This week a number of different security researchers exposed three new flaws in Mozilla's browsers, including Firefox. Secunia, a security firm, reported a download spoofing flaw which could trick users into downloading something they don't expect.
iSEC Perhaps, a Polish security firm, told of a buffer overflow bug with the NNTP. This bug could allow code to be run whenever a news:// connection is made.
Last is a flaw in how Mozilla Thunderbird and Firefox handle temporary files. Secunia security research firm states that since the flaws were first discovered in August 2004, four of the five remain unpatched.
As more people make the switch to a 'safer' browser than IE, they'll discover what Mozilla has to offer really isn't any better. The more people that switch, the more flaws will be found.
IE6 is a very slow & unstable browser, Firefox so far for me has been 99.99% rock solid in performance (it crashed once 3 months ago) No contest really, if I can find a way of ditching IE off my harddrive I will.
it's a perfect summary. You're the one with the agenda. Trying to discredit a perfectly good summarization just because you don't want your browser having flaws. The summary says nothing about what I think of Mozilla products. My comment does, but not the summary. If you gave me a bad rating, I demand you or an admin give me my 100% back.
The download spoofing flaw was reported by security firm Secunia this week. This flaw could allow a malicious user to make a downloaded file appear to be coming from a different source than it actually is, which could be used to trick users into downloading something that they're not expecting.
Bugzilla, Mozilla's bug tracking system, has assigned repair responsibility to Mozilla staffer Ben Goodger. According to Mozilla, the bug carries a "normal" severity rating; Secunia has currently rated it as "less critical." Users are warned not to download material from untrusted sources.
and:
A third Mozilla vulnerability reported by security firms ptraced.net and Gentoo Foundation has revealed a potential problem with the way Mozilla Thunderbird and Firefox handle temporary files. Martin from ptraced.net discovered that temporary files in Thunderbird 0.8 and 0.9.3 were stored with predictable names in a world-readable format, which could potentially expose a user to risk.
So, let's see.. of the three flaws, one is listed as not being critical, one is in a tool (NNTP) that hardly anyone, especially those in the most danger of exploitation, uses anymore, and the third is found in BETA software. No mention is made at all of the third flaw being in the released "gold" code.
Highly biased reporting, poor summarizing, whatever the case, bad story.
The summary is perfect and unbiased. Read the damn article, all I did was reword it. You have to specifically point out to me where I was biased in the summary. You can't say it never claimed to be safe because that's why so many people switched, because it was safer than IE, less security flaws etc. If you are going to deny that, then you're just lying in order to protect your views of Mozilla and your blatant hatred of MS. Where sjava did I say anything about how critical the flaws were? Where did I say anything about Mozilla or Firefox sucking? WHERE! I demand the negative assessments be taken off and I will go to an OP if needs be. You guys are so lame. Your summary is no different than my summary, so where's the bias? Quote it for me from my own summary! Hell, use the actual article and compare it to what I said. You won't find any different except wording. No bias or anything of that nature.
you said exactly the same stuff I did, except you had more than 750 words to do it in. The article listing the three flaws and the percentage of people who were patched. What did I do? I listed a brief description (brief because i only get 750 words total for the whole article) and listed a percetage of the people who are unpatched. I didn't once say that these flaws were in any way critical. As for the title, one of the main reasons people switched to Mozilla was all the security flaws in IE. You can not say that's not one of the reasons. Repeat, you can not say that's not one of the reasons. Don't make me post articles of people claiming how much safer it is. Again, I never said Mozilla was fort knox of web browsers. All I said was it's not so safe, meaning it's not as safe as it used to be, but that's a really lame title. Bad story? I'm not the one who wrote it. You're just pissed off that your flagship web browser isn't as safe as it used to be so you have to discredit and slander the person who told you and others this rather than admit firefox isn't as safe as everyone thinks it is.
for starters, you say that 80% of users remain unpatched which is untrue. 80% of the 5 advisories issued by Secunia since August 2004 remain unpatched (that equals 4 for the math impaired)
the next issue I have with your story is you don't bother to report which versions of what are affected. You make a blanket statement of "Mozilla's browsers", "Firefox" and "Thunderbird". That would be the equivalent of my saying "Windows has flaws" without saying which release of Windows I was talking about.. except in that case it would probably hold true for ALL versions of Windows anyways.
Whine and cry to an OP all you want, I actually never scored your story with an assessment, but I think I will now.
I posted the actual article, verbatim in my initial post, sure I went over the 3x250 limit, but it would have been terribly easy to get relevant info about all 3 of them in there.
Your post suggested your bias, your vehemence screams it, you're a Microsoft bigot.
...I was being nice to you. You just spent the credit.
I did read the source article. Quite throughly, actually. Some of the other commenters obviously did too. Suggesting otherwise is rude.
Your title is taunting. Your summary is a biased summary of a biased article. It ignores the main difference between the main rivals (IE and Moz) which is developement strategy (besides performance at the moment).
I only gave you a Bad rating. Your handling of criticism is Very Bad.
Article - "Based on five advisories issued by security research firm Secunia since August 2004, 80 percent currently remain unpatched."
Me - "Secunia security research firm predicts that since the flaws were first discovered in August 2004, 80 percent of Mozilla users remain unpatched."
You - "80% of the 5 advisories issued by Secunia since August 2004 remain unpatched (that equals 4 for the math impaired)"
Let me repeat what I said because you are only reading what you want to read.
"Secunia security research firm predicts that since the flaws were first discovered in August 2004, 80 percent of Mozilla users remain unpatched."
First off, they predict, they are not saying this is a factual number. Second of all I said that the firm predicts that since the flaws, meaning the three flaws I'm talking about, no other flaws, just those three that I mentioned.
As for my summary being biased...how so? Where in the article to I compare it to anything? Show me, point it out because I can't see it. How do I slander Mozilla in any way? The article was on nothing other than three new security flaws found in Mozilla products. That's all the article is about. How is that biased? It also says nothing about IE or any Mozilla competitors, nor does it slander them. MS has articles about their security flaws all the time and that's all they talk about, nothing else. They even get posted to SN sometimes and no one says that person is being biased against MS. You guys are so defensive because I posted an article that says Mozilla has flaws. If you want to complain about the title then I'll accept a change in the wording from so to as. Reading Mozilla No Longer As Safe. Which would be true, because these are new flaws which means it's not as safe as it was. Not once did I mention it was perfect. Also, for you to rate the article negative based on comments, not the article is also slander and the admins will know.
information. Like I said, I only have three sets of 250 letters each. Last time I said words, but I forgot, it's only letters, including spaces etc... The jist of the article was about the flaws, so I mentioned the flaws. The article closed with number of people unpatched for these particlar flaws, so I closed with that. There isn't room for mentioning what versions are affected by what, sorry, blame SN for the lack of space, not me. I covered the main text of the article, it's a summary afterall. If you want more detail, read the damn article. You guys are sad, just reading what you want to read.
You - "the next issue I have with your story is you don't bother to report which versions of what are affected. You make a blanket statement of "Mozilla's browsers", "Firefox" and "Thunderbird"."
Article - "A trio of newly exposed flaws in Mozilla browsers (including Firefox) was announced this week by a number of different security researchers."
Me - "This week a number of different security researchers exposed three new flaws in Mozilla's browsers, including Firefox."
Gee, sorry again if there's not enough room to list which versions and what's critical and what's not, hmm, let's do a test.
"The bug exists on at least Mozilla 1.7.3 and, according to the Mozilla Foundation, it has been fixed in version 1.7.5. Gentoo Foundation has revealed a potential problem with the way Mozilla Thunderbird and Firefox handle temporary filesMartin from ptraced.net discovered that temporary files in Thunderbird 0.8 and 0.9.3 were stored with predictable names in a world-readable format, which could potentially expose a user to risk."
I pasted this into Word and it's 431 characters with spaces. That's over half my summary just to jibberishly tell you what versions are affected by what. Guess what, it's not plausible to put them in the summary. You want detail, read the damn article. Also, if I wanted to slander, if would've included this comment in the SUMMARY.
"Prodeus wrote. "I decided to make this bug public because Mozilla Team hasn't warned users.""
Gee, looks like MS to me. Someone else has to warn the public about it's software's flaws.
"MS has articles about their security flaws all the time and that's all they talk about, nothing else. They even get posted to SN sometimes and no one says that person is being biased against MS."
as some of you will no doubt notice, the majority of bad assesments to this news have been removed.
As has one error in the summary regarding patching.
Let me also add, if you want to flick wet towls at each other whilst screaming "My browser is better than your browser" take it to IM please.
The summary was correct in all bar one area, which should, if anything have prompted a too many errors rating at _most_ and more sensibly a post directed at the user who submitted it along the lines of "small error".
Now for the source article, accurate/inaccurate/biased/unbiased is irrelivant to your ratings. You are rating the users summary of the source, not the source, hence why only one bad rating remains, the only one I see as relevant to the summary of the source.
To start off... Let me say I don't care what browser I use as long as it works.
Now after reading the summary of the source I didn't notice much of any 'bias' at all. I don't think I could write a source more unbiased.
For the commenters- Why do you guys get your panties in a bunch when there is a 'flaw' in the browser you use? Who the hell cares? It's not like your penis went down an inch. I usually try not to write comments but after reading this I feel so sad that people would actually cry over bias in a news article because their browser wasn't perfect.
First off the news link buffer overflow problem was already patched before this even came to light in the news. That right there shows you how much better Mozilla is at patching stuff before it starts causing mass problems like IE. The temporary file issue I don't see much of a problem with... just dump your cache if you are paranoid! In contrast IE names everything with the file extension that it really is so it is way easier to see what someone is doing online. Also need I mention that this was in Thunderbird v .8-.9.3? Thunderbird is now at 1.0... many upgrades since then. The article doesn't even say what versions of Firefox/Firebird were affected with it. So basically the only known security flaw that is current is the address spoofing for a file download. This isn't a big deal really unless you are going to shady websites anyways!
I threw down 2 grand on a new laptop in August and have ran Mozilla on it almost exclusively. The one time I fired up IE6 a few months ago just to update everything. My browser got hijacked to some stupid search site, plus I was completely overran with pop-ups. You know how many times this has happened with Mozilla? None! Nadda! Zilch! ZERO times! No popups! No hijackings! I havent even gotten a virus since Ive been running Thunderbird for email and Norton as my anti virus. I normally reformatt the HD every few months to keep my system running like new with a fresh install of everything. But for the first time since the internet I havent had to do that yet. So I dont really care what this firm has to say about the few bugs in Mozilla. It works thousands of times better than IE. When you get on your computer to do some work or research, you shouldnt have to do battle just to get your browser to work right. I recommend Mozilla Firefox to anyone who is tired of all the IE crap.
Netscape is pretty good too, but Mozilla is better and getting better everyday.
Anyway, NEVER in all my years using the internet have I come across news:// so I personally will continue to worship firefox. Dont see any government departments warning against firefox, whereas you do against IE6.
Quit commenting on peoples genitals. Yes I use Mozilla. And IE, Konqueror etc... depending on many things.
OK, 'bias' may be a strong word, but this 'news' is really pretty silly, and the SN summary was even sillier and - if you ever spent some time actually contributing to moz - a little offensive.
The cop who deleted most of the negative assessments is walking a razors edge too - following such a strict scheme, those foolish Very Good ratings for being Entertaining should defenitely be deleted too.
As for the 'news': as shown elsewhere in comments its WAAAAY over exposed. Those 'flaws' consern old versions dealing with arcane internet technologies or depends on running windows. I consider them a marketing ploy by those security companies at best.
I suppose it's everyones right to summarize a bad news item on SN, but it's also everyones right to give them bad ratins then! It reminds me of when I wrote 'Bush is loosing it' - I deserved a mix of good and bad ratings, and that news belonged in soft news where I put it. 'Mozilla No Longer So Safe' could be moved to soft news too.
Every time I downloaded something it wasn't what I expected. One time I downloaded something from WWE and it turned out to be a porn flick with the heading wwe wrestling.
Ive been using IE since its been made, and Ive never had a problem with it. Yes there are falws, but if you know how to "use" your computer properly, then there wouldnt be problems.
In all my expereince with computers, i can summerize that 90% of computer related issues revolve around the user him/her self. So if people complain about an issure with IE, its cuz they doin something stupid.
Ill give credit that firefox is "safer", but still, its only a matter of time before some big flaw is found. When IE first came out, it was safe too.
@hunt3r: I am curious how you can use IE without any problems. I changed ActiveX to request to be run but then it would just sit there after you accepted it.. even on the Windows Update site (only thing I use IE for). In order to be 'safe' with IE you need to severly limit what it normally can do or install extra software to filter the crap out. BTW do you ever scan for spyware/adware? I can honestly tell you that while using Firefox/Firebird I have never had any malware installed. But when I use IE I scan right afterwards and find crap sometimes without going to any shady sites. How can you blame all the computer illiterate people out there for not knowing that they are infecting themselves by just browsing a few websites? If they know about the security risks of IE then it is a different story. IE is to a loaded, cocked gun as Firefox is to a gun with a lock on it.
your right. About the only way you can use IE without problems is to stay offline. No, wait. Even then it crashes.
hunt3r So far your the only person Ive found on the net talking about how good IE is. Dont be so naive to think that every user, hacker, programmer, and tech that curses IE's constant problems. Is using their computer wrong. If it was all user error why is there a patch at least weekly to fix it?
I am a network admin, ive been using IE sincei t first came out. Ive had my problems with it before, but Ive alwasy got the problem ironed out.
I run my home pc with an iron fist, and trust me, theres no spyware on my computer AT ALL. Cuz i set it to require a permisson to do anything on my computer, Ill praise XP sp2 while im here too.
Ill still blame all the problems on the users for screwing things up on there own.
Well it's good that you know how to take care of your computer if you choose to use IE but why should you expect the average user to somewhat cripple IE in order to use it securely? Since you use IE with ActiveX set to asking for permission then you realize how annoying it is to be asked for permission on all the sites and how quickly it can get annoying enough to turn it back to allowing ActiveX. Not to mention the problem I stated before about ActiveX not running correctly after being asked and given permission to download and run. I'm not sure what type of users you have in your company but if they are like any others then it is ignorant to believe they could use IE without any additional software or hacks to limit what users can do. MS left ActiveX so wide open that it is a security risk to use it outside of MS's sites. I see no reason why users should feel they need to use IE anymore. There are other options that work close enough with the scripting standards to be feasible alternatives. Websites that don't work correctly with other browsers are because they use proprietary plugins, scripts (ActiveX, VBScript) or unstandardized Javascript that breaks compatibility on different browsers. The bottom line is that this whole mess with spyware, etc can be blamed on MS for being too quick to jump the gun with ActiveX!
I think IE is on v.6 now :S. And I still get better performance off firefox. Ill take the 3 flaws over the crash bug with 11 bytes on IE. Thats right...i can crash it with 11 bytes.
How can you be so sure that you don't have any malware on your computer without doing a scan. Theres alot of malware that comes onto your computer even without you accepting any notification.
Also, since you want to take the time to praise SP2.. i'll take the time to bash it. Just yesterday Secunia updated the status of a highly critical bug with IE/XP but the best part about that is.. it only affects SP2. XP and SP1 boxes arent affected by it. I thought Xp SP2 was suppose to be secure. Also microsoft was notified about it 3 months ago and they still haven't released a patch fixing it yet.
There seems to be a whole lot of bias against MS here. Like another reader earlier, I have been using IE since it came out and have had very few problems with it. Virtually all the system errors I see are user related. As for a novice knowing how to keep out of trouble, I personally don't see how they can keep a system online at all...not because of IE but because of idiots who keep trying to screw things up. Give Mozilla as long to be hacked as IE and then see who is safer. As a programmer, I know how hard it is to try to idiot-proof a program. No matter what you do, there is always some $hithead out there trying to hack it just to be able to brag that they can. What we really need is a world less greedy and a lot more people who will mind their own business. I have both Mozilla and IE on my computers and bugs or not, I CHOOSE to run IE. I can go to one as easily as the other but I CHOOSE IE. Flaws? I can find flaws in just about anything, including the logic behind most of these arguments. To each his own! If you like Mozilla, by all means use it! If you don't like IE, don't use it! However, your personal opinion is exactly that, YOUR OPINION! It's worth a whole lot to you but is just about totally worthless to anyone else. As far as opinions go, I think AOL is about the most stupid service out there but I see people using it all the time. They choose to use it for their own reasons and don't need my opinion or approval. So be it. Bottom line, shut up and color with whatever your color of choice is!!!
vcc, while I agree with you about aol. Right now its not a matter of opinion that IE is not as safe as netscape or mozilla. Yeah, you can hamstring IE so that it asks you before it does anything. What a pain in the ass that is. We shouldnt have to tell our machines every line of code to run.
Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.
It doesnt say mozilla or netscape are affected. In fact:
"Security experts note that the problem does not affect other browsers. "
What can you do about it? They say:
Microsoft is recommending that users turn off the "Drag and drop or copy and paste files" option in Internet Explorer and set security levels to high for the Internet zone.
But this does not guarantee anything.
Bottom line. If you dont want this to affect you. Dont use IE. Thats not an opinion. Thats a fact.
If you are in IE your browser will display paypal.com, but its not. It exploits the security vulnerability in IE to show how hackers can run malicious code on your system.
However, if you are running firefox, it does nothing.
Warning! This is not a personal opinion. It is for real.
users cause the browser to go to a site with malicious code. Even if it was code running in the background of a webpage, the user still went to that webpage. Only acceptable answer for it not being the user is if a vey clever trojan gets in, but that very possibly has nothing to do with whichever web browser you use.
Doesn't matter what browser you use, it all comes down to user error.
New solution. You can get on the internet so long as you dont goto any web pages. Kinda stupid solution dont ya think? After all your on a web page right now. It could be running malicious code in the background and you would never know it.
Just stop using IE. It does matter what browser you are using. These problems have no effect on mozilla. If you are still using IE in light of all this you deserve whatever you get. Even if you dont know it yet.
because every website on the internet runs malicious code. Way to use a good arguement there, real powerful stuff. Shortnews has malicious code, amazon has malicious code, ebay has malicious code. Jeebus, all my favorite sites have malicious code, guess I better not use the internet unless I'm using firefox. Again I say, excellent arguement on your part.
Why can't you just admit it's user error? There is code that affects only Mozilla browsers. By your logic, it's Mozilla's fault if someone goes to a webpage with malicious Mozilla code, rather than the users. Just like IE, not every site has malicious code. It's your fault if you went there, not MS's and not Mozilla's.
because going to a website is what a browser is for. If they were trying to make toast with their browser and it screwed up their computer that would be user error. When you are on a site with code running in the background, you dont know it. Unless of course you are "the one" Nemo.
It isnt user error when a person uses a device in the way it was intended and that device screws up.
I posted the links above for you to see for yourself. Download a copy of mozilla and see. Its easy and its free. These IE security flaws allowing hackers to run code on your pc have no effect on mozilla.
IE screws things up even with all the security features engaged and neutering the browser. This is not what the browser is supposed to do. It is designed to surf the net without downloading viruses on your computer. IE doesnt have to be on a website for this to happen.
The only thing I see as being user error here is the fact that some people ignore the facts about IE and continue using it. If these people get a virus or their computer crashes they will complain, but in the end the user error is Running IE.
Im not saying all sites have malicious code running. Im saying they could and you wouldnt know it. If you are using IE right now that would affect you. If you are using a browser that code does not effect then it dont matter whats running behind the scenes. Like Mozilla for example. Ar you new to the internet? Jus kiddin.
Sure Firefox has its problems but take that in account to Internet Explorer's (reason why windows has sucked soo much after the IE implmentation). Firefox still can hold the title of being "safe" for that reason. So its not perfect. What is?
As any SE will tell you, security is a trade off for user friendliness - the more user friendly, the less secure. You can strive for an optimal point where the software performs its intended function as securely as possible, but the only way to make a computer, or software completely secure is to isolate it.
Why is Mozilla fundementally more secure than IE? It's built to be a web browser. IE is built to be a core technology that is used in other products, not simply a web browser. Microsoft could, if they wanted, improve the security of IE by changing certain design considerations, such as sand-boxing.
Did you know that explorer is integrated with IE? It is. Poor design, security wise.
I can give more detail, but for most it would serve little purpose.
Yes, you can run a relatively secure system using IE as your main browser - such a system is NOT user friendly, and not going to be usable or appealing to the masses that compose the Internet community.
