Mozilla holes....Microsoft rejoice!
- Thread starter Swither
- Start date
Chick
Cartwheel RIGHT
Merly said:
I doubt they care tbh.
This seems to highlite the BS around the "My x is more secure than your y" argument. Mozilla in the past had next to no major security flaws since there was thousands of times less people attempting to blow it up to prove their name in the security world. (sorry, to prove l33tz0r n4me R teh ub4r h4c|<3r)
Since Firefox were on the front page of Wired magazine,they've had 5 security holes published, popups have started getting through it on my unix box, and the chances are more exploits are out there unreported.....
By my reconing, we now have a score draw: Closed Source 1:1 Open Source
Zed
Rogue Chimp
Nah actually run Proventia Desktop ;-) Which is the new firewall software my company has worked on - it will simply kill that malicious code dead when it hits your hard drive.
Mozilla is still - even with these two flaws - more secure than MS. There are as of yet 4 or 5 unpliblished (read: Nonpublic) vulnerabilities in IE that MS simply cannot fix.
The response rate from Mozilla to fix these holes in the past has been much better than MS, id expect a patch to be out before the end of the week.
Mozilla is still - even with these two flaws - more secure than MS. There are as of yet 4 or 5 unpliblished (read: Nonpublic) vulnerabilities in IE that MS simply cannot fix.
The response rate from Mozilla to fix these holes in the past has been much better than MS, id expect a patch to be out before the end of the week.
Nymawae
Eternal Trial Member
As has already been mentioned Firefoxes perceived "better security" has relied a lot on "Security through Obscurity". What's the point in trying to find exploits in a product used by three blokes and a dog?
Now with FF claiming massive popularity and downloads, along with "we're secure, you cant haXX0r us, <insert raspberry here>" approach it's just like waving a red rag to a bull... I expect to see a bucket load of vulnerabilities over the coming months.
That coupled with the fact you can't "patch" FF - you have to the download the whole thing again and do a reinstall from scratch - hardly an enterprise friendly approach to security...
Finaly can I just say "Maxthon 4teHw1n \o/"
Now with FF claiming massive popularity and downloads, along with "we're secure, you cant haXX0r us, <insert raspberry here>" approach it's just like waving a red rag to a bull... I expect to see a bucket load of vulnerabilities over the coming months.
That coupled with the fact you can't "patch" FF - you have to the download the whole thing again and do a reinstall from scratch - hardly an enterprise friendly approach to security...
Finaly can I just say "Maxthon 4teHw1n \o/"
McHoff H. McChrist
4" Member
Isn't Maxthon even more obscure though?
Personally I use Lynx for mad props in the ghetto, yo.
Personally I use Lynx for mad props in the ghetto, yo.
Galias
\o/
Firefox with it's open source policy, thus the source is open to waaaay more scrutiny than IE coupled with its quick response time make it by far the best choice. The dnld is hardly massive, and the new versions install over the old versions and preserve all the settings.
Everyone I know who is even slightly tech savvy knows which one to trust and are running FF!
Everyone I know who is even slightly tech savvy knows which one to trust and are running FF!
McHoff H. McChrist
4" Member
PvP > PvE
Nymawae
Eternal Trial Member
Galias said:
List (from Mozilla) of "fixed" vulnerabilities since FF 1.0 was released in November 2004 Clicky
MFSA 2005-42 Code execution via javascript: IconURL
Fixed in Firefox 1.0.3
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user
ass@hostMFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
And that's secure?
So many myths and urban legends about open source, such little time... It's just trendy at the moment to say M$ is the debil, its software is crap and anything thats free(ish) and open source is great.
Fire Fox is a good product, but it's not perfect by a long way, two years ago Opera was the be all, until it got popular, greedy, bloated and shot full of security holes.
Be interesting to see what progress IE7 has made in the summer when it betas
Which to trust, the I dunno 500 or odd emplyee's in MS tied to the IE development and security or the thousands of people helping with FF development.
It's about as stupid as one person in a newspaper getting something printed and somehow that person's opinion is deemed more useful/constructive better than other people's.
I'd also love to see details on MS and there fairly regular autoupdates now, but they don't actually publish those details ... I wonder why
And at a rough guess I.E 7 will do more flashies, take longer to load, be less secure upon release and end up generally require higher speced PC for little functionality.
MS may not be the debil, but they are the markey leaders, know it and know they can pretty much do anything they want (like the new OS with an SQL core, oh the joy hackers will have with that).
Anyway lots of rambling and random comments, time to go play WoW
It's about as stupid as one person in a newspaper getting something printed and somehow that person's opinion is deemed more useful/constructive better than other people's.
I'd also love to see details on MS and there fairly regular autoupdates now, but they don't actually publish those details ... I wonder why
And at a rough guess I.E 7 will do more flashies, take longer to load, be less secure upon release and end up generally require higher speced PC for little functionality.
MS may not be the debil, but they are the markey leaders, know it and know they can pretty much do anything they want (like the new OS with an SQL core, oh the joy hackers will have with that).
Anyway lots of rambling and random comments, time to go play WoW
Nymawae
Eternal Trial Member
Gottaa said:
Thousands of people of unquantified skill, interest or motivation and there have still been 30 something security vulnerabilities since November? No mention of the thousands of poeple looking to exploit the code either.
Gottaa said:I'd also love to see details on MS and there fairly regular autoupdates now, but they don't actually publish those details ... I wonder why
Clicky I count 18 security updates to XP SP2 since it was released last August, couldn't be bothered to count how many were specific to the browser 1 or 2 though. That's 18 for the entire OS, not just the browser..
Gottaa said:
Based on what? Of all the early info i've seen about IE7 none of it reflects any of that, the only real details talked about is supporting the alpha channel in PNG images and address CSS consistency problems. There have been some other general comments about increased security over the XP SP2 version, and speculation about RSS & tabbed browsing. IE7 is a NEW browser, not an upgrade from IE6
Gottaa said:
*Sigh* Do you really think a market leading company actually thinks like that? MS spends around $4 billion a year on R&D. As for an OS with a Sql core there's no such thing. If you're talking about WinFS it won't appear until Longhorn Server timescales, and it's a "SQL" based file search/organisation platform using a relational engine to allow you to locate instances of storage types by using relational queries and sits on top of the existing NTFS file system.. clicky
I'm not saying IE is perfect by any stretch of the imagination, I do think there is far to much "trendy" unsubstantiated and frankly wrong stuff talked about when anyone discusses MS/Apple etc and "free open source stuff"
Last edited:
I.E 7 will have lower requirements than I.E 6 ? Cool, that'll be a first
Why don't I use I.E ? Cos firefox offers more, doesn't seem to cause my machine to chug, and while I heard of people unable to create accounts in WoW I went straight in, made mine, with no problems at all. Worth every single penny that I don't pay for it
And when the first security hole in MS's new OS is found I'll have a cookie and some warm milk as a prize
Nothing is ever perfect, it's just a case of which you prefer, and what you'll willing to put up with to get what you want.
Why don't I use I.E ? Cos firefox offers more, doesn't seem to cause my machine to chug, and while I heard of people unable to create accounts in WoW I went straight in, made mine, with no problems at all. Worth every single penny that I don't pay for it
And when the first security hole in MS's new OS is found I'll have a cookie and some warm milk as a prize
Nothing is ever perfect, it's just a case of which you prefer, and what you'll willing to put up with to get what you want.
McHoff H. McChrist
4" Member
Nymawae said:
Funny, I thought it's been trendy to say that for the last 15 years or so.
If only all MS products were like their mice. Intellimouses are still funky. \o/