Posted on 06/25/2004 7:05:03 PM PDT by ShadowAce
Thanks for responding. I suspected that Microsoft made it very difficult and I wanted to remove out of spite for all the grief that Wintel has given me compared to Macintosh, not for any really good reason.
Yeah, that was the first one I installed. It still doesn't work like the "slave" option, but I'm adjusting. Thanks.
Bump
I think that's a good point. However I don't know how it would compare to IE, there's not a corollary site for MS internal bug fix logs, I don't think. But maybe we could look at security vulnerabilities.
So, you got me thinking though. To really compare, we'd need some metric to weigh the potential risk, which we don't have in order to compare.
Ignoring the relative severity of this particular exploit unique to Windows/IE, I thought it might be interesting to look at a comparison of number security vulnerabilites specific to the two browsers.
FWIW, here's what I got from http://www.securityfocus.com/bid/vendor/ since Jan. 1, 2004:
Security Vulnerabilities specific to Mozilla Browser
2004-06-14: Mozilla Browser URI Obfuscation Weakness
2004-05-26: Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability
2004-05-26: Mozilla Browser Cookie Path Restriction Bypass Vulnerability
2004-04-15: Mozilla Messenger Remote Denial Of Service Vulnerability
2004-03-10: Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution Vulnerability
2004-03-10: Mozilla Browser Proxy Server Authentication Credential Disclosure Vulnerability
2004-01-20: Mozilla Browser Cross Domain Violation Vulnerability
Security Vulnerabilities specific to Internet Explorer
2004-06-21: Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability
2004-06-16: Microsoft Internet Explorer HREF Save As Denial of Service Vulnerability
2004-06-15: Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability
2004-06-10: Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
2004-06-10: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities
2004-06-07: Microsoft Internet Explorer URL Local Resource Access Weakness
2004-06-04: Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability
2004-05-18: Microsoft Internet Explorer CSS Style Sheet Memory Corruption Vulnerability
2004-05-15: Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability
2004-05-14: Microsoft Internet Explorer Codebase Double Backslash Local Zone File Execution Weakness
2004-05-14: Microsoft Internet Explorer Double Backslash CHM File Execution Weakness
2004-05-14: Microsoft Internet Explorer Interface Spoofing Vulnerability
2004-05-11: Microsoft Internet Explorer Unconfirmed Memory Corruption Vulnerability
2004-05-10: Microsoft Internet Explorer XML Parsing Denial Of Service Vulnerability
2004-05-10: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
2004-04-30: Microsoft Internet Explorer Meta Data Foreign Domain Spoofing Vulnerability
2004-04-21: Microsoft Outlook Express MHTML Forced File Execution Vulnerability
2004-04-21: Microsoft Outlook Express MHTML Redirection Local File Parsing Vulnerability
2004-04-17: Microsoft Internet Explorer Object Element Data Denial Of Service Vulnerability
2004-04-12: Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability
2004-04-07: Microsoft Internet Explorer Remote IFRAME Denial Of Service Vulnerability
2004-04-06: Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
2004-04-06: Microsoft Internet Explorer MSWebDVD Object Denial of Service Vulnerability
2004-04-01: Microsoft Internet Explorer HTML Form Status Bar Misrepresentation Vulnerability
2004-03-29: Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability
2004-03-04: Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Search Pane Cross-Zone Scripting Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Media Bar Cross-Zone Scripting Vulnerability
2004-02-27: Microsoft Internet Explorer Cross-Domain Event Leakage Vulnerability
2004-02-16: Microsoft Internet Explorer Bitmap Processing Integer Overflow Vulnerability
2004-02-11: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability
2004-02-10: Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
2004-02-09: Microsoft Internet Explorer LoadPicture File Enumeration Weakness
2004-02-03: Microsoft Internet Explorer NavigateAndFind() Cross-Zone Policy Vulnerability
2004-02-02: Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability
2004-02-02: Microsoft Internet Explorer Window.MoveBy/Method Caching Mouse Click Event Hijacking Vulnerability
2004-01-27: Microsoft Internet Explorer CLSID File Extension Misrepresentation Vulnerability
2004-01-02: Microsoft Internet Explorer Malicious Shortcut Self-Executing HTML Vulnerability
Bush2000 will get back to you when he's done mowing Bill Gate's lawn.
THANKS!!!!!!!!! I'd never seen that before. yet another reason to use Mozilla! Sweet stuff.
You didn't ask me, but I figured I'd chime in on this late day anyway...
I upgrade to the latest nightly every couple of weeks for bug hunting, so I have to re-install my plugins regularly. Here's what I run...
There are tons of cool extensions on the Mozilla site. As usual, some are better than others, YMMV. HAND!
Thanks will take a look at them.
Done. I've only got one ping list. I only use it for tech/MS/Linux-type threads. If you're cool with that, I'll keep you on it.
Hey that's a good idea. Do they have midi file block? There's nothing worse than loading a page when that stupid sounding midi music starts playing, and you can't turn it off. As I'm usually not expecting it, it usually makes me jump out of my chair! One time I was listening to some really weak/low volume Realplayer file, left the volume on my stereo way up and continued surfing, forgetting that the voulume was WAY UP. Then I hit a midi file page and blew one of my JBL's.
Midi files on the web. Good grief, what a stupid idea.
Thanks for the links!
Security through obscurity is no security. If that mattered, then Apache would have far more exploits than IIS, yet from 1999 to now I see far more IIS exploits than Apache exploits.
Why do you think that one of the requirements of a good encryption algorithm is that the attacker should be able to know everything (including the source code) but the key and still not break it? Because you can't hide security flaws behind closed source code and expect that to save you -- look at Cisco.
Except that the other browsers don't use system-level DLLs to do render, opening the door for a system takeover. Except that the other email clients don't use those same DLLs to render HTML emails, thus providing another pathway for web-based attacks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.