Bad FireFox Hole

[mobrien_12]

Slashdot Discussion

A problem with FireFox on Windows.  Click on a malicious webpage anywhere and arbitrary code gets executed.

Partially mitigated by the Mozilla foundation by updating their servers, but not fully fixed yet.

[Aloone_Jonez]

This is proof that open source software isn't always more secure.

[piratePenguin]

This is proof that open source software isn't always more secure.

It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.

Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.

[Aloone_Jonez]

Don't be so retarded.

That was uncalled for, I haven't Insulted you before!

It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.

I agree.

Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.

No you don't say.

Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.

For all we know Opera could be more secure than FireFox. The only difference is the FireFox source code and bug tracking system are both open. This doesn't mean that FireFox is more secure or less sure than Opera it just means we know how many bugs and exploits have already been discovered.

About Internet Explorer, I've not herd of any newly discovered exploits for a long time.and before you start I'm not saying Internet explorer is secure. If you've thought about arguing with this paragraph then please re-read my post!
Could it be possible that Internet Explorer is actually improving!?

[piratePenguin]

That was uncalled for, I haven't Insulted you before!

I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.

EDIT: I edited that post. It was a bit uncalled for.

No you don't say.

Yes I do say, actually. So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer. And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.

Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.

The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.

For all we know Opera could be more secure than FireFox.

Could be.

About Internet Explorer, I've not herd of any newly discovered exploits for a long time.

Neither have I.

Could it be possible that Internet Explorer is actually improving!?

Yes it could. Or it could be (but probably isn't) that (slightly) less people are using Internet Explorer and more are using Firefox... If Firefox goes under... :nothappy:

[WMD]

Could it be possible that Internet Explorer is actually improving!?

IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.

Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.

[Aloone_Jonez]

I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.

I agree with you, I badly mis-worded that post.

Yes I do say, actually.

Well I was being sarcastic, but who knows Internet explorer might for all we know be the most secure browser, but I very much doubt it somehow.

So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer.

I didn't mean to imply it was, you obviosly haven't read the small print.

And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.

I agree.

The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.

True, but it still depends on who's looked at it and their skill level.

IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.

That might be true.

Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.

That's possible too, but I talking more about 3rd parties discovering exploits. MS also say that IE 7 will not require Longhorn and will run on XP.

[WMD]

3rd parties rarely discover the IE exploits, they reverse-engineer the patches, and release the worm or whatever.

[mobrien_12]

They released a new version of FireFox and Mozilla this morning.

[adiment]

They released a new version of FireFox and Mozilla this morning.

yep, they patched teh hole!:thumbup:

[Orethrius]

72-hour turnaround on a potential exploit.  I've yet to see Microsoft do THAT.  

[piratePenguin]

72-hour turnaround on a potential exploit.  I've yet to see Microsoft do THAT.  

That's (part of) the power of free software.

[muzzy]

Yea, power of free software. Just like "fixing" bugs so that same function gets rewritten 3 times, each patch not really fixing the problem but merely protecting against the specific exploit, when it's a critical vulnerability such as remote crash bug in linux kernel related to packet fragmentation. Microsoft sometimes does that too, but don't go touting about power of free software when even critical bugs can take damned long time to fix, and they STILL haven't patched several remote crash bugs in FireFox. Hell, there are heaps of open bugs which have been around for years and known by everyone. Nobody's just bothering to fix them. Power of free software my ass.

[JanusChrist]

This is proof that open source software isn't always more secure.

Oh give me a freakin break!! Comparing Firfox to IE is like comparing the Delta Force to Barney Fief.

[Aloone_Jonez]

Well they're both web browsers, and if you read my pevious posts in this thread I've already admited that post was mis-worded. My point was while this doesn't prove whether open source is more or less secure, open source isn't inherently more or less secure.

I reckon Microsoft is still patching IE but just no longer telling anyone about the exploits, they've finally figured out that this wasn't a very good marketing tatic. I've had to download several "Windows Updates" over the last few months and some have been for IE. I wouldn't've botherd because I don't use IE I use FireFox, but it's good to have a fully patched IE in case I have to use it for some shitty IE-only website.