Posted on 05/09/2005 7:00:15 AM PDT by holymoly
Firefox seems to be heading Internet Explorer's way with security research company Secunia stating on its website that two vulnerabilities found in the popular browser can be exploited to conduct cross-site scripting attacks and compromise a user's system.
The Mozilla Foundation is aware of the two potentially critical Firefox security vulnerabilities. They maintain that there are currently no known active exploits of these vulnerabilities though a "proof of concept" has been reported.
Mozilla stated that it is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves by temporarily disabling JavaScript.
According to Secunia the problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.
It seems that input passed to the "IconURL" parameter in "InstallTrigger.install" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.
A combination of the vulnerabilities can be exploited to execute arbitrary code.
Secunia also claims that the exploit code is publicly available. So far the vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.
A temporary solution has been added to the sites "update.mozilla.org" and "addons.mozilla.org" where requests are redirected to "do-not-add.mozilla.org". This will stop the publicly available exploit code using a combination of the vulnerabilities to execute arbitrary code in the default settings of Firefox.
(Denny Crane: "Sometimes you can only look for answers from God and failing that... and Fox News".)
Opera has a great "magnify" feature that allows you to increase the size of the page, not just text. Unfortunately, Opera crashes too much.
Still, it's 16 vulnerabilites for Firefox vs. 80 vulnerabilities for Internet Explorer...
16 vulnerabilites for Firefox vs. 80 vulnerabilities for IE...Firefox is sure going the way of IE... - sarcasm. Microsoft publishes 8 security fixes at a time!
80? That was last week.........I'm sure it's more than doubled that by now......
The ONLY reason Firefox and the Mac browsers are "safer" is simply because they are not used extensively enough for hackers to bother with them! If and when they come into broader use they will suffer the same security issues as Microsoft IE.
Why should a hacker spend any time hacking only 7 percent of web browsers (Firefox & Mac) when he can spend the same amount of time and hack into 93 percent of everyone's computers?
Oh yeah? Well my Firefox can kick your IE's butt! LOL
It really is a nice browser with a fuller feature set (not just the tabs.. people go ga-ga over the tabs). The extentions are what make Firefox awesome. Well.. that and the fact that it ain't Microsoft. ;)
"Well, there's always...
Opera"
As I understand it, Opera uses IE's engine, it's got all the vulnerability of IE. Not that it's not a nice browser, but it's no more secure than Firefox and most likely a lot less.
Firefox security ping
The numbers you cite are TOTALS of PATCHED and unpatched vulnerabilities discovered so far for browsers of DIFFERING ages.
The Secunia security service lists as UNPATCHED 19 of 80 threats for the several-YEAR-old Internet Explorer 6.x, 5 of 16 for the several-MONTH-old Firefox 1.x, and 0 of 0 for the serveral-WEEK-old Opera 8.x.
I've used Opera for quite a while now and have very few crashes. Have you tried the new Opera 8 that is just out? These old eyes love the magnify feature.
I bought 6 at the end of the cycle and they offered me (a paying cutomer) no discount for 7. I would think they would treat their non-adware customers better. I don't want adware, and I am not willing to pay full-freight for an upgrade when the last one crashed too much and was disagreeable with some web pages. I wish them well, but I'm okay with Firfox.
"As I understand it, Opera uses IE's engine, it's got all the vulnerability of IE." - Shadow Deamon
That's false. Unlike many "alternative" browsers, Opera has it's own engine. And, for whatever reasons, Opera's current and past versions have consistently had fewer UNPATCHED security problems than IE and Firefox.
Yes, let's completely ignore the quality of the code and design principles that were involved because we know that all programs inherently equal...
Sounds like the IT version of the post modernist view that all truth systems are ultimately equally valid and invalid.
Yes, that is clearly a benefit! I am simply bothered that people who know better always report how much "safer" these browsers are. They are not inherently safer, they are safer only because they are simply not in wide enough use - yet.
"The ONLY reason Firefox and the Mac browsers are "safer" is simply because they are not used extensively enough "
That is a lie, and you guys know it. IE is tied into the complete operating system, no way any other browser has that many vulnerabilities.
you've seen the IE code?
The numbers speak for themselves...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.