The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X, and Linux, they said.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-10-02
Member since:2006-07-04
Member since:2006-06-21
It does not "blow Firefox away" in terms of security. But they're both secure browsers. So use Opera. Use whatever browser tickles you fancy.
Just don't use a browser like IE, whose maker values his own development and backwards-compatibility agenda more than your privacy and the safety of your computer and your personal data.
Member since:2006-06-01
"Security Advisories from secunia.dk in 2006 only:"
Maybe Secunia has a counting problem if they only think there are 10 Firefox vulnerabilities in 2006.
Mozilla thinks there are 64 patches for 100+ vulnerabilities (many of the patches are for multiples vulnerabilities) for Firefox in 2006 alone.
http://www.mozilla.org/projects/security/known-vulnerabilities.html
ANd over 30 are critical with Mozilla's definition of critical: "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."
And some of the bugs (the rest are secret) are over 300 days old before they are patched. Some are 6 months old.
It bothers me then an "open" project like Mozilla keeps most of the bugs secret for months after a patch is released.
Edited 2006-10-01 23:54
Member since:2005-07-06
Member since:2005-10-02
Member since:2005-07-06
Member since:
2005-10-02
Security Advisories from secunia.dk in 2006 only:
Internet Explorer 6.0x - Windows Only:
http://secunia.com/product/11/?task=advisories_2006
Mozilla Firefox 1.x - All Platforms:
http://secunia.com/product/4227/?task=advisories_2006
Total number of advosories:
Internet Explorer: 14
Mozilla Firefox: 10
Unpatched advosories:
Internet Explorer: 36%(5 out of 14) - the most severe is rated "extremely critical".
Mozilla Firefox: 10% (1 out of 10) - the most severe is rated "less critical".
Firefox 1.x has had no extremely critical advosories in 2006. Internet Explorer 6.0x has had several.
Conclusion: Firefox is a lot safer than Internet Explorer. Its 100% safe, but it's much safer.
It's just like sex (if you've ever had that.. I sincerely doubt it - but anyway): Sex with rubber is not 100% safe, but it's much safer than sex without rubber.
But then again. How would you know?
If you care about security: use Open Source - the rubber of software.