, The Register 2005-05-09
Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.
Expand all |
Post comment
Firefox exploit targets zero day vulns
2005-05-09
TJ (4 replies)
TJ (4 replies)
Firefox exploit targets zero day vulns
2005-05-10
Anonymous (2 replies)
Anonymous (2 replies)
Firefox exploit targets zero day vulns
2005-05-11
Coldman (2 replies)
Coldman (2 replies)
I respectfully disagree. Microsoft products are "perceived" more vulnerable due to the huge install base and widespread use making them a favorite target. Place ANY other software in the SAME environment and you'll have similar results.
"Being popular is what causes them to inflict such horrible damage when a vulnerability is exploited."
Yes, this is partially true. Referred to as "mono-culture". Although, I would point out, those who create and use exploits are the "bad guys" here, not the company trying to produce a product for positive use.
"I use Firefox on Mandrake Linux. I turned off the features suggested. It took about 4 seconds.?
I can do the same thing in IE in the same amount of time. Doesn't prove anything. Doing so typically disables functionality, which defeats the purpose of using the software.
"Microsoft releases patches monthly. Firefox releases them the moment they are ready. This responsive process, in itself, is inherently more secure because known vulnerabilities get less chance to propagate."
Sure, fixing something sooner is always better than later. But, this line of thinking can be extremely dangerous. Rushing out a fix is highly risky in the fact it could break all kinds of functionality or introduce new vulnerabilities if not fully tested. It also causes your install base to scramble to patch every time you release a new version. This is one reason Microsoft standardized on once a month, something the install base can plan for. If the vulnerability warrants it, Microsoft does put out the fix quickly. Also, you can't compare the update mechanism Microsoft has built into Windows Update; soon to be Microsoft Update or the other automatic update options such as the free SUS or for purchase SMS.
"I don't see what popularity has to do with it. Popularity did not require the writing of vulnerabilities. That's something Microsoft did all on its own and formerly claimed as 'features'"
Vulnerabilities exist in EVERY piece of software whether closed or open source regardless of platform.
Bottom line: it's not about Firefox vs. IE, or Mozilla vs. Microsoft. It's about the bad guys vs. the good guys.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11119/31860#31860