|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
18:04 EST/23:04 GMT | News Source:
ZDNet |
Posted By: John Quigley |
Now that Firefox has become the first viable contender to Microsoft Internet Explorer in years, its popularity has brought with it some unwanted attention. Last week's premature disclosure of a zero-day Firefox exploit came a few weeks after a zero-day exploit for Internet Explorer appeared on the Internet. Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months
|
|
#1 By
32132 (207.81.85.238)
at
9/17/2005 12:19:18 AM
|
Told ya so.
|
#2 By
3 (62.253.128.15)
at
9/17/2005 9:58:51 AM
|
yeah for exploits its not looking good, still the best browser out there usability wise. Shame they don't live up to the security promises.
|
#3 By
32132 (207.81.85.238)
at
9/17/2005 12:24:14 PM
|
I prefer Maxthon. IE Engine. More secure than Firefox.
|
#4 By
15406 (24.43.125.29)
at
9/17/2005 1:33:19 PM
|
Heh, my city has less crime than yours because we only had 6 murders to your 11 jaywalkings.
I'd rather use a browser that gives up your browse history than one that repeatedly lets someone else own your box. FF is still a better bet usabiity-wise (IE's UI designer even thinks so), and is still a more secure product. Meanwhile, yet another new IE flaw is discovered in XP SP2. But it's OK because MS says without exploit code in the wild (that they know of - and they know everything), no one's at risk...
|
#5 By
32132 (207.81.85.238)
at
9/17/2005 6:44:50 PM
|
#4 "FF ... is still a more secure product"
Nonsense.
The point of the article Latch is that Firefox overall is less secure in terms of vulnerabilties - 40 vs IE 10 over the last 6 months, and has more exploits in the wild.
Firefox is a sieve.
And as one developer put it, there are 1000's of FF vulnerabilities secretly fixed and never admitted to.
|
#6 By
15406 (24.43.125.29)
at
9/17/2005 11:12:43 PM
|
#5: why do you not consider severity? Some glitch that causes a plugin to crash is not quite on the same scale as IE bending your system over for any website running the right code.
And as one developer put it, there are 1000's of FF vulnerabilities secretly fixed and never admitted to.
Well I'll certainly take the word of that world-reknowned FF authority, developer Mr. X with a grain of salt. Or did you just make that last part up?
|
#7 By
12071 (203.158.58.209)
at
9/18/2005 6:14:43 AM
|
#6 "why do you not consider severity?"
Isn't that obvious? He doesn't consider it for the same reason the author doesn't consider it. For the same reason why neither of them considered how long it took for those FireFox vulnerabilities to be patched v.s. how long it took Microsoft to patch theirs (that is in fact if they have actually bothered to patch them!). And for the same reason why they both didn't consider that IE has unpatched vulnerabilities from over 2 years ago!!
They didn't consider any of those things because it would screw up their brilliant statistical analysis. They didn't consider those things as they would have nothing exciting to write about - we've had articles for years now telling us how horribly insecure IE is - another one would just get lost. This article is proof (once again) that you can tell any story you like with statistics - you just need to limit the data you expose.
"And as one developer put it"
Parkkker is referring to himself - he tried to contribute but was upset when he found he couldn't use his excellent VB skills like he can with IE.
|
#8 By
15406 (24.43.125.29)
at
9/18/2005 10:57:52 AM
|
#7: Amen, brother. Secunia says it all with total history, not just the small window that the ZDNet article chose to make the author's bogus point:
Firefox 1.x: 22 advisories - 3 unpatched, 1 partial fix, and the rest patched or with a vendor workaround. Severity: 3 highly critical, 4 moderately critical, and the rest less or not critical.
IE 6: 69 advisories - 20 unpatched, 2 with vendor workaround, 40 with vendor patch, 9 with partial fix. Severity: 10 extremely critical, 20 highly critical, 14 moderately critical, and the rest less or not critical.
What was that you were saying Parkkkker? IE has more critical flaws that FF has total flaws.
<Apu>Thank you, come again.</Apu>
|
#9 By
32132 (207.81.85.238)
at
9/18/2005 11:54:00 AM
|
We've been over this before.
Since FF used Production Mozilla code, you have to count 0.x Firefox vulnerabilities which is another 32.
And then Mozilla (before Firefox 0.x)
24 for Mozilla 1.6
25 for Mozilla 1.5
30 for Mozilla 1.4
30 for Mozilla 1.3
25 for Mozilla 1.2
etc etc
And when you add those up, Firefox/Mozilla has more than IE 6. ***
Firefox/Mozilla is a sieve
And since Firefox/Mozilla has no patching mechnism to get patches out there, 99% of all Firefox installs are still vulnerable.
And then there is the whole issue of Firefox vs. IE 6 on XP SP2, which is essentially a different and much more secure product.
Those on the sieve team (Firefox team ... should really take a 1 year sabbatical from coding extensions and work on security.
Frankly I'm disappointed your standards are so low. You'll forgive the sieve team anything.
(*** Yes, there is some overlap in count Mozilla 1.x blah blah blah but the total which I've posted before a zillion times, is still higher than IE 6.
|
#10 By
32132 (207.81.85.238)
at
9/18/2005 11:57:25 AM
|
Just to refresh you mind how horrible Firefox security has been recently:
Here is a break down of recent vulnerabilities:
Month Firefox 1.x Vulnerabilities IE 6.x Vulnerabilities
Sept 2005 1 0
Aug 2005 0 4
July 2005 10 1
June 2005 2 1
May 2005 3 1
Apr 2005 9 3
Mar 2005 15 0
Total 40 10
Note that this is not a count of the number of advisories because advisories can contain multiple vulnerabilities. This is a count of the actual number of vulnerabilities.
Here is a break down of recent published exploits:
Month Firefox Exploits IE Exploits
Sept 2005 1 0
Aug 2005 0 3
July 2005 4 1
June 2005 0 0
May 2005 4 0
April 2005 2 2
Total 11 6
|
#12 By
32132 (207.81.85.238)
at
9/18/2005 12:07:59 PM
|
And if you want to count critical flaws:
39 Critical and High Firefox flaws (Isn't that more than the 2 highest IE 6 categories?)
I'll leave others to count the Mozilla ones.
|
#13 By
15406 (24.43.125.29)
at
9/18/2005 12:28:20 PM
|
Since FF used Production Mozilla code, you have to count 0.x Firefox vulnerabilities which is another 32.
Oh, BS. If you want to start down the trail of history, we'll start with IE 5.x, IE 4.x and so on. With that as a baseline, I odn't know if the world has a supercomputer powerful enough to calculate all the flaws in IE throughout its history. Just give it up.
This post was edited by Latch on Sunday, September 18, 2005 at 12:29.
|
#14 By
61 (65.32.175.192)
at
9/18/2005 6:03:18 PM
|
What exactly is bad about IE's UI?
Hell, Firefox's interface was built around copying IE.
|
#15 By
32132 (207.81.85.238)
at
9/18/2005 9:10:00 PM
|
#13 Go ahead. Try to save face by claiming Firefox 1.0 sprung out of nowhere and didn't include buggy Mozilla crap from 1.73, 1.72, 1.71, 1.7 (which they admit to) let alone all the buggy crap from before.
From 0.x release to now there are more Firefox security issues than 3 years of IE security issues.
Firefox is a pretty face on an ancient buggy codebase that is a sieve security-wise.
The whole point of the article is that Firefox's inherent insecurity is being exploited now! And just in the last 6 months there are 4 times as many Firefox security issues than IE.
And without a decent patching mechanism 99% of Firefox users are vulnerable. To real exploits.
You are doing no one a favor by trying to con people into staying with Firefox.
|
#16 By
37047 (216.191.227.68)
at
9/19/2005 3:24:26 PM
|
IE is such a steaming pile of crap that even MS employees have publically stated in their blogs that they are switching to Firefox. And the once MS owned online magazine, Slate, had an article encouraging people to switch to Firefox.
#15: Go ahead. Try to save face by claiming that IE 6.0 sprung out of nowhere and didn't include buggy IE5.x, IE 4.x, IE3.x, IE2.x, and IE1.x crap. Everything you say here about Firefox can also be said about IE, except for it being a pretty face on an ancient buggy codebase, as IE is not exactly pretty.
The only reason MS is even bothering to create an IE 7 is because they are now scared by Firefox's gaining popularity.
Also, when the Mozilla Foundation fixes a defect in Firefox, we don't have to wait up to a month before we can get it. We can get it as soon as it is fixed. MS makes us wait until Patch Tuesday to get the fixes.
Even with the defects, and both products have them, I will take Firefox over Internet Exterminator any day.
|
#17 By
15406 (216.191.227.68)
at
9/19/2005 3:30:07 PM
|
#15: Parkkkker, you're such a cheerleader it isn't funny. You'd probably work for MS for free given the chance. We were comparing Firefox 1.x with IE6. I realize that your argument doesn't hold water so you're trying to distract. If you want to go back to 0.x, like I said we can also compare IE5 on down. After all, IE6 didn't spring frmo nowhere right? It was built on the buggy IE5 code etc etc, so don't go there sister.
btw, there is a rather large difference between a bug and a security hole. Try not to confuse them in the future ok?
|
#18 By
61 (65.32.175.192)
at
9/19/2005 4:40:31 PM
|
#16, Patch Tuesday came about because people complained about Microsoft sporadically releasing patches and it costing too much money. Now you complain when they do monthly patch releases?
Also, if there is a severe problem, Microsoft will release the patch as soon as it is available, not just on Patch Tuesday.
|
#19 By
32132 (207.81.85.238)
at
9/19/2005 11:02:25 PM
|
Firefox is a sieve. Firefox toadies like to deny this, but no one takes anything Latch says seriously anyway. Except for other FF toadies.
It must be so annoying to you two have to grovel and beg people to take Firefox seriously after so many security exploits have made Firefox a laughingstock.
|
#20 By
37047 (216.191.227.68)
at
9/20/2005 9:16:49 AM
|
There is a new article on BetaNews about FF and its security flaws:
http://www.betanews.com/article/Firefox_Mac_Not_Immune_to_Flaws_Viruses/1127167953
A highlight of the issue, which concerns a report from Symantec concerning security as related to Firefox and Mac OS-X:
In fact, Mozilla led all browsers in terms of disclosed security flaws. But Symantec cautioned about reading too much into the significant difference between the number of flaws disclosed for either browser.
"The fact that Mozilla browsers had the most vendor confirmed vulnerabilities over the past two six-month periods may suggest that Mozilla is currently acknowledging and fixing vulnerabilities more quickly than other vendors," Symantec wrote in the report.
The firm also said the overall increase in flaws uncovered in Web browsers could be in response to browser makers becoming more proactive in protecting their users.
Statistics are like a hammer. Who gets hit on the head depends entirely on who is doing the wielding.
|
#21 By
37 (67.37.29.142)
at
9/20/2005 2:41:16 PM
|
I see latch is avoiding the facts AS USUAL.
|
#22 By
37047 (216.191.227.68)
at
9/21/2005 9:05:22 AM
|
#18: CPUGuy: Some people did complain about the MS patch release schedule. However, I was not one of them. I prefer to have my patches as soon as they are tested and ready. To be fair, I only have a couple of systems to keep updated, unike the SysAdmins of larger organizations.
|
|
|
|
|