Author Topic: Bad FireFox Hole (Read 2000 times)

mobrien_12 · « **on:** 9 May 2005, 08:05 »

Slashdot Discussion

A problem with FireFox on Windows. Click on a malicious webpage anywhere and arbitrary code gets executed.

Partially mitigated by the Mozilla foundation by updating their servers, but not fully fixed yet.

Aloone_Jonez · « **Reply #1 on:** 9 May 2005, 14:51 »

This is proof that open source software isn't always more secure.

piratePenguin · « **Reply #2 on:** 9 May 2005, 20:14 »

Quote from: Aloone_Jonez

This is proof that open source software isn't always more secure.

It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.

Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.

Aloone_Jonez · « **Reply #3 on:** 9 May 2005, 21:03 »

Quote from: piratePenguin

Don't be so retarded.

That was uncalled for, I haven't Insulted you before!

Quote from: piratePenguin

It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it.

I agree.

Quote from: piratePenguin

Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that.

No you don't say.

Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.

For all we know Opera could be more secure than FireFox. The only difference is the FireFox source code and bug tracking system are both open. This doesn't mean that FireFox is more secure or less sure than Opera it just means we know how many bugs and exploits have already been discovered.

About Internet Explorer, I've not herd of any newly discovered exploits for a long time.and before you start I'm not saying Internet explorer is secure. If you've thought about arguing with this paragraph then please re-read my post!
Could it be possible that Internet Explorer is actually improving!?

piratePenguin · « **Reply #4 on:** 9 May 2005, 22:02 »

Quote from: Aloone_Jonez

That was uncalled for, I haven't Insulted you before!

I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.

EDIT: I edited that post. It was a bit uncalled for.

Quote from: Aloone_Jonez

No you don't say.

Yes I do say, actually. So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer. And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.

Quote from: Aloone_Jonez

Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash.

The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.

Quote from: Aloone_Jonez

For all we know Opera could be more secure than FireFox.

Could be.

Quote from: Aloone_Jonez

About Internet Explorer, I've not herd of any newly discovered exploits for a long time.

Neither have I.

Quote from: Aloone_Jonez

Could it be possible that Internet Explorer is actually improving!?

Yes it could. Or it could be (but probably isn't) that (slightly) less people are using Internet Explorer and more are using Firefox... If Firefox goes under... :nothappy:

WMD · « **Reply #5 on:** 9 May 2005, 22:46 »

Quote

Could it be possible that Internet Explorer is actually improving!?

IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.

Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.

Aloone_Jonez · « **Reply #6 on:** 9 May 2005, 23:22 »

Quote from: piratePenguin

I know that. Read what you said.
It's just another security hole. How does it "prove" anything?
And to say that free software is _always_ more secure than closed source, is wrong.

I agree with you, I badly mis-worded that post.

Quote from: piratePenguin

Yes I do say, actually.

Well I was being sarcastic, but who knows Internet explorer might for all we know be the most secure browser, but I very much doubt it somehow.

Quote from: piratePenguin

So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer.

I didn't mean to imply it was, you obviosly haven't read the small print.

Quote from: piratePenguin

And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure.

I agree.

Quote from: piratePenguin

The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software.

True, but it still depends on who's looked at it and their skill level.

Quote from: WMD

IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code.

That might be true.

Quote from: WMD

Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing.

That's possible too, but I talking more about 3rd parties discovering exploits. MS also say that IE 7 will not require Longhorn and will run on XP.

WMD · « **Reply #7 on:** 10 May 2005, 00:33 »

3rd parties rarely discover the IE exploits, they reverse-engineer the patches, and release the worm or whatever.

mobrien_12 · « **Reply #8 on:** 13 May 2005, 02:51 »

They released a new version of FireFox and Mozilla this morning.

adiment · « **Reply #9 on:** 13 May 2005, 03:08 »

Quote from: mobrien_12

They released a new version of FireFox and Mozilla this morning.

yep, they patched teh hole!:thumbup:

Orethrius · « **Reply #10 on:** 13 May 2005, 04:17 »

72-hour turnaround on a potential exploit. I've yet to see Microsoft do THAT.

piratePenguin · « **Reply #11 on:** 13 May 2005, 18:31 »

Quote from: Orethrius

72-hour turnaround on a potential exploit. I've yet to see Microsoft do THAT.

That's (part of) the power of free software.

muzzy · « **Reply #12 on:** 14 May 2005, 08:15 »

Yea, power of free software. Just like "fixing" bugs so that same function gets rewritten 3 times, each patch not really fixing the problem but merely protecting against the specific exploit, when it's a critical vulnerability such as remote crash bug in linux kernel related to packet fragmentation. Microsoft sometimes does that too, but don't go touting about power of free software when even critical bugs can take damned long time to fix, and they STILL haven't patched several remote crash bugs in FireFox. Hell, there are heaps of open bugs which have been around for years and known by everyone. Nobody's just bothering to fix them. Power of free software my ass.

JanusChrist · « **Reply #13 on:** 14 May 2005, 09:22 »

Quote from: Aloone_Jonez

This is proof that open source software isn't always more secure.

Oh give me a freakin break!! Comparing Firfox to IE is like comparing the Delta Force to Barney Fief.

Aloone_Jonez · « **Reply #14 on:** 14 May 2005, 17:08 »

Well they're both web browsers, and if you read my pevious posts in this thread I've already admited that post was mis-worded. My point was while this doesn't prove whether open source is more or less secure, open source isn't inherently more or less secure.

I reckon Microsoft is still patching IE but just no longer telling anyone about the exploits, they've finally figured out that this wasn't a very good marketing tatic. I've had to download several "Windows Updates" over the last few months and some have been for IE. I wouldn't've botherd because I don't use IE I use FireFox, but it's good to have a fully patched IE in case I have to use it for some shitty IE-only website.

Author Topic: Bad FireFox Hole (Read 2000 times)

mobrien_12

Bad FireFox Hole

Aloone_Jonez

Re: Bad FireFox Hole

piratePenguin

Re: Bad FireFox Hole

Aloone_Jonez

Re: Bad FireFox Hole

piratePenguin

Re: Bad FireFox Hole

WMD

Re: Bad FireFox Hole

Aloone_Jonez

Re: Bad FireFox Hole

WMD

Re: Bad FireFox Hole

mobrien_12

Re: Bad FireFox Hole

adiment

Re: Bad FireFox Hole

Orethrius

Re: Bad FireFox Hole

piratePenguin

Re: Bad FireFox Hole

muzzy

Re: Bad FireFox Hole

JanusChrist

Re: Bad FireFox Hole

Aloone_Jonez

Re: Bad FireFox Hole

Share or donate

« previous next » Print Pages: [1] 2 3 Go Down Author Topic: Bad FireFox Hole (Read 2000 times) mobrien_12 VIP Posts: 2,138 Kudos: 711 Bad FireFox Hole « on: 9 May 2005, 08:05 » Slashdot Discussion A problem with FireFox on Windows. Click on a malicious webpage anywhere and arbitrary code gets executed. Partially mitigated by the Mozilla foundation by updating their servers, but not fully fixed yet. Logged In brightest day, in darkest night, no evil shall escape my sight.... Aloone_Jonez Administrator Posts: 4,083 Kudos: 954 Re: Bad FireFox Hole « Reply #1 on: 9 May 2005, 14:51 » This is proof that open source software isn't always more secure. Logged This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft. Oh and FUCKMicrosoft! :fu: piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Bad FireFox Hole « Reply #2 on: 9 May 2005, 20:14 » Quote from: Aloone_Jonez This is proof that open source software isn't always more secure. It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it. Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that. « Last Edit: 9 May 2005, 22:25 by piratePenguin » Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. Aloone_Jonez Administrator Posts: 4,083 Kudos: 954 Re: Bad FireFox Hole « Reply #3 on: 9 May 2005, 21:03 » Quote from: piratePenguin Don't be so retarded. That was uncalled for, I haven't Insulted you before! Quote from: piratePenguin It proves nothing. Some amount of people have already said on these forums (possibly you too) something along these lines: "nothing's completely secure". I'll third, fourth, fifth or whatever it. I agree. Quote from: piratePenguin Oh, and by the way, Firefox is more secure than Internet Explorer. Everybody knows that. No you don't say. Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash. For all we know Opera could be more secure than FireFox. The only difference is the FireFox source code and bug tracking system are both open. This doesn't mean that FireFox is more secure or less sure than Opera it just means we know how many bugs and exploits have already been discovered. About Internet Explorer, I've not herd of any newly discovered exploits for a long time.and before you start I'm not saying Internet explorer is secure. If you've thought about arguing with this paragraph then please re-read my post! Could it be possible that Internet Explorer is actually improving!? Logged This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft. Oh and FUCKMicrosoft! :fu: piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Bad FireFox Hole « Reply #4 on: 9 May 2005, 22:02 » Quote from: Aloone_Jonez That was uncalled for, I haven't Insulted you before! I know that. Read what you said. It's just another security hole. How does it "prove" anything? And to say that free software is _always_ more secure than closed source, is wrong. EDIT: I edited that post. It was a bit uncalled for. Quote from: Aloone_Jonez No you don't say. Yes I do say, actually. So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer. And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure. Quote from: Aloone_Jonez Opensource isn't nessacerally more secure (although as you said this exploit doesn't prove it) because the majority of users don't read the source code and this isn't the main way bugs are found anyway. Bugs are found by people discovering that a program behaves in an incorrect manner like allowing code to be executed when it shouldn't be or just crash. The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software. Quote from: Aloone_Jonez For all we know Opera could be more secure than FireFox. Could be. Quote from: Aloone_Jonez About Internet Explorer, I've not herd of any newly discovered exploits for a long time. Neither have I. Quote from: Aloone_Jonez Could it be possible that Internet Explorer is actually improving!? Yes it could. Or it could be (but probably isn't) that (slightly) less people are using Internet Explorer and more are using Firefox... If Firefox goes under... :nothappy: « Last Edit: 9 May 2005, 22:26 by piratePenguin » Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. WMD Global Moderator Posts: 2,525 Kudos: 391 Re: Bad FireFox Hole « Reply #5 on: 9 May 2005, 22:46 » Quote Could it be possible that Internet Explorer is actually improving!? IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code. Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing. Logged My BSOD gallery "Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez Aloone_Jonez Administrator Posts: 4,083 Kudos: 954 Re: Bad FireFox Hole « Reply #6 on: 9 May 2005, 23:22 » Quote from: piratePenguin I know that. Read what you said. It's just another security hole. How does it "prove" anything? And to say that free software is _always_ more secure than closed source, is wrong. I agree with you, I badly mis-worded that post. Quote from: piratePenguin Yes I do say, actually. Well I was being sarcastic, but who knows Internet explorer might for all we know be the most secure browser, but I very much doubt it somehow. Quote from: piratePenguin So what, they found a security hole in Firefox? That doesn't mean that Firefox is less secure than Internet Explorer. I didn't mean to imply it was, you obviosly haven't read the small print. Quote from: piratePenguin And it doesn't even mean that "open source software isn't always more secure", as if "open source" software ever was _always_ more secure. I agree. Quote from: piratePenguin The majority of users don't have to read the source code. All it takes is one person and you've benefitted from free software. True, but it still depends on who's looked at it and their skill level. Quote from: WMD IE could be experiencing the Sendmail Syndrome: After years and years of endless patches, you're left with secure code. That might be true. Quote from: WMD Also, MS may be doing tons of Longhorn/IE7 work and not have enough time for much IE auditing. That's possible too, but I talking more about 3rd parties discovering exploits. MS also say that IE 7 will not require Longhorn and will run on XP. Logged This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft. Oh and FUCKMicrosoft! :fu: WMD Global Moderator Posts: 2,525 Kudos: 391 Re: Bad FireFox Hole « Reply #7 on: 10 May 2005, 00:33 » 3rd parties rarely discover the IE exploits, they reverse-engineer the patches, and release the worm or whatever. Logged My BSOD gallery "Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez mobrien_12 VIP Posts: 2,138 Kudos: 711 Re: Bad FireFox Hole « Reply #8 on: 13 May 2005, 02:51 » They released a new version of FireFox and Mozilla this morning. Logged In brightest day, in darkest night, no evil shall escape my sight.... adiment Global Moderator Posts: 572 Kudos: 519 Re: Bad FireFox Hole « Reply #9 on: 13 May 2005, 03:08 » Quote from: mobrien_12 They released a new version of FireFox and Mozilla this morning. yep, they patched teh hole!:thumbup: Logged Orethrius Member Posts: 1,783 Kudos: 982 Re: Bad FireFox Hole « Reply #10 on: 13 May 2005, 04:17 » 72-hour turnaround on a potential exploit. I've yet to see Microsoft do THAT. Logged Proudly posted from a Gentoo Linux system. Quote from: Calum even if you're renting you've got more rights than if you're using windows. System Vitals piratePenguin VIP Posts: 3,025 Kudos: 775 Re: Bad FireFox Hole « Reply #11 on: 13 May 2005, 18:31 » Quote from: Orethrius 72-hour turnaround on a potential exploit. I've yet to see Microsoft do THAT. That's (part of) the power of free software. Logged "What you share with the world is what it keeps of you." - Noah And The Whale: Give a little love a poem by my computer, Macintosh Vigilante Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well. muzzy Member Posts: 391 Kudos: 409 Re: Bad FireFox Hole « Reply #12 on: 14 May 2005, 08:15 » Yea, power of free software. Just like "fixing" bugs so that same function gets rewritten 3 times, each patch not really fixing the problem but merely protecting against the specific exploit, when it's a critical vulnerability such as remote crash bug in linux kernel related to packet fragmentation. Microsoft sometimes does that too, but don't go touting about power of free software when even critical bugs can take damned long time to fix, and they STILL haven't patched several remote crash bugs in FireFox. Hell, there are heaps of open bugs which have been around for years and known by everyone. Nobody's just bothering to fix them. Power of free software my ass. Logged JanusChrist Member Posts: 119 Kudos: 15 Re: Bad FireFox Hole « Reply #13 on: 14 May 2005, 09:22 » Quote from: Aloone_Jonez This is proof that open source software isn't always more secure. Oh give me a freakin break!! Comparing Firfox to IE is like comparing the Delta Force to Barney Fief. Logged On your way out of Microsoft Land feel free to smash a few Windows. Aloone_Jonez Administrator Posts: 4,083 Kudos: 954 Re: Bad FireFox Hole « Reply #14 on: 14 May 2005, 17:08 » Well they're both web browsers, and if you read my pevious posts in this thread I've already admited that post was mis-worded. My point was while this doesn't prove whether open source is more or less secure, open source isn't inherently more or less secure. I reckon Microsoft is still patching IE but just no longer telling anyone about the exploits, they've finally figured out that this wasn't a very good marketing tatic. I've had to download several "Windows Updates" over the last few months and some have been for IE. I wouldn't've botherd because I don't use IE I use FireFox, but it's good to have a fully patched IE in case I have to use it for some shitty IE-only website. Logged This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft. Oh and FUCKMicrosoft! :fu: Print Pages: [1] 2 3 Go Up « previous next » Stop Microsoft » Forum » Miscellaneous » Applications » Bad FireFox Hole
Share or donate