and delete unwanted or duplicate bookmarks. Edit your Preferences and set your home page as desired.
This import wizard is not as thorough as that in option #1 above. Only bookmarks, cookies and saved passwords are imported. Other information must be manually copied from the Mozilla profile directory into the Firefox profile directory.
Profile Data File name Browsing History history.dat Download History downloads.rdf Blocked and allowed sites hostperm.1
First, a caution from the Mozilla Community in an FAQ titled Managing profiles.
Using multiple profiles and profile management are advanced features intended primarily for extension developers. Unless you are an advanced user or are troubleshooting a specific problem with Firefox, you should avoid using multiple profiles.If you used multiple profiles with Mozilla and wish to continue having multiple profiles available for Firefox, follow these steps.
- Create your default profile using either option #1 or option #2 in the previous section.
- Close all Firefox windows, including dialogs, error console, download manager, etc.
- From an Xterm, SCOTerm or KDE Konsole window, start the Firefox Profile Manager.
firefox -ProfileManager- Click on "Create Profile" and provide a profile name.
- When Firefox comes up, you will have created a named profile containing default preferences. Continue with option #2 above, starting with the second paragraph, to import your named Mozilla profile and hand copy the remaining files.
- Repeat steps 2 through 5 for each additional profile to be imported.
With the Mozilla browser suite, clicking on a "mailto:" link would bring up a Mozilla e-mail compose window; a news group link would bring up the Mozilla news group reader. Firefox 2 does not provide the e-mail client nor news group features. They are provided in the Mozilla Thunderbird application in a separate, optional component. To allow users the flexibility to use the e-mail client of their choice, these options have not been configured in this Firefox release.
To have these links work, users must add this configuration to their profile by:
about:config in the address text field of the
navigation toolbar.
network.protocol-handler.app.mailto
/usr/bin/thunderbird to use the Mozilla Thunderbird e-mail client. KDE desktop users who prefer to use Kmail should enter
/opt/kde/bin/kmail .
network.protocol-handler.app.news
and tool name
/usr/bin/thunderbird .
There are some changes in default behavior or actions when moving from Mozilla 1.7.x to Firefox 2 that are worth noting. These include, but are not limited to, the following:
$HOME/Desktop. This will
place downloaded files where they will automatically appear on a KDE
desktop, but this has no visible benefit to XDT3 desktop users. The
Mozilla behavior, always asking where to save the downloaded
file, can be configured in the Main -> Downloads section of
your Preferences. Alternatively, choose a default location to your liking.
/bin/xpdf to open all PDF files.
Users are encouraged to tailor the Firefox browser to make it "perfect" for themselves. Customization possibilities include:
The "Customization" section of the Mozilla Firefox Help wizard will provide guidance on making toolbar changes, getting and installing add-ons, and using the Add-ons Manager.
Add-ons hosted on the Mozilla.org web site can be accessed from the "Firefox Add-ons" link in the documentation section below or by using the the Add-ons Manager within the Firefox application. To bring up the Add-ons Manager, click on the "Add-ons" entry in the "Tools" menu. The Add-ons Manager will show what extensions and themes are installed and enabled. To search for and download extensions or themes, click on the "Get extensions" or "Get themes" link. When installed, the add-on appears as a new entry in the "Tools" menu.
If an add-on is for a specific operating system or provides buttons to select an add-on download based on operating system, do not attempt to download and install. Clearly the feature is operating system specific; and if it contains a plugin library, it may cause your browser to crash or worse.
The documentation for the Mozilla Firefox 2 web browser is available online from the Mozilla Foundation at mozilla.org and the Mozilla Corporation at www.mozilla.com.
The documentation available from these sites includes:
Security Advisories for SeaMonkey 1.1
Security Advisories for Firefox 3.0
Refer to the online Mozilla Firefox Help wizard for guidance in using, configuring, customizing and managing Firefox features and extensions. The Mozilla Firefox Help wizard can be accessed from the "Help" menu, selecting the "Help Contents" or by using the "F1" function key.
Once Firefox has been installed and Thunderbird installed for current Mozilla e-mail client users, the system administrator can prepare to remove the "old" Mozilla component from the system. Review the information in the "OpenServer 6.0.0 Default Graphical Browser Setting" sub-section above. The systems administrator (root), should:
/etc/default/browser
if previously configured to execute the mozilla executable.
.browser, remove any such file that points to
the mozilla executable.
/usr/bin/firefox) or the generic browser
script (/usr/bin/browser).
/bin/mozilla
/usr/bin/mozilla
/opt/mozilla/mozilla
/usr/lib/mozilla/mozilla
When the three steps above have been completed, it is safe to remove
Mozilla from your system. Once removed, Mozilla will not appear in the
/usr/bin/browser list of available browsers.
A very early release of Mozilla 1.7.x is on the OpenServer 6.0.0 installation CD1 and that will be installed by default on all fresh installations. That Mozilla component should be removed and Firefox and optionally Thunderbird installed before allowing users to configure a "default" browser or setting the system -wide browser default.
When you are ready to remove the Mozilla Browser Suite from your system,
as root, run the Software Manager with either of the commands -
"scoadmin software" or "custom",
or double-click on the Software Manager icon on the desktop.
Highlight the "Mozilla Web Browser (ver 1.7.xx)" and select
the "Remove Software..." item on the "Software" menu.
If it is decided to retain a working Mozilla 1.7.x on the system, it is strongly recommended that the last update of Mozilla, version 1.7.3Ca, from the OpenServer 6.0.0 Support/Supplements Download web page be installed.
Copyright © 2008-2009 The SCO Group, Inc. All Rights Reserved.