Linked by Thom Holwerda on Fri 8th Sep 2006 20:54 UTC
Mozilla & Gecko clones Security researchers that carried out a code analysis of popular open source browser Firefox using automated tools, have discovered scores of potential defects and security vulnerabilities despite coming to the conclusion that the software was generally well written. A former Mozilla developer has criticised the methodology of the analysis and said it provides little help in unearthing real security bugs.
Thread beginning with comment 160763
To view parent comment, click here.
To read all comments associated with this story, please click here.
Varg Vikernes
Member since:
2005-07-06

Erm not really, not all bugs are relevant to the latest version, some get fixed by accident and others get fixed without closing the bug reports.

This is a bug reported in 2004 - still not fixed. I and many people I know get this on a lot of sites.
https://bugzilla.mozilla.org/show_bug.cgi?id=238935

Also; https://bugzilla.mozilla.org/show_bug.cgi?id=275783 - this isn't a bug, because the developers say so. Even though it happens to many people the devs say it is a JRE bug. Strange how this doesn't happen with Opera for example. Also, remember the copy/paste bug? It's still not completely fixed.

Saying on OSNews " Some bugs are 3+ years old, but only because the developers for some reason or another, don't want to fix them, they're not bugs. " is kinda retarded, learn how it works before you go and start flaming people.

How the hell if flaming? Maybe you're the retard here ;)
Go file a bug and report how long did it take for devs to fix it.

Reply Parent Score: 1

kaiwai Member since:
2005-07-06

I'm not surprised about the above scenario, I've filed bugs, only to eithe get abused, find that it is closed because it is 'unimportant'.

I thought the whole idea of opensource was getting closer to the 'grass root users' when it is more just an easier way for programmers to tell users to go screw themselves if there is a problem with a said product.

Everyone of the Mozilla developers need to be sent on a customer care course, and make them realise this; without a good product, they have no customers; if a customer complains about a bug, for all intensive purposes, that bug exists, and it is up to them to solve the problem.

If there is major memory suckage, it doesn't matter to the user how much the programmer skirts around the issue, making up excuses, the software is still leaking - fix the damn problem, and the customer will be happy.

Reply Parent Score: 3

deathshadow Member since:
2005-07-12

>> I thought the whole idea of opensource was getting closer to the 'grass root users' when it is more just an easier way for programmers to tell users to go screw themselves if there is a problem with a said product.

Which mirrors my experiences as well. Way back on 0.89 I filed a bug report about how whenever you open/close tabs it didn't release the memory - ESPECIALLY if you save files from those tabs. (saving files seems to excasterbate the problem). Eventually around the 200 meg mark (regardless of how much memory is in the machine) cpu use peaks, and you have to kill the browser using task manager/kill/whatever your host OS uses to off the bugger.

... and when I reported the problem, the best response they could come up with was to try and take me to task for using the term 'crash' instead of 'hang' - a distinction I've not heard in three decades of PROGRAMMING. Even better, six to seven months ago they finally acknowledged the problem - as being a 'feature' not a bug. (I'm sure we all had a 'cringing chuckle' over that one)

You can TELL the problem is related to the download manager as it STILL does this, including the latest 1.5 stable and the 2.0 beta, meaning to me they've done exactly two things about this problem - and Jack left town, took his shit with him...

... and for all the workarounds, patches, the problem is STILL there. Nuetering the cache? Oh yeah, THAT's desirable; using a plugin to save your state every time a page is opened, so you can reload after the crash? ... and this resolves the problem HOW? The 'config.trim_on_minimize'? Works so long as you don't save anything - a deal breaker for me being I'm a web developer that has to test links.

Of course, if every stupid little save as wasn't routed through the download manager it would probably alleviate the problem - Seriously, what in blazes is up with routing every save image as through the download manager - if you can right click to "save image as" you've ALREADY downloaded it, and if you look close with larger images, sometimes it actually DOWNLOADS IT AGAIN.

But this brings up the other 'problem' - you go to start a download, and if it is from a server that takes a while to handshake (FTP for example, though some http servers can be bad - lord help you on a timeout error) the whole browser locks up until everything times out or the download starts - because they insist on running their own crappy tasking model instead of handing it off to the host OS like everyone else in the world.

So yeah, ****** firefox and the open sores it rode in on. That the programmers apparantly cannot even release a pointer properly (as evidenced by the article) should be a warning sign to anyone who knows ANYTHING about programming to stay the hell away from it.

Reply Parent Score: 2