Skip to comments.
Bad News About Firefox Security
Developer Weblogs ^
| 2/9/2005
| Preston Gralla
Posted on 02/09/2005 8:38:29 AM PST by KwasiOwusu
It hasn't been a good week for Firefox and its fans. First, the Danish security company Secunia warned that it had uncovered a vulnerability in Firefox and other browsers that can allow the URL displayed in the address bar and the SSL certificate to be spoofed, which means the browser and others are vulnerable to phishing attacks. The flaw affects all browsers built using the open-source Gecko browser kernel.
And this time around, Internet Explorer is not vulnerable to the attack.
Making matters worse, a few days after that, a security researcher found a trio of security bugs that affect Firefox and Mozilla -- but not Internet Explorer. Among other dangers, the bugs can allow someone to steal your cookies, and then use them to find out personal information about you and log into web sites with your login.
Perhaps most disturbing is that as of this writing, although fixes have been found, they have not yet been rolled up into a patch, or made available in a new Firefox version that can be downloaded and installed.
(Excerpt) Read more at onlamp.com ...
TOPICS:
KEYWORDS: computersecurity; firefox; internetexplorer; microsoftastroturf
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 ... 101-104 next last
To: thoughtomator
When Firefox has been on the market for four years like IE 6, you can make a valid comparison. Until then, you're erecting a strawman.
21
posted on
02/09/2005 9:12:43 AM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: Doohickey
Not at all. I'm talking about
only during the duration of Firefox's existence. If you think it necessary for fairness, I'll even chop off the first 6 months or so.
Heck, if you can find any 3-month period ever with fewer IE security problems than Firefox security problems, I'll withdraw my comments. I'm also willing to consider other fair comparisons, if you can find any that are favorable to IE.
22
posted on
02/09/2005 9:15:41 AM PST
by
thoughtomator
(reporting from Cylon-occupied Caprica)
To: Doohickey
"When Firefox has been on the market for four years like IE 6, you can make a valid comparison. Until then, you're erecting a strawman."
Yeah, the comparison is that IE has had 6 years to fix stuff, re-design, and improve, yet the first couple of Beta releases of Firefox are comparable (or better) than a product which should be mature by now.
To: KwasiOwusu
"someone is throwing a child tantrum"
You?
LMAO!!" Yep you got it and just keep thinking down those lines. I state a fact and you jump on it. What I really like about MS Bigots is that no matter how much you point out the obvious they (you) still don't get it. I will grant you this one point though when Firefox finally reaches the amount of users as Outlook, and it will the geek terrorists will be going after it just as much.
24
posted on
02/09/2005 9:17:42 AM PST
by
reagandemo
(The battle is near are you ready for the sacrifice?)
To: thoughtomator
"Tell me then, during the period of time that Firefox has been on the market, how many security flaws were found in Firefox, and how many in IE?"
Tell me, what is the market share of Firefox again?
And how many malignant virus writers are wasting their time writing any viruses at all for Firefox as against the dominant IE?
Bottom line, by far most virus writers concentrate all their efforts on the overwhelmingly DOMINANT IE.
Very few bother writing viruses for Firefox at all.
Even now, when the market share of Firefox hit just 5% in 2004, the # of viruses for Firefox have ALREADY shot up sharply between 2003 and 2004..and that is with just 5% of the market.
To: reagandemo
"What I really like about MS Bigots "
Ummm ....biggest bigots on the planet are the open source fanatics and crazies.
To: KwasiOwusu
Nice shift of the subject, but you won't get away with that so easily. I'm not talking about the number of viruses that are written to take advantage of security flaws. I'm talking about the number of security flaws that exist to be taken advantage of.
Seems my prediction is holding - you won't even attempt an honest answer, because you know any fair comparison looks terrible for MS.
27
posted on
02/09/2005 9:22:25 AM PST
by
thoughtomator
(reporting from Cylon-occupied Caprica)
To: webstersII
Firefox is a good browser, and no doubt benefits lessons learned by other browsers. Nothing wrong with that; you wouldn't expect a fledgling car company to start with a Model T.
The point is, that the comparison make is just demagoguing the issue. The "bad guys" and "good guys" will leapfrog each other no matter who makes the software.
28
posted on
02/09/2005 9:25:37 AM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: JustAnAmerican
"you are kidding right?"
I think its you that is kidding.
Get your head out of the sand ostrich, and face reality, will you?
Bottom line: As at today, Microsoft has issued their patches, Firefox hasn't.
To: KwasiOwusu
According to that standard - assuming it's not a convenient throwaway argument useful only for a specific day - how many days has IE had unpatched security problems, and how many days for Firefox? Let's look at the last year only, as I'm not interested in yet another repetition of the "IE has been out X years, Firefox is new" canard.
30
posted on
02/09/2005 9:30:38 AM PST
by
thoughtomator
(reporting from Cylon-occupied Caprica)
To: KwasiOwusu
Ummm ....biggest bigots on the planet are the open source fanatics and crazies. Good grief.
31
posted on
02/09/2005 9:31:11 AM PST
by
Liberal Classic
(No better friend, no worse enemy. Semper Fi.)
To: Liberal Classic
That pretty much clinches the case that our friend Kwesi hasn't a clue what he's talking about.
32
posted on
02/09/2005 9:34:26 AM PST
by
thoughtomator
(reporting from Cylon-occupied Caprica)
To: Liberal Classic
Thank you! The delusion he projects is absolutely amazing! I love it when a person brings a knife to a gun fight. He has surely brought a butter knife too!
33
posted on
02/09/2005 9:35:03 AM PST
by
reagandemo
(The battle is near are you ready for the sacrifice?)
To: thoughtomator
I'm not defending IE per se. In fact, I'm posting to you using Firefox. There's no good way to make a direct comparison. After you factor-in and weight time-in-the-marketplace and market share (as a start), all you'll end up doing is a lot of math.
Firefox learned, as it should have, every lesson that IE learned during it's four years.
That said, I will now bash Microsoft for enabling every known feature in their browser when the SHOULD have known better.
34
posted on
02/09/2005 9:35:09 AM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: KwasiOwusu
I used IE for years, and had my share of problems. I switched over to Firefox six months ago, and haven't had one problem yet.
So I just recently loaded Firefox onto all my computers. And now this. Just my luck.
Still, I think I'll stick with Firefox a while longer. IE I know is frustrating; Firefox has yet to disappoint.
35
posted on
02/09/2005 9:38:13 AM PST
by
kevao
To: thoughtomator
While you make some good points, Mozilla/Firefox has some major problems to overcome before it will ever see widespread enterprise use. Up to now, patching most OpenSourceSoftware (Firefox included) meant installing a whole new version or patching and then recompiling the source code. Neither of those options are practical in a large-scale IT environment.
MS has problems, I don't think you'll find many that deny it, but they are trying and their patch management has come a long way in the last year or so.
To: thoughtomator
"Nice shift of the subject, but you won't get away with that so easily. I'm not talking about the number of viruses that are written to take advantage of security flaws. I'm talking about the number of security flaws that exist to be taken advantage of."
Rubbish.
Typical twisted open source logic.
I don't care what you think you want to talk about
Look above. I started the thread , and THIS is what I am talking about.
Its you that is changing the topic.
If someone writes a new browser,and keeps it on his computer at home, and no one else knows about it, and no viruses have ever been written for it, he can claim that his browser has had zero attacks from viruses.
He will have a 100% security record.
Does that mean his browser is safe?
Not a chance.
The only way to test the security of any browser is to put it out on the market and have the virus writers do their worst.
If some browser has a tiny market share (like Firefox) and very few virus writers are botherimng to write viruses for it, does it mean its secure? NOT A CHANCE!!
To: mnehrling
It doesn't seem to perform as well as IE. I have found Firefox to be impossible to use on my laptop. The cursor control is terrible and I can't compose with it because my mouse pad refuses to integrate with it..
38
posted on
02/09/2005 9:43:54 AM PST
by
Cold Heat
(What are fears but voices awry?Whispering harm where harm is not and deluding the unwary. Wordsworth)
To: KwasiOwusu
" Bottom line: As at today, Microsoft has issued their patches, Firefox hasn't."Well now I am convinced that you are either a,
(1) Troll looking for flame wars.
Or
(2) MS shill, heck maybe even both.
In any case MS took 8 months to release that patch(as I pointed out in my last post to you), lets just see how long Firefox takes shall we. If Firefox's past history is any indication I guarantee It will not even be close to 8 months.
39
posted on
02/09/2005 9:44:46 AM PST
by
JustAnAmerican
(Being Independent means never having to say you're Partisan)
To: Doohickey
You can make some comparisons without doing a ton of math, such as comparing the average time from knowing a bug exists to fixing it. The number I'm interested in isn't subjective or subject to the market at all - it's the total number of security flaws that exist in the product during any arbitrary, but long enough to be representative, period of time.
40
posted on
02/09/2005 9:44:46 AM PST
by
thoughtomator
(reporting from Cylon-occupied Caprica)
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 ... 101-104 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson