"Mozilla is having a nightmarish security week. The company released a security-fix version of its Thunderbird email client late yesterday after updating its Firefox browser, a Firefox Google toolbar extension, and its SeaMonkey web application suite - all within the last six days. The new Thunderbird 1.5.0.12 replaces 1.5.0.10."
Post a Comment
Member since:
2006-02-06
Fans: 0
Member since:2005-11-10
Fans: 14
Member since:2005-07-14
Fans: 1
Member since:2005-12-15
Fans: 3
Here we go again...
Microsoft sucks!! open source sucks!! patched quickly!! hole shouldn't have existed in the first place!! open source no more secure than closed source!! closed source has less eyes so less secure!! mine is bigger than yours!!
<ARGH!>
All software has bugs and problems. This bad run of luck is no different to Microsoft patch Tuesday. It'll happen again, as will patch Tuesday.
Member since:2005-11-23
Fans: 4
Member since:2005-11-10
Fans: 14
Member since:2006-12-07
Fans: 0
@duffman :
Its not a question of open vs closed or commercial vs free. It's just that microsoft has a very different way of advertising their products, they are very agressive and sometime fail to deliver what they promised. So people have great expectations, and when something goes wrong or a promised feature is not there they get angry, that's simple, it's the side effect of over-promising.
You could observe the same reactions of the public when nintendo and sony launched the wii and the ps3. Those are two big (bad 
) corporations but people were a lot more indulgent with nintendo because they delivered exactly what they promised at the price they promised at the time they promised. If you looked at the ps3 forums at that time, people were just angry about anything.
(edit: grammar)
Edited 2007-06-06 14:02
Member since:2005-07-24
Fans: 33
"""
Here we go again...
Microsoft sucks!! open source sucks!! patched quickly!! hole shouldn't have existed in the first place!! open source no more secure than closed source!! closed source has less eyes so less secure!! mine is bigger than yours!!
"""
You've done this before! ;-)
I guess we all have.
So let me put my votes in for:
1. OpenSource, in general, is more secure.
2. The holes shouldn't have existed in the first place.
And I will add a couple of predictions:
2a. 3rd party extensions are going to be the Achilles' Heel of Firefox and Mozilla Corp will deal with the issue by passing the blame to the 3rd parties, like MS does with drivers, etc.
2b. Mozilla Corp has worked out this scenario and already has a plan in place.
I can't help but feel that Mozilla Corp, like Microsoft before it, recognizes the value of the PR department regarding security issues.
Edited 2007-06-06 18:07
Member since:2005-07-24
Fans: 33
Member since:2006-02-06
Fans: 2
Member since:2005-11-10
Fans: 14
Member since:2007-01-18
Fans: 2
Member since:2005-08-11
Fans: 7
Member since:2007-01-18
Fans: 2
Member since:2006-02-06
Fans: 0
Member since:2007-01-18
Fans: 2
Member since:2005-07-06
Fans: 13
Member since:2005-07-06
Fans: 11
Member since:2005-07-06
Fans: 11
Member since:2005-07-06
Fans: 13
Member since:2005-07-24
Fans: 33
"""
As the usage increases
...
number of security flaws found in your code increases.
"""
CrazyDude0,
You are glossing over the very important point that here, today, in the real world, it is IE that is being targeted by real exploits, living in the wild. It does not matter why. What matters most is that it is.
I'm intentionally not addressing which browser is more secure, intrinsically. Not because I do not have an opinion on the matter, but because it is irrelevant to the point I am making.
Assuming, for the sake of argument, that FF and IE are equally insecure, on an intrinsic level... IE's users are still in far greater danger, from a practical perspective.
And that's a fact.
Edited 2007-06-06 18:39
Member since:
2006-04-25
Fans: 1
.. actually been bitten by a firefox/thunderbird security issue? Ex: some nasty website/email caused havoc with your system due to a security hole.
I know that I've been bitten on IE in the past. Back then firefox's market share was too low to be a target, so IE was targeted, but with firefox sitting at ~20% I would think that someone would have crafted a successful attack by now.
Member since:2007-03-26
Fans: 3
"
I know that I've been bitten on IE in the past. Back then firefox's market share was too low to be a target, so IE was targeted, but with firefox sitting at ~20% I would think that someone would have crafted a successful attack by now.
I've had a few attacks when visiting website of an adult nature *coughs*. I believe the majorety of them were down to JPEGs with malicious code built into them.
Avast AV protected me on each and every occation though.
Member since:2005-07-07
Fans: 0
Member since:2007-03-26
Fans: 3
Maybe, but without going into the specifics of my set up, any security breach (short of a professional hacker manually accessing my system) would have been at least reported at some point (even if it's just from the hardware proxy reporting on the packets sent/recieved).
Member since:2005-07-06
Fans: 3
Member since:2005-11-10
Fans: 14
Member since:2005-07-06
Fans: 7
Member since:
2005-10-02
Fans: 21
Member since:2007-02-22
Fans: 1
Using IE 7 would more equal using Fx 1.0x at best.
At least feature-wise. I'm not so sure about security, since Fx 1.0x is no longer officially supported and computer security was never my best subject. I think the only non-security-related feature IE7 has on Fx 1.0x is Quick Tabs.
Before the flames engulf me, allow me to say that I am by no means a Fx fanboy--hell, I'm a proud Opera user.
Member since:
2007-03-26
Fans: 3
There's so many factual inaccuracies in this thread I don't even know where to start :S
1) Open source is no more or less secure than closed source.
2) Firefox is more secure than IE but (according to benchmarks) less secure then some other browsers such as Opera
3) A regular patch release does look bad from a perspective that there's holes to patch, but at least Mozilla are patching the holes. Some companies take months to get round to fixing security issues.
4) Firefox has bugger all to do with OS fanboy-isum as Firefox runs on most of the desktop OSs out there.
5) Firefox /is/ getting targeted more because of it's popularity. that doesn't make it less secure, just a bigger target - which in turn (hopefully) means people are more mindful about ensuring Firefox's security is up to date.
6) increased usage in software /will/ show up more security holes, but that doesn't mean that all software is equally secure or insecure. It just means that the existing security flaws become more apparent.
Quite frankly I'm surprised at the number of comments in this thread that are way off the mark given the usual standard set on OSNews.
Edited 2007-06-06 14:52
Member since:2005-08-11
Fans: 7
Member since:2007-02-22
Fans: 1
Member since:2005-11-10
Fans: 14
Member since:2007-03-26
Fans: 3
"
Maybe I just usually stop reading threads when they start turning into stupid flame wars or maybe I've just been lucky when discriminating against the threads I haven't read - but usually I find OSNews to be quite informative.
Member since:
2006-01-16
Fans: 6
Member since:2007-02-22
Fans: 1
Member since:
2006-03-12
Fans: 3
...without any facts or figures.
Would I love a serious OSS vs Proprietary security comparison. I would love one, but this isn't it.
Is anyone showing a serious amount; severity; time-to-patch comparison. I know these figures can be heavily massaged to interpret anything, but at least opinions can be offered.
On a side note.
http://marketshare.hitslink.com/report.aspx?qprid=6
People should be aware that the largest browser on the market today is IE6. I think what is surprising is the amount of people on Firefox1.5 considering 2.0 is free in every sense of the word.