Mozilla confirmed the presence of an unpatched flaw in its browser on Thursday, with a post promising to release a fix at the end of the month. The flaw, discovered by security researcher Evgeny Legerov and reported by The Reg last month, creates a means to inject hostile code on vulnerable systems. The vulnerability is due to …
Leave security to the professionals
Let's face it lads... when it comes to security, Firefox is like those two generic security guards in any episode of The Professionals, minding the warehouse when the villains turn up. They're koshed to the floor in that affected way that only non-speaking extras can do, and the villains are away with the loot before Bodie & Doyle can start the Capri.
Mozilla have no Cowlie, you see?
I too would downvote this post
if I took it seriously.
Then perhaps you'll take this seriously then:
No? Didn't think so. Let's keep a tally of all the Firebadger Fanboi responses to the Germany story that beging with 'Yeah but...'
don't see your point.
Spelling it out for the special needs
Um. Not very good at security, is it. Do you see?
it's an article that states there are no known attacks in use. That is not conclusive but it is considerably better than all the zero day vulnerabilities in this or that that are attacked beyond a doubt. Then bear in mind that no software used in the same ballpark as any modern internet browser is 100% secure - including most if not all of the antimalware tools, bricking systems on a regular basis. There is a baseline below which there is not much point chuntering on about security. Just going online is a risk, but we all take it.
Bounty price is kr4d
Am I the only one that picked up on the Bounty price being $1,337? LEET!
At all the fools that jumped on the Firefox train because everyone told them IE was unsecure and Firefox was a better bet..
Firefox is actually now WORSE than IE for security blunders...
OK, which one of you guys are astro-turfing again? Larry, Eric, Sergei? ;)
You all should increase the payout on the bugs, so Apple and the JooJoo tablet get a more secure WebKit rendering engine sooner...
I have been growing increasingly displeased with Firefox from the security and performance standpoint for a while now (why does any web browser need 250mb of ram?).
So the reasons I switched originally were:
- Slightly better rendering on sites that don't cross browser well, as of IE8 not a problem as long as sites have updated their code recently.
- Faster JS engine, no longer an issue. I haven't come across a site in a couple of years that I could notice a problem with
- More stable then IE, getting 1 or 2 crashes a day now on "release" versions so clearly a load of crap these days
- More secure then IE, load of crap these days
- Availability of ABP & NoScript, working on my own version for IE
Basically there is no reason to use FireFox anymore. Bye Bye FF, may you rest in peace when your memory requirements swell to the several gigabytes you clearly want.
I'd have preferred for Mozilla to say "be careful out there".
So apparently the delay in Mozilla's response is due to the security researcher being coy. That is not playing fair - seemingly. Although why or whether he should work for nothing, I'm not sure...
I'll see whether I can post this suggestion to Secunia - that if you report a vulnerability but you don't supply details, it's credited to Mr W. Disney, for instance, because he or she disnae tell us what we need to know.
It was mentioned in a previous article
Once Firefox's Bloat Set In
You had to realize this is where it would end. I think 1.5 was the last version that didn't include a "gotcha" with its release. Every major upgrade since then has involved giving up one feature in exchange for another.
Symptoms of a software project with Microsoft Envy:
- Every version was released with obvious lies like "5 times faster than the previous version".
- The bloat just wouldn't stop.
- More effort was spent on eye candy (aka skins) than fixing long standing bugs. Form obviously took precedence over function.
Some examples? The switch from plain text to db config files made administration a nightmare. No, I don't want to hear that there is a utility to address that because by the time it came out for version N it was already nearly obsolete by the release of version N+1 with which it was guaranteed to be incompatible, both in implementation and probably a whole new paradigm.
The TV remote control style forward/back button introduced with 3.0 gives you less usable forward and back entries in the history than previous versions. But I guess it looks cool so its better? I liked having the ability to skip more pages at a time.
Firefox still has years old print bugs that will never be fixed.
Every bug I've ever posted or followed on Bugzilla has remained unfixed, passed from maintainer to maintainer until it was finally closed due to being "obsolete." A bug I reported back in MOZILLA 1.7 (Yes, Mozilla, BEFORE Firefox) still exists but has been closed repeatedly in Bugzilla.
Every security rewrite broke all your extensions yet Firefox became increasingly dependent on extensions to replace core functionality they were abandoning. Right now I haven't gone to 3.6 because all the utilities to get cookies out as text are incompatible.
Maybe they can redefine the project and get back to the basics but I doubt it, I think chrome has stolen the lightweight, functional, utilitarian crown from them.
Firefox 3.6.2 is released
I suppose it really needed to be, what with 3.6 being banned fo!rom Germany.