Linked by Thom Holwerda on Wed 25th Jan 2006 21:16 UTC, submitted by Varg Vikernes
Mozilla & Gecko clones Here is a page discussing various myths surrounding Firefox. "We have all seen these banners before or heard people say 'Firefox is faster, Firefox has lower requirements, Firefox is secure, Firefox defends me from all spyware, etc.' How misleading is it? Read on." Flame away. And be gentle. That's an order. And here's a rebuttal.
Thread beginning with comment 89602
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE
by Termal on Thu 26th Jan 2006 06:22 UTC in reply to "RE"
Termal
Member since:
2006-01-04

They surely did when exploiting the recent WMF vulnerability. FF and Opera needed user interaction with a dialogue while IE would just open the files with the Picture and Fax Viewer with no prompting needed.

The whole Myth site (not just the Firefox section) has rubbed me the wrong way for a long time.

Reply Parent Score: 1

RE
by CPUGuy on Thu 26th Jan 2006 14:10 in reply to "RE"
CPUGuy Member since:
2005-07-06

Opening a picutre is not installing an application and therefore does not require user interaction (hell, IE opens pictures constantly, so does every other browser). Such a shame that there was such a blatent vulnerability though.

You can not have one thing happen (which isn't even installing an application, btw) and then claim that you can install viruses and worms through IE without user interaction. You need to get off of your slant there.

Reply Parent Score: 0

RE
by Termal on Thu 26th Jan 2006 16:57 in reply to "RE"
Termal Member since:
2006-01-04

The WMF flaw allowed arbitrary code to be executed. There were sites in the wild actively exploiting this to install malware. If you used IE to visit such a site, you WOULD have malware installed with no interaction required.

Go see this video for yourself:
http://www.websensesecuritylabs.com/images/alerts/wmf-movie.wmv

Note that since WMF files can be embedded, the URL wouldn't need to show the WMF extension the way the one in the demo does. Everything after that point is fully automatic with a then-current XP SP2 box.

Reply Parent Score: 2