Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Firefox Develops Security Holes
Techtree.com ^ | May 09, 2005 | Techtree News Staff

Posted on 05/09/2005 7:00:15 AM PDT by holymoly

Firefox seems to be heading Internet Explorer's way with security research company Secunia stating on its website that two vulnerabilities found in the popular browser can be exploited to conduct cross-site scripting attacks and compromise a user's system.

The Mozilla Foundation is aware of the two potentially critical Firefox security vulnerabilities. They maintain that there are currently no known active exploits of these vulnerabilities though a "proof of concept" has been reported.

Mozilla stated that it is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves by temporarily disabling JavaScript.

According to Secunia the problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

It seems that input passed to the "IconURL" parameter in "InstallTrigger.install" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

A combination of the vulnerabilities can be exploited to execute arbitrary code.

Secunia also claims that the exploit code is publicly available. So far the vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of the vulnerabilities to execute arbitrary code in the default settings of Firefox.


TOPICS: News/Current Events; Technical
KEYWORDS: browser; bug; firefox; flaw; mozilla; security
Navigation: use the links below to view more comments.
first 1-5051-72 next last
Well, there's always...
Opera
1 posted on 05/09/2005 7:00:16 AM PDT by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly
They try hard to look for Firefox's death knell and have come up short. Its still better from a security point of view than Internet Explorer. And with an open-source strategy, flaws can be spotted immediately along with a responsive turnaround on fixes. That's something lumbering Microsoft needs to work on.

(Denny Crane: "Sometimes you can only look for answers from God and failing that... and Fox News".)
2 posted on 05/09/2005 7:06:24 AM PDT by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Opera has a great "magnify" feature that allows you to increase the size of the page, not just text. Unfortunately, Opera crashes too much.


3 posted on 05/09/2005 7:06:30 AM PDT by sittnick (There's no salvation in politics.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Still, it's 16 vulnerabilites for Firefox vs. 80 vulnerabilities for Internet Explorer...


4 posted on 05/09/2005 7:07:29 AM PDT by frogjerk
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly
Why would the people at FireFox be developing Security Holes?.....I thought Hackers did that..........
5 posted on 05/09/2005 7:10:21 AM PDT by Red Badger (Those whom the gods would destroy, they first make liberal.....................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop
Firefox seems to be heading Internet Explorer's way with security research company Secunia stating on its website that two vulnerabilities found in the popular browser can be exploited to conduct cross-site scripting attacks and compromise a user's system.

16 vulnerabilites for Firefox vs. 80 vulnerabilities for IE...Firefox is sure going the way of IE... - sarcasm. Microsoft publishes 8 security fixes at a time!

6 posted on 05/09/2005 7:11:09 AM PDT by frogjerk
[ Post Reply | Private Reply | To 2 | View Replies]

To: frogjerk

80? That was last week.........I'm sure it's more than doubled that by now......


7 posted on 05/09/2005 7:11:28 AM PDT by Red Badger (Those whom the gods would destroy, they first make liberal.....................)
[ Post Reply | Private Reply | To 4 | View Replies]

To: holymoly
I get a kick out of all these people extolling the wonders of Firefox and the Mac browsers. I hear keep seeing this constant refrain of how "safe" these are compared to Microsoft IE. I see this safety claim from people like Walt Mossberg and others who should know better. It's a load of hooey!

The ONLY reason Firefox and the Mac browsers are "safer" is simply because they are not used extensively enough for hackers to bother with them! If and when they come into broader use they will suffer the same security issues as Microsoft IE.

Why should a hacker spend any time hacking only 7 percent of web browsers (Firefox & Mac) when he can spend the same amount of time and hack into 93 percent of everyone's computers?

8 posted on 05/09/2005 7:17:53 AM PDT by Obadiah
[ Post Reply | Private Reply | To 1 | View Replies]

To: Obadiah

Oh yeah? Well my Firefox can kick your IE's butt! LOL

It really is a nice browser with a fuller feature set (not just the tabs.. people go ga-ga over the tabs). The extentions are what make Firefox awesome. Well.. that and the fact that it ain't Microsoft. ;)


9 posted on 05/09/2005 7:33:42 AM PDT by Dubya-M-Dees (The filibuster has become the tool of the sore loser.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: holymoly

"Well, there's always...
Opera"

As I understand it, Opera uses IE's engine, it's got all the vulnerability of IE. Not that it's not a nice browser, but it's no more secure than Firefox and most likely a lot less.


10 posted on 05/09/2005 7:47:49 AM PDT by Shadow Deamon
[ Post Reply | Private Reply | To 1 | View Replies]

To: Egon; Eb Wilson

Firefox security ping


11 posted on 05/09/2005 7:53:06 AM PDT by RhoTheta (US out of the UN, now!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: frogjerk

The numbers you cite are TOTALS of PATCHED and unpatched vulnerabilities discovered so far for browsers of DIFFERING ages.

The Secunia security service lists as UNPATCHED 19 of 80 threats for the several-YEAR-old Internet Explorer 6.x, 5 of 16 for the several-MONTH-old Firefox 1.x, and 0 of 0 for the serveral-WEEK-old Opera 8.x.


12 posted on 05/09/2005 7:55:00 AM PDT by mdefranc
[ Post Reply | Private Reply | To 6 | View Replies]

To: sittnick

I've used Opera for quite a while now and have very few crashes. Have you tried the new Opera 8 that is just out? These old eyes love the magnify feature.


13 posted on 05/09/2005 7:58:47 AM PDT by WatchOutForSnakes
[ Post Reply | Private Reply | To 3 | View Replies]

To: WatchOutForSnakes

I bought 6 at the end of the cycle and they offered me (a paying cutomer) no discount for 7. I would think they would treat their non-adware customers better. I don't want adware, and I am not willing to pay full-freight for an upgrade when the last one crashed too much and was disagreeable with some web pages. I wish them well, but I'm okay with Firfox.


14 posted on 05/09/2005 8:06:47 AM PDT by sittnick (There's no salvation in politics.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Shadow Deamon

"As I understand it, Opera uses IE's engine, it's got all the vulnerability of IE." - Shadow Deamon

That's false. Unlike many "alternative" browsers, Opera has it's own engine. And, for whatever reasons, Opera's current and past versions have consistently had fewer UNPATCHED security problems than IE and Firefox.


15 posted on 05/09/2005 8:07:24 AM PDT by mdefranc
[ Post Reply | Private Reply | To 10 | View Replies]

To: Obadiah

Yes, let's completely ignore the quality of the code and design principles that were involved because we know that all programs inherently equal...

Sounds like the IT version of the post modernist view that all truth systems are ultimately equally valid and invalid.


16 posted on 05/09/2005 8:09:18 AM PDT by ILurkedIRegisteredIPosted
[ Post Reply | Private Reply | To 8 | View Replies]

To: Dubya-M-Dees
Well.. that and the fact that it ain't Microsoft. ;)

Yes, that is clearly a benefit! I am simply bothered that people who know better always report how much "safer" these browsers are. They are not inherently safer, they are safer only because they are simply not in wide enough use - yet.

17 posted on 05/09/2005 8:10:01 AM PDT by Obadiah
[ Post Reply | Private Reply | To 9 | View Replies]

To: Obadiah

"The ONLY reason Firefox and the Mac browsers are "safer" is simply because they are not used extensively enough "

That is a lie, and you guys know it. IE is tied into the complete operating system, no way any other browser has that many vulnerabilities.


18 posted on 05/09/2005 8:11:59 AM PDT by FastCoyote
[ Post Reply | Private Reply | To 8 | View Replies]

To: ILurkedIRegisteredIPosted

you've seen the IE code?


19 posted on 05/09/2005 8:13:52 AM PDT by bobdsmith
[ Post Reply | Private Reply | To 16 | View Replies]

To: mdefranc
IE - Of 80 total vulnerabilites - 14% Extremely Critial, 28% Highly Critical
Firefox - Of 16 total vulnerabilites - 6% Extremely Critial , 13% Highly Critial

The numbers speak for themselves...

20 posted on 05/09/2005 8:14:50 AM PDT by frogjerk
[ Post Reply | Private Reply | To 12 | View Replies]

To: mdefranc

"That's false. Unlike many "alternative" browsers, Opera has it's own engine."

Oh, thanks for setting me straight on that. I'll have to take a more serious look at Opera then. It looks like a very nice browser but I was leary about the engine.

I currently use Firefox and have for several years with no problems at all.


21 posted on 05/09/2005 8:14:56 AM PDT by Shadow Deamon
[ Post Reply | Private Reply | To 15 | View Replies]

To: Obadiah
The ONLY reason Firefox and the Mac browsers are "safer"…

Who cares why? I just want safe more hassle-free computing. The rest is theoretical esoterica: interesting to debate, irrelevant when choosing a computer/browser.

22 posted on 05/09/2005 8:35:20 AM PDT by D-fendr
[ Post Reply | Private Reply | To 8 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

23 posted on 05/09/2005 8:42:07 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Yeah, really. Somebody flunked headline writing class at journalism school.


24 posted on 05/09/2005 8:57:29 AM PDT by timtoews5292004
[ Post Reply | Private Reply | To 5 | View Replies]

To: ILurkedIRegisteredIPosted
Yes, let's completely ignore the quality of the code and design principles that were involved because we know that all programs inherently equal...

Straw man. Nobody is saying that. Point me to a post that says that, if you disagree. Similarly, there is no evidence that Firefox or Safari or any other browser is based on inherently better design principles. If you believe that, that's your opinion, not a fact.

So, here's what we can do. Every time FireFox or Safari or whatever releases a slew of security patches -- and they're going to happen frequently from now on -- you can remind all of us how much better FireFox and Safari's design principles are. At least, we'll all get a good laugh out of it.
25 posted on 05/09/2005 9:36:47 AM PDT by Bush2000
[ Post Reply | Private Reply | To 16 | View Replies]

To: D-fendr
Who cares why? I just want safe more hassle-free computing. The rest is theoretical esoterica: interesting to debate, irrelevant when choosing a computer/browser.

Fool's gold. The problem is that the hype surrounding FireFox's supposedly better security has exceeded the reality -- and it's only going to get worse as its browser market share increases. Browsers are security bug farms. Your wishes for "safe more hassle-free computing" are just that: wishes. Get ready to start patching. FireFox et al are going to see a steady stream of fixes from now on. So much for safe and hassle-free. But at least you won't have M$ to kick around, eh? You can blame a bunch of guys in their parents' basements, instead.
26 posted on 05/09/2005 9:40:44 AM PDT by Bush2000
[ Post Reply | Private Reply | To 22 | View Replies]

To: frogjerk
The numbers speak for themselves...

No, until FireFox has the kind of code coverage that IE gets, the numbers won't speak for themselves.
27 posted on 05/09/2005 9:42:14 AM PDT by Bush2000
[ Post Reply | Private Reply | To 20 | View Replies]

To: FastCoyote
That is a lie, and you guys know it. IE is tied into the complete operating system, no way any other browser has that many vulnerabilities.

Non-sequitor. IE's integration into the OS does not imply greater vulnerabilities. Mozilla et al have had many (if not most) of the same vulnerabilities (ie. ShellExecute, etc).
28 posted on 05/09/2005 9:44:43 AM PDT by Bush2000
[ Post Reply | Private Reply | To 18 | View Replies]

To: Red Badger
Really, you gotta love that headline.
29 posted on 05/09/2005 9:49:57 AM PDT by JoJo Gunn (Help control the Leftist population. Have them spayed or neutered. )
[ Post Reply | Private Reply | To 5 | View Replies]

To: Bush2000

Bush2000, you're alive! I thought you were banned by now :)

It wasn't a non-sequitir, but I did leave myself open. Let me put it this way, an equivalent set of programmers writing a Firefox, or an IE, will inherently end up with more vulnerabilities with an IE because there is so much more going on at a lower level in the operating system. That's just a logical fact.

If IE were split off from the operating system, it would be less vulneerable to system destroying exploits. Why would I write a crappy Firefox virus when I could destroy western civilization by driving a core through Internet Explorer on every machine?


30 posted on 05/09/2005 10:02:35 AM PDT by FastCoyote
[ Post Reply | Private Reply | To 28 | View Replies]

To: Bush2000
Straw man. Nobody is saying that. Point me to a post that says that, if you disagree.

OK. Post #8 in this very thread.

He not only used the word "Only," but he bolded it and used all-caps.

That pretty much means that he considers all code to be equally insecure.

31 posted on 05/09/2005 10:25:20 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Obadiah
they are safer only because they are simply not in wide enough use - yet.

Almost every single thread about software, someone will bring up some variation of the above line. I've gotten so sick of seeing it, that I have a preformatted reply that exposes it for the FUD that it is.


Why bother writing a virus for 3% of the US computer market?

Oh, I don't know. Perhaps as someone else already said on this thread, it might be done for the bragging rights of having created the first successful virus/worm to attack Macs.

I've seen this charge that the small market share that Mac and Linux have is what keeps them safe. It is repeated often enough and seems reasonable enough until you actually look at the history of some other worms/viruses.

Consider: the spread of the Witty Worm.

Quoth the poster:

Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.

I suspect there are more than 12,000 Linux and/or Mac hosts out there on the internet.

Also, consider that the folks who were hit with this were also among the more security-concious users:

The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security -- they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available.

Show me a successful worm/virus against Macs and I'll listen. Until then, your talking point is FUD.

35 posted on 04/08/2005 10:35:22 PM CDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))

A full discussion of the 'witty' worm can be found Here

32 posted on 05/09/2005 12:19:57 PM PDT by zeugma (Come to the Dark Side...... We have cookies!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: holymoly

Source: http://news.yahoo.com/s/pcworld/120756


Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

In recent months Firefox has gained significant market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.

Two Vulnerabilities Found
The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate vulnerabilities. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist.

The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers.

Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have added other sites to the whitelist, it warned.

"We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," Mozilla Foundation said in a statement published on Mozillazine.org.


33 posted on 05/09/2005 1:06:21 PM PDT by BenLurkin (O beautiful for patriot dream - that sees beyond the years)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
Almost every single thread about software, someone will bring up some variation of the above line. I've gotten so sick of seeing it, that I have a preformatted reply that exposes it for the FUD that it is.

Very good, but IMHO you should add the even better example of the web servers. I forget which two servers we're talking about (I want to say Apache and IIS, but don't hold me to that), but in any case one of the servers has a far lower market share than the other, yet gets successfully attacked far more. Somebody made a great post about it on FR somewhere not too long ago.

34 posted on 05/09/2005 2:32:13 PM PDT by Dont Mention the War (Proud Member of the WPPFF Death Cult - We're coming after YOU next!)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Dont Mention the War
You're right. It would be useful to get some good, hard numbers about Apache/IIS (you were correct BTW). Perhaps this could be an ever-growing anti-FUD post. :-)

Apache is definitely one of the best examples, but it is somewhat lessened in impact since Apache runs on Windows as well as Unix. Perhaps I'll be able to find some good stats that breaks usage down by OS.

Thanks for the suggestion. I'll see what I can do. If you happen to locate any other posts with similar stuff, feel free to ping me to the threads.

35 posted on 05/09/2005 4:22:44 PM PDT by zeugma (Come to the Dark Side...... We have cookies!)
[ Post Reply | Private Reply | To 34 | View Replies]

To: FastCoyote
Let me put it this way, an equivalent set of programmers writing a Firefox, or an IE, will inherently end up with more vulnerabilities with an IE because there is so much more going on at a lower level in the operating system. That's just a logical fact.

So much more ... such as? Go ahead. Spell it out. I've got plenty of time to listen...
36 posted on 05/09/2005 6:18:28 PM PDT by Bush2000
[ Post Reply | Private Reply | To 30 | View Replies]

To: Bush2000
Your wishes for "safe more hassle-free computing" are just that: wishes.

My wishes are here now.

Get ready to start patching.

I run software update about once a month or when necessary. That's it. No other malware, virus protection, hassles, costs involved.

But at least you won't have M$ to kick around, eh?

I'm happy with Microsoft now - it keeps our support people quite busy. But if a user can do without them, they'll have less hassle and more safety.

Dunno why anyone would wish otherwise.

37 posted on 05/10/2005 8:42:29 AM PDT by D-fendr
[ Post Reply | Private Reply | To 26 | View Replies]

To: Bush2000

I'm curious: Why do you think we are forever doomed to the current status quo of internet computing? Do you think things will never get better in terms of security cost, hassle and safety?


38 posted on 05/10/2005 9:44:28 AM PDT by D-fendr
[ Post Reply | Private Reply | To 26 | View Replies]

To: D-fendr
My wishes are here now.

LMFAO! Yeah, these series of patches are just your imagination. Wax on, wax off...

I run software update about once a month or when necessary. That's it. No other malware, virus protection, hassles, costs involved.

Ditto. So where's the downside for me?
39 posted on 05/11/2005 9:00:45 AM PDT by Bush2000
[ Post Reply | Private Reply | To 37 | View Replies]

To: D-fendr
I'm curious: Why do you think we are forever doomed to the current status quo of internet computing? Do you think things will never get better in terms of security cost, hassle and safety?

I understand that a lot of people would prefer to see the glass as half empty. But the fact of the matter is that there really is no such thing as the "current status quo". Operating systems and applications are constantly evolving. When you compare what we had just a few short years ago, the differences in terms of price and quality are enormous. And they're getting better.
40 posted on 05/11/2005 9:05:45 AM PDT by Bush2000
[ Post Reply | Private Reply | To 38 | View Replies]

To: frogjerk
IE - Of 80 total vulnerabilities - 14% Extremely Critical, 28% Highly Critical
Firefox - Of 16 total vulnerabilities - 6% Extremely Critical , 13% Highly Critical
The numbers speak for themselves...

Actually they do -- thanks for pointing that out. You neglected TIME (length of each app on the market, and time taken to isolate and fix the vulnerabilities.) The numbers says that 80 vulnerabilities in Explorer and only 16 have been fixed in Firefox. This pops the myth "that open source is more secure" because Firefox has been around a lot less then Explorer and still major vulnerabilities have been found. It would be an interesting data point to discover how many vulnerabilities Explorer had in the same time period as Firefox.

41 posted on 05/11/2005 9:10:41 AM PDT by MrsEmmaPeel
[ Post Reply | Private Reply | To 20 | View Replies]

To: MrsEmmaPeel
Actually they do -- thanks for pointing that out. You neglected TIME (length of each app on the market, and time taken to isolate and fix the vulnerabilities.) The numbers says that 80 vulnerabilities in Explorer and only 16 have been fixed in Firefox. This pops the myth "that open source is more secure" because Firefox has been around a lot less then Explorer and still major vulnerabilities have been found. It would be an interesting data point to discover how many vulnerabilities Explorer had in the same time period as Firefox.

I believe Firefox is based on the Mozilla/Netscape code and has been around for quite a while...

42 posted on 05/11/2005 9:28:06 AM PDT by frogjerk
[ Post Reply | Private Reply | To 41 | View Replies]

To: frogjerk
I believe Firefox is based on the Mozilla/Netscape code and has been around for quite a while...

Given that Firefox has as many as 20% of the vulnerabilities of IE in its short term of existence, that doesn't speak well to Firefox's future security liability...
43 posted on 05/11/2005 9:56:48 AM PDT by Bush2000
[ Post Reply | Private Reply | To 42 | View Replies]

To: Shadow Deamon

I recently downloaded Firefox and now find that if I close it I cannot reopen it without rebooting. Does anyone else have this problem with Firefox? Am I doing something wrong?


44 posted on 05/11/2005 10:06:51 AM PDT by patj
[ Post Reply | Private Reply | To 21 | View Replies]

To: Bush2000
Ditto. So where's the downside for me?

Sorry, I misunderstood. I thought you were using antivirus, anti-spyware, multiple firewalls, and on the multiple OS, app upgrades... etc. train.

these series of patches are just your imagination.

Sorry again. I didn't mean to imply that absolutely nothing was required after buying the 'puter - only that an almost hassle-free secure computing environment exists today.

45 posted on 05/11/2005 10:41:16 AM PDT by D-fendr
[ Post Reply | Private Reply | To 39 | View Replies]

To: Bush2000
When you compare what we had just a few short years ago, the differences in terms of price and quality are enormous. And they're getting better.

Good to hear you say. I think the same will be true for security eventually. It may be the major software vendors or it may be with extending the security fence by ISPs or some combination. But I don't think the current security cost/vulnerability situation will continue indefinitely.

46 posted on 05/11/2005 10:44:00 AM PDT by D-fendr
[ Post Reply | Private Reply | To 40 | View Replies]

To: Bush2000
Given that Firefox has as many as 20% of the vulnerabilities of IE in its short term of existence, that doesn't speak well to Firefox's future security liability...

I fail to see the downside of using Firefox right now...If you are stating that it will be as insecure as the product that most users are using right now (IE), that does little to champion IE usage.

IE users:"Don't worry, Firfox will be as bad as us soon. So, use IE now and despair with us."

47 posted on 05/11/2005 11:01:43 AM PDT by frogjerk
[ Post Reply | Private Reply | To 43 | View Replies]

To: patj

Which version are you using?


48 posted on 05/11/2005 11:03:53 AM PDT by frogjerk
[ Post Reply | Private Reply | To 44 | View Replies]

To: patj

That's odd. It sounds like the process isn't terminating properly for some reason. The first thing I would suggest is disabling any extensions you've added and returning to the default skin if you've changed it. If that solves the problem, you can re-enable the extensions one at a time until you find the offender. If that doesn't fix it, or you don't have any extensions/skins in the first place, I would suggest uninstalling it and reinstalling it.


49 posted on 05/11/2005 11:06:04 AM PDT by general_re ("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
[ Post Reply | Private Reply | To 44 | View Replies]

To: D-fendr
Sorry, I misunderstood. I thought you were using antivirus, anti-spyware, multiple firewalls, and on the multiple OS, app upgrades... etc. train.

I do have wireless AP which also serves as a hardware firewall. My machine is setup to take automatic updates, and my virus and spyware scanners also update every day at 2am. There's really no practical maintenance for me. I know that must disappoint some people. But them's the facts.
50 posted on 05/11/2005 2:10:22 PM PDT by Bush2000
[ Post Reply | Private Reply | To 45 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-72 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson