Author Topic: Bad FireFox Hole  (Read 4380 times)

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Bad FireFox Hole
« on: 9 May 2005, 08:05 »
Slashdot Discussion

A problem with FireFox on Windows.  Click on a malicious webpage anywhere and arbitrary code gets executed.

Partially mitigated by the Mozilla foundation by updating their servers, but not fully fixed yet.
In brightest day, in darkest night, no evil shall escape my sight....

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Bad FireFox Hole
« Reply #1 on: 9 May 2005, 14:51 »
This is proof that open source software isn't always more secure.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Bad FireFox Hole
« Reply #2 on: 9 May 2005, 20:14 »
Quote from: Aloone_Jonez
This is proof that open source software isn't always more secure.
It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.

Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.
« Last Edit: 9 May 2005, 22:25 by piratePenguin »
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Bad FireFox Hole
« Reply #3 on: 9 May 2005, 21:03 »
Quote from: piratePenguin
Don't be so retarded.


That was uncalled for, I haven't Insulted you before!

Quote from: piratePenguin
It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.


I agree.

Quote from: piratePenguin
Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.


No you don't say.

Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.

For all we know Opera could be more secure than FireFox. The only difference is the FireFox source code and bug tracking system are both open. This doesn't mean that FireFox is more secure or less sure than Opera it just means we know how many bugs and exploits have already been discovered.

About Internet Explorer, I've not herd of any newly discovered exploits for a long time.and before you start I'm not saying Internet explorer is secure. If you've thought about arguing with this paragraph then please re-read my post!
Could it be possible that Internet Explorer is actually improving!?
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Bad FireFox Hole
« Reply #4 on: 9 May 2005, 22:02 »
Quote from: Aloone_Jonez
That was uncalled for, I haven't Insulted you before!
I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.

EDIT: I edited that post. It was a bit uncalled for.

Quote from: Aloone_Jonez
No you don't say.
Yes I do say, actually. So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer. And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.
Quote from: Aloone_Jonez
Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.
The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.
Quote from: Aloone_Jonez
For all we know Opera could be more secure than FireFox.
Could be.
Quote from: Aloone_Jonez
About Internet Explorer, I've not herd of any newly discovered exploits for a long time.
Neither have I.
Quote from: Aloone_Jonez
Could it be possible that Internet Explorer is actually improving!?
Yes it could. Or it could be (but probably isn't) that (slightly) less people are using Internet Explorer and more are using Firefox... If Firefox goes under... :nothappy:
« Last Edit: 9 May 2005, 22:26 by piratePenguin »
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Re: Bad FireFox Hole
« Reply #5 on: 9 May 2005, 22:46 »
Quote
Could it be possible that Internet Explorer is actually improving!?

IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.

Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Bad FireFox Hole
« Reply #6 on: 9 May 2005, 23:22 »
Quote from: piratePenguin
I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.


I agree with you, I badly mis-worded that post.

Quote from: piratePenguin

Yes I do say, actually.


Well I was being sarcastic, but who knows Internet explorer might for all we know be the most secure browser, but I very much doubt it somehow.

Quote from: piratePenguin
So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer.


I didn't mean to imply it was, you obviosly haven't read the small print. :D

Quote from: piratePenguin
And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.


I agree.

Quote from: piratePenguin
The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.


True, but it still depends on who's looked at it and their skill level.

Quote from: WMD
IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.


That might be true.

Quote from: WMD
Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.


That's possible too, but I talking more about 3rd parties discovering exploits. MS also say that IE 7 will not require Longhorn and will run on XP.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Re: Bad FireFox Hole
« Reply #7 on: 10 May 2005, 00:33 »
3rd parties rarely discover the IE exploits, they reverse-engineer the patches, and release the worm or whatever.
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Re: Bad FireFox Hole
« Reply #8 on: 13 May 2005, 02:51 »
They released a new version of FireFox and Mozilla this morning.
In brightest day, in darkest night, no evil shall escape my sight....

adiment

  • Global Moderator
  • Member
  • ***
  • Posts: 575
  • Kudos: 519
Re: Bad FireFox Hole
« Reply #9 on: 13 May 2005, 03:08 »
Quote from: mobrien_12
They released a new version of FireFox and Mozilla this morning.

yep, they patched teh hole!:thumbup:

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Bad FireFox Hole
« Reply #10 on: 13 May 2005, 04:17 »
72-hour turnaround on a potential exploit.  I've yet to see Microsoft do THAT.  ;)

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Bad FireFox Hole
« Reply #11 on: 13 May 2005, 18:31 »
Quote from: Orethrius
72-hour turnaround on a potential exploit.  I've yet to see Microsoft do THAT.  ;)
That's (part of) the power of free software.
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: Bad FireFox Hole
« Reply #12 on: 14 May 2005, 08:15 »
Yea, power of free software. Just like "fixing" bugs so that same function gets rewritten 3 times, each patch not really fixing the problem but merely protecting against the specific exploit, when it's a critical vulnerability such as remote crash bug in linux kernel related to packet fragmentation. Microsoft sometimes does that too, but don't go touting about power of free software when even critical bugs can take damned long time to fix, and they STILL haven't patched several remote crash bugs in FireFox. Hell, there are heaps of open bugs which have been around for years and known by everyone. Nobody's just bothering to fix them. Power of free software my ass.

JanusChrist

  • Member
  • **
  • Posts: 119
  • Kudos: 15
Re: Bad FireFox Hole
« Reply #13 on: 14 May 2005, 09:22 »
Quote from: Aloone_Jonez
This is proof that open source software isn't always more secure.


Oh give me a freakin break!! Comparing Firfox to IE is like comparing the Delta Force to Barney Fief.
On your way out of Microsoft Land feel free to smash a few Windows.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Bad FireFox Hole
« Reply #14 on: 14 May 2005, 17:08 »
Well they're both web browsers, and if you read my pevious posts in this thread I've already admited that post was mis-worded. My point was while this doesn't prove whether open source is more or less secure, open source isn't inherently more or less secure.

I reckon Microsoft is still patching IE but just no longer telling anyone about the exploits, they've finally figured out that this wasn't a very good marketing tatic. I've had to download several "Windows Updates" over the last few months and some have been for IE. I wouldn't've botherd because I don't use IE I use FireFox, but it's good to have a fully patched IE in case I have to use it for some shitty IE-only website.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu: