Firefox Warning
- Thread starter rayer
- Start date
Surely with FF 2.0 coming up they can go into the root source of FF and change the way it handles Javascript?
Meh, suppose I best drop the idea of using AJAX all over my current PHP project - suppose it wasn't really a good idea in the first place as a lot of people willl either not have javascript or will have disabled it.
Meh, suppose I best drop the idea of using AJAX all over my current PHP project - suppose it wasn't really a good idea in the first place as a lot of people willl either not have javascript or will have disabled it.
Last edited:
Soldato
Craig321 said:
From the sounds of it the bug/hole is down to the whole javascript VM being, according to the hackers, a mess.
When software goes to a new version they don't throw out the previous version and start from scratch. Much of the code from FF v1.x will probably be in v2.x. If there is a major problem with the VM then it will have to be re-written but I don't think they can manage that before V2 is released as I am told it is imminent.
If the VM is as bad as has been claimed then if I were Mozilla I would be getting right onto V3
SiriusB
Soldato
They are probably minor, insignificant flaws which could potentially lead to something malicious happening. I don't think Mozilla should pay these people a penny for what they have found - if they're doing it for the "greater good" they would just point out the flaws and submit any fixes like everyone else in the community does. As it stands I have no respect for them whatsoever.Morthoseth said:
I'm no expert on these matters, but I couldn't disagree with you more. Mozilla Firefox is not more secure than Internet Explorer because it is more "obscure", it is more secure because it's backed by a massive group of enthusiasts with all kinds of computing knowledge who actively seek out potential exploits, patch them and ship security patches on a regular basis. Just take a look at the unofficial nightly build changelog The Burning Edge and you'll see that stuff sure gets done in the Firefox development community.Dolph said:
Again, I disagree completely. It's short-sighted to claim that Mozilla Firefox is not a "professionally developed product" because it is a product of the open source community. In my opinion the open source development process is far more beneficial than you make it out to be, and I know I'd much rather be using a product where experts and enthusiasts are free to browse the source code, find, report and discuss bugs in an open forum and correct them in a timely manner.Dolph said:
Firefox still has a lot of issues, but it's still fundamentally more secure than Internet Explorer, and you wouldn't catch me dead using Opera!
Last edited:
Al Vallario said:
Perhaps it's me being picky, but I far prefer official releases and patches, something that is sorely lacking where FF is concerned. If for no other reason than I've got someone clear to take issue with if something goes wrong. I also don't have the desire or inclination to check through endless patches/tweaks/fudges to get things working how they should be.
That's fine, my opinion differs, but hey, each to their own.
That's your choice
Soldato
How does a stack overflow allow a hacker to "commandeer" a computer?
Inquisitor said:
Normally because once you have the stack overflow, you can then insert code into the system that can be executed later.
http://en.wikipedia.org/wiki/Buffer_overflow
Soldato
Associate
Craig321 said:
Thanks
David 334
Dolph said:Doesn't surprise me in the slightest, Firefox, as far as I've ever been able to make out, relies on security by obscurity and hoping people won't do anything because they aren't the evil microsoft(tm)...
This is why I use opera
Yup.
Plus Firefox in the first 6 months of this year has had more Serious and Critical security flaws than IE.
Even in 2005 - IE: 26 - Firefox: 40
Yes..it is so much more secure...
Simon/~Flibster
Last edited:
Soldato
Source?Flibster said:
Sounds like a work of fiction thrown together by Opera fanboys to me
Soldato
Dolph said:That sudden change of story must have got someone quids in
Holy scare story batman. Let's remember this vulnerability hasn't even been confirmed yet...
FireFox got a load of (undisclosed) security patches to the JS engine between RC1's release and now. Coincidence? Maybe.
Define "official" - Mozilla has releases of FF (1.5, 1.0, plans for 2.0, 3.0 next year...) with plenty of fanfare, and patches too (1.5.0.8's not that long appeared, 1.5.0.7 before it etc). FireFox auto-updates too (not that the AUS code is perfect, but that's another rant), which is more than can be said for Opera.
For what little it's worth, a lot of memory leaks have been fixed in 2.0 (and some have been fixed between 1.5's release and 1.5.0.8), and it's probably worth a try (RC2's got candidate builds floating about, you could always download a nightly if you wanted the latest patches).
But all this "OMG I love t3h [insert browser]" and "OMG, [other browser] is rubbish" is crap.
Use what you want, and use what suits you. With not a great deal of common sense (i.e. keep it up to date, and don't browse any explicitly iffy sites), you can be reasonably secure whatever browser you use.
Secunia statistics for IE 6 and Firefox seem to point to less Highly or Extremely critical flaws, and 8% unpatched versus 18% for IE6, so it looks like the "more secure" argument stands
By comparison, Opera has one advisory, which was patched.
FireFox got a load of (undisclosed) security patches to the JS engine between RC1's release and now. Coincidence? Maybe.
Dolph said:
Define "official" - Mozilla has releases of FF (1.5, 1.0, plans for 2.0, 3.0 next year...) with plenty of fanfare, and patches too (1.5.0.8's not that long appeared, 1.5.0.7 before it etc). FireFox auto-updates too (not that the AUS code is perfect, but that's another rant), which is more than can be said for Opera.
For what little it's worth, a lot of memory leaks have been fixed in 2.0 (and some have been fixed between 1.5's release and 1.5.0.8), and it's probably worth a try (RC2's got candidate builds floating about, you could always download a nightly if you wanted the latest patches).
But all this "OMG I love t3h [insert browser]" and "OMG, [other browser] is rubbish" is crap.
Use what you want, and use what suits you. With not a great deal of common sense (i.e. keep it up to date, and don't browse any explicitly iffy sites), you can be reasonably secure whatever browser you use.
Secunia statistics for IE 6 and Firefox seem to point to less Highly or Extremely critical flaws, and 8% unpatched versus 18% for IE6, so it looks like the "more secure" argument stands
By comparison, Opera has one advisory, which was patched.
Soldato
I thought it was just my PC playing up with those silly bugs!! It's been almost 2 years since I've formatted this hard drive so I put it down to that... and it's Firefox!basmic said:Day by day, I am put off by Firefox and it's quirky little bugs. Stupid things, like not being able to copy and paste sometimes, not being able backspace in text boxes sometimes, iSketch dropping connection in FF but not in IE.
That's the main ones I can think of - add them all together, and it can make an unpleasurable experience of FF.
That copy & paste bug drives me mad sometimes
EDIT - maybe someone experiences this then? Sometimes I can't use the apostrophe ' key as it just brings up some stupid search bar at the bottom of the screen... no idea why it does it, only does it on this site though.
Last edited: