Firefox taking fire

GilesGuthrie

GilesGuthrie

Staff Emeritus
11,038
United Kingdom
Edinburgh, UK
CMDRTheDarkLord
It's interesting that, on the heels of the evangelists proclaiming Firefox to be the end of all internet woes, a set of security flaws have been discovered in the product. The latest facilitates a user to run Shell commands unsupervised on the victim's Linux/Unix box, and has been rated "extremely critical" by Secunia. It affects Firefox v1.0.6, but can be fixed with an upgrade to v1.0.7.

Symantec reported on 19th September that in the first half of 2005, 25 confirmed vulnerabilites (18 "High Severity") were exposed in the Mozilla browsers. In the same period, 13 vulnerabilities (8 "High Severity") were exposed in Internet Explorer. Symantec classifies "High Severity" as "resulting in a compromise of the entire system if exploited".

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred", but added that it "expects this to change as alternative browsers become increasingly widely deployed."

Mozilla unsurprisingly defend their record, but cite the number of vulnerabilities recorded right back to 2003, which is before their browsers became prominent outside of the specialist computer users. It's also interesting that Mozilla browsers are on a highly-rapid patch/upgrade cycle, something that tends to expose their "secure by design" claims.

My own personal experience is that Firefox is a good browser. It doesn't provide the common way to the OS that Internet Explorer does, but it does have its own issues. Having used it on a number of different systems, I don't agree with its much-vaunted and oft-repeated performance advantage. Any increase in page rendering speed is more than offset by simply terrible app start/app switch time.

The main reason I use it is for development. It's so fussy with Javascript and CSS that if the page looks right on Firefox, any browser will render it as intended.

Methinks that a Mozilla backlash may be brewing. Just in time for IE7...
 
Hmmm, so GG what would you suggest, should I stick with Firefox or resort back to IE?
 
I prefer Firefox by far, gain I didn't switch for security but IE has plenty of flaws of it's own and isn't as good to use imo.
 
and IE has what, millions upon millions of fatally severe flaws, and always has. just because some more flaws have been found, doenst mean its suddenly incredibly unsecure
 
Aaand in response:


Mozilla fires back at Symantec over security report
Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."

He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"


IE has gone through 6 revisions and still 85 exploits were found between 2003 - 2005. Firefox is only a few years old, you'd expect it to be gaping with holes being premature compared to IE and all. But Firefox has only 22 "less critical" security issues. Even though Firefox has holes, its still much safer to use than IE.
 
Shannon
Aaand in response:


Mozilla fires back at Symantec over security report
Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."

He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"


IE has gone through 6 revisions and still 85 exploits were found between 2003 - 2005. Firefox is only a few years old, you'd expect it to be gaping with holes being premature compared to IE and all. But Firefox has only 22 "less critical" security issues. Even though Firefox has holes, its still much safer to use than IE.
Click to expand...


couldnt be said any better 👍
 
My opinion on the browsers is that the hackers/virus writers can have their way with any of them. The one with the biggest security risk is the one being used by the most people... especially if it has been on top for a while.

When Firefox becomes the number 1 internet browser, I'll find a lesser known one.
 
^they dont target smaller browsers as there would be a smaller impact then, and they dont get any fun from that. my opinion is that they hack them to keep us safe, showing up flaws so they get fixed before anything can get out of hand with that fault (well, i think some do, others would do it for money)
 
I use Firefox, and will continue to use it untill somthing better comes along. Unlike IE which patches once every few months, Firefox upgrades regularly and produces patches very frequently. I feel confident that whenever a serious security flaw is discovered Mozilla will have a patch in a month.
 
To tell you the truth, I only really use Mozilla because it isn't Microsoft.

I like to back the underdog:)
 
When I use IE and go to sites with ads, like emulator sites or warez I end up with LOTS of crap spyware. When I use firefox for those pages there is absolutely none to be found.

edit:
IS v1.0.7 out yet? Do you have a link to it?
 
Shannon
Aaand in response:

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."
Click to expand...

Ouch! Mozilla +1 Microsoft 0.

I'll never go back to using IE. I can't stand it anymore. Tabbed Browsing is just so useful and I love FF's ability to install extensions like IEView (For those times when a site refuses to work in FF) and AdBlock.
 
Firefox all the way baby, been an avid user since release and will never go back to IE, if i didnt use such fussy programmes and had a little knowlage about Programming then i would move my whole system to Linux anyway.
 
Well, personally, I think that the largest security flaw in any system is at the Keyboard-Seat Interface. It doesn't matter which browser is on the system, if the user is an idiot, they'll get themselves into trouble.
 
GilesGuthrie
Well, personally, I think that the largest security flaw in any system is at the Keyboard-Seat Interface. It doesn't matter which browser is on the system, if the user is an idiot, they'll get themselves into trouble.
Click to expand...
True. My home computer's biggest flaw is called "sisters".

They use IE by the way, only I use Firefox at home.
 
evilgenius788
Firefox just provided a new update, maybe to patch the holes Symantec revealed?
Click to expand...

Werd I just got 1.0.7 too. But if you're wanting to try an alternative to FF, Opera is now ad-free at no cost. Uses less physical memory, and runs quite abit faster than IE/FF, but I'm sticking with my FF.
 
Ya I just downloaded 1.0.7 but I have no idea what the difference is. I suck at knowing about computers.
 
BlazinXtreme
Ya I just downloaded 1.0.7 but I have no idea what the difference is. I suck at knowing about computers.
Click to expand...
Yay for changelogs!

Specific changes in Firefox 1.0.7
  • Fix for a potential buffer overflow vulnerability when loading a hostname with all soft-hyphens
  • Fix to prevent URLs passed from external programs from being parsed by the shell (Linux only)
  • Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that uses an "eval" statement
  • Fix to restore InstallTrigger.getVersion() for Extension authors
  • Other stability and security fixes
 
Shannon
Yay for changelogs!

Specific changes in Firefox 1.0.7
  • Fix for a potential buffer overflow vulnerability when loading a hostname with all soft-hyphens
  • Fix to prevent URLs passed from external programs from being parsed by the shell (Linux only)
  • Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that uses an "eval" statement
  • Fix to restore InstallTrigger.getVersion() for Extension authors
  • Other stability and security fixes
Click to expand...

WTF? You know I don't speak Spanish :lol:.

But really I couldn't begin to even know what this all means.
 
ha thats funny i used to work at symantec headquarters, i wonder whos idea was it to attack mozilla.
or were they just trying to point stuff out?
 
____________Internet Explorer is a Crime , always has been a heap'o'turd for diseases . In XP it's sooo blue in all senses that it's like been under arrest in old mother russia .
____________IE7 will be a FireFox clone ( is that FireFux to MS ? ) no doubt . I use firefox w/extensions for heavy duty browsing and supplement it wiv Opera which is very kind to history , bookmarking & downloading . Opera is the cooler side of the operation where things get stored , scientific discoveries are made etc...
___________Extensions are what makes Firefox shine . The possible exploits mentioned have scripting as their route in , to circumvent this do a goog for yur local freindly mirror (FTP) with this going on ; 'pub/mozilla/pub/mozilla.org/extensions/' in there will be a '/noscript' .xpi . If you are still poor&exploited&usingWidnose it's tools/folder options/file extension time , just associate the .xpi wiv da OranjFox . Close the browser , double click noscript and any other extensions of your choice that remain compatible w/ure version ( noscript sits in 1.0.6+ ) then install them now and restart Firefox .
___________Noscript will unobtrusively block all scripts 'cept those you allow w/ just one tick . This means if you catch a plague you let the rat in and your to blame . none of yo' moaning !
 
DeLoreanBrown
____________Internet Explorer is a Crime , always has been a heap'o'turd for diseases . In XP it's sooo blue in all senses that it's like been under arrest in old mother russia .
____________IE7 will be a FireFox clone ( is that FireFux to MS ? ) no doubt . I use firefox w/extensions for heavy duty browsing and supplement it wiv Opera which is very kind to history , bookmarking & downloading . Opera is the cooler side of the operation where things get stored , scientific discoveries are made etc...
___________Extensions are what makes Firefox shine . The possible exploits mentioned have scripting as their route in , to circumvent this do a goog for yur local freindly mirror (FTP) with this going on ; 'pub/mozilla/pub/mozilla.org/extensions/' in there will be a '/noscript' .xpi . If you are still poor&exploited&usingWidnose it's tools/folder options/file extension time , just associate the .xpi wiv da OranjFox . Close the browser , double click noscript and any other extensions of your choice that remain compatible w/ure version ( noscript sits in 1.0.6+ ) then install them now and restart Firefox .
___________Noscript will unobtrusively block all scripts 'cept those you allow w/ just one tick . This means if you catch a plague you let the rat in and your to blame . none of yo' moaning !
Click to expand...


In english please?
 

Similar threads

Jezza819
Youtube stuttering, frame loss, and losing quality 4k videos
Replies
11
Views
6K
Jezza819
Jezza819
Jezza819
Help for an old slow computer
Replies
29
Views
2K
Jezza819
Jezza819
Kobayashiiii
Help plz guys! I can't upload decals.
Replies
4
Views
2K
Kobayashiiii
Kobayashiiii
Kobayashiiii
Help plz guys! I can't upload decals. [Repost to the correct subforum]
Replies
12
Views
1K
MatskiMonk
MatskiMonk
Pippin Decals
Decal uploader Broken issue GT7
Replies
5
Views
2K
MatskiMonk
MatskiMonk

Latest Posts

Back