Gosh they must have a lot of bugs
Or at least that sounded like the tone of the article of course in the same context it also means they fix them almost as fast as they get them which didn't seem worth a mention...
Firefox update fixes bug brace
Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update. Firefox version 2.0.0.6 addresses a critical vulnerability that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security …
-
Tuesday 31st July 2007 12:14 GMT Dave Murray
Re: IE7
Personally I'd rather see a fix 2 weeks after the last one than have to wait a month till the next MS patch day or maybe longer by the time they write the fix. I think it's better to be secure asap than to be at risk longer just because it's easier for the developer to release all their patches on the same day every month.
Could be worse though, it takes Oracle forever to release fixes.
-
Tuesday 31st July 2007 12:34 GMT heystoopid
Alas
Alas , they still have yet to address the problem Java!
Oh well , I have just installed the latest version of Opera 9.2 , and currently after running a series of browser security tests including the one that FF fails to render an image properly , it performed superbly and rang rings around that basic insecure piece of crap that comes fitted as standard as part of M$ Windows and appears to be much more secure and far more web 2.0 compliant as well.
What price a choice?
-
Tuesday 31st July 2007 13:08 GMT Chris
Appearance isn't everything Stu Reeves
If you compare the Secunia advisories for IE 7, Firefox and Opera you can quite plainly see which is the least secure (and it's not Firefox).
IE: http://secunia.com/product/12366/
Firefox: http://secunia.com/product/12434/
Opera: http://secunia.com/product/10615/
MS's ploy for announcing all their bad news in one go is working as people think their stuff is more secure now, when it plainly isn't.
Although it does seem that Opera is worth a go from a security perspective.
-
Tuesday 31st July 2007 13:24 GMT Anonymous Coward
Firefox "fleas"
Peter: you shouldn't need to "download the update" - Firefox should detect there's a newer version, and offer you the update automatically, if you've got that option switched on. And I can't think of a good reason to switch it from the default of "on". :) And - as usual - it's a no-brainer upgrade process, just agree to do the update and sit back!
I'm afraid to say that having more than one patch issued in this short a space of time doesn't really faze me at all. Quite the opposite - I find it comforting that the Firefox developers are concientious and skilled enough to send out a "production ready" fix for the problem(s) so quickly!
"Security through obscurity" is no security, (who do we know who does this <wink>), it's like expecting not to get burgled if you've left the front door open because you didn't tell anyone that you'd left that door open.
Biggest issue I've got with Firefox is that there's still idiots out there who only support IE6/7.
-
-
Tuesday 31st July 2007 13:58 GMT Greg
Firefox? I'm running Minefield!
If you ever want a demonstration of how flawless Mozilla's update system is, use Minefield for a while. Every single day the browser updates itself to the latest nightly build - not had a single crap-out yet and the whole update process takes around 20 seconds.
Compare that to Microsoft!
Oh, and has been said above, I would much rather have a browser be updated every week (or even every day) with the latest flaws patched, than one updated whenever the dev team (and end user, let's not forget*) can be arsed, leaving flaws exposed for much longer. The article should be praising Mozilla for getting patches out so quickly. Nicely done, lads and lasses.
*I say this bit because a lot of the XP users I know turn off Automatic Updates straight away. No-one really trusts MS to manage their PC, especially after they labeled "Genuine Advantage" anti-piracy software as a critical update.
-
Tuesday 31st July 2007 16:02 GMT Dillon Pyron
Re: So easy
Well, I haven't been infected by any of the issues resolved in the latest update of Firefox.
But it updated automagically. Unlike IE, which needs to be started manually. And only once a month. Malware authors know this, and wait until Wednesday to release new attacks. Zero day attacks are common on both browsers, but Mo publishes fixes ASAP. Unless it's a tremendous hole, MS won't fix it until the next patch release in a month. Assuming they've gotten around to it. I know of two vulns that were sent to MS three months ago that haven't been patched. Sooner or later these are going to go from "protected info by white hats" to "exploited by black hats".
-
Tuesday 31st July 2007 17:13 GMT Anonymous Coward
Java Fix
From Firefox 2.0.0.6 Release Notes:
The Java Console extension that came with Java SE 6.0u1 (J2SE6.0.01) is incompatible with Firefox as reported in Bugzilla. Java should work as expected, but the menu item "Java Console" will not be available in the Tools menu. This issue has been fixed in Java SE 6.0u2 (J2SE6.0.02) and is available for download from the Java website.
-
Tuesday 31st July 2007 17:13 GMT Anonymous Coward
Groundfox Day
"If it falls to Firefox to start a fight to cut out the cancer of bent and twisted browsing on our web with the simple sword of truth and the trusty shield of W3C fair play, so be it. They are ready for the fight. The fight against falsehood and those who peddle it. Their fight begins today. Thank you and good afternoon."
-
Tuesday 31st July 2007 21:59 GMT Anonymous Coward
3 exploits in IE7 ?
there are some known exploits in IE7. but since they cannot be mentioned until
microsoft release patches - hopefully this will occur on the next patch tuesday..if not that'll be another 28 days of vulnerability. trouble is, as its closed source, only
MS can fix this - noone else can come up with fixes or better code handling..so
you hope and pray that they can be bothered to address. Mozilla/firefox/safari
etc all have a point to make - so they're addressing these issues very rapidly.
and hey. to patch FF all you need to do is get that little update and just restart the browser..not the whole machine.
-
Wednesday 1st August 2007 06:44 GMT Anonymous Coward
Wake up
Rather than adopting the "my browser is better than yours" attitude that most of the people here seem to be taking. You should all wake up and smell the coffee and accept that they are all indeed as vulnerable as each other.
As long as you filthbags keep visiting those nasty websites for free warez and a quick peek at Paris's snizz. Then the hackers will always have a avenue to deliver their code.
Neither Microsoft or Mozilla publish security vulnerabilities on a webpage for your viewing pleasure, that would be an Arseclown decision for any company.
Go buy yourself a ZX81 and write a browser for it, and i bet its more secure than anything currently on the market.
Userbase is the target, not the browser itself
-
Wednesday 1st August 2007 09:20 GMT Paul
Safari
Safari on windows is excellent, I know it's only a beta, But it is really good. The speed difference is outstanding. Why can't the Microsoft boys produce software this good? Firefox is probably the best browser for windows, but I think Safari has the potential to be a real threat to it. http://apple.com/safari
-
Wednesday 1st August 2007 12:42 GMT Sceptical Bastard
All as bad as one another
Quote:
"I've used i.e for years, never got a virus, never been a victim of phising, never downloaded anything dodgy.... but then again, I'm not a Toser."
No, you're a smug semi-illiterate troll. You should change to a browser that provides a spellchecker.
I agree with previous comments that all browsers have vulns but at least Mozilla is quick to fix them. And I also agree with the observation that if you are prepared to click through to a moneyshot of Paris Hilton's genitalia then you deserve everything bad that happens to you.
-
Wednesday 1st August 2007 15:29 GMT Dam
Re: wake up
As long as you filthbags keep visiting those nasty websites for free warez and a quick peek at Paris's snizz. Then the hackers will always have a avenue to deliver their code.
---
Actually, no.
Firefox with NoScript perfectly handles all the porn sites that none of us ever visits.
Video of Paris anyone?
-
Wednesday 1st August 2007 17:05 GMT Andy Bright
Odd isn't it
And the same thing happens if anyone has the temerity to report on Fanboiy software in general is patched.
You can't even mention that Firefox, Mac OS or Linux (all of which I use in various capacities) has a security update without muppets feeling the need to point out IE and Windows appear to require more and that they often take months too long to be released.
We know this already - stop bleating pathetic defensive blather just because someone has pointed out it's impossible to write perfect software..
The article let anyone, who for some strange reason wasn't automatically updated by Firefox itself, know there was a fix available. Why is that a problem? Why does anything produced by Microsoft even need to be brought up?
-
Wednesday 1st August 2007 22:06 GMT Jim
@ Andy Bright
This comment stream follows the same route as normal.
1. Article points out that a Non-MS product needs an update.
2. Troll pipes up that MS makes a better product (usually includes a ref to fanboy - choose your favourite pretentious spelling).
3. Someone points out that there is nothing superior about said MS product.
4. That someone is automatically a fanboy.
Is that what you mean by “the same thing happening”? Yes it is tedious that every time something non-MS is criticised (however slight) then an MS supporter is there to put the boot in early.
This topic is closed for new posts.
Biting the hand that feeds IT
