16 replies [Last post]
gary.turner
gary.turner's picture
Offline
Moderator
Dallas
Last seen: 13 hours 1 min ago
Dallas
Timezone: GMT-5
Joined: 2004-06-25
Posts: 9738
Points: 3817

No one likes it that their favorite browser has a critical security vulnerability. On May 7, 2005 a critical level security advisory was made public. A work-around called for disabling javascript or removing all but Mozilla.org from your install white list.

That's the bad news. The good news is that both Mozilla and Firefox have upgrades as of May 11, 2005 that fix the problem, and that the exploit never got past proof of concept level. No known exploits in the wild exist. Granting that the issue has been kept private for probably a month, the problem was still fixed in a timely manner.

By way of comparison, I recall a security issue with IE6 and Konqueror a few years ago that allowed bad guys to pass bad SSL certificates. The browsers were satisfied you had a secure connection if there was any certificate, not caring who it certified. Again, open source Konqueror had it patched in a month. I think it took MS a year or so to get SP1 to us. How long was it and how many exploits have there been before SP2 arrived? (Not that it helps me and my old 98se box.)

Looking at the minimal damage caused by Moz issues and the quick response to any threat, I cannot understand why anyone would use IE when a safe and secure browser is available.

If anyone hasn't yet, go get Firefox 1.0.4 or Mozilla 1.7.8. There's no good reason not to.

cheers,

gary

If your web page is as clever as you can make it, it's probably too clever for you to debug or maintain.

technossomy
technossomy's picture
Offline
Enthusiast
Last seen: 4 years 44 weeks ago
Timezone: GMT+1
Joined: 2004-06-09
Posts: 260
Points: 8

Firefox and Mozilla vulnerabilities vs MSIE

Good point. If I may add a suggestion, could we have news snippets like these on the main page of this forum? Also DCElliots addition (http://www.csscreator.com/css-forum/ftopic6158.html) is one that is definitely worth broadcasting to the audience of this site.

Best wishes

Tech

Terminator1138
Terminator1138's picture
Offline
Regular
Last seen: 5 years 51 weeks ago
Timezone: GMT-5
Joined: 2005-03-16
Posts: 12
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

I always keep things updated, however as firefox progresses, I have noticed more little bugs, Im still a big promoter and believer, but sometimes i have to switch to opera to get things to load.

Develop The Web
Moving the web forward ===>

thepineapplehead
thepineapplehead's picture
Offline
Guru
Last seen: 47 weeks 5 days ago
Timezone: GMT+1
Joined: 2004-06-30
Posts: 9668
Points: 801

Firefox and Mozilla vulnerabilities vs MSIE

Quote:
By way of comparison, I recall a security issue with IE6 and Konqueror a few years ago that allowed bad guys to pass bad SSL certificates. The browsers were satisfied you had a secure connection if there was any certificate, not caring who it certified. Again, open source Konqueror had it patched in a month. I think it took MS a year or so to get SP1 to us. How long was it and how many exploits have there been before SP2 arrived? (Not that it helps me and my old 98se box.)

Love it Laughing out loud

Firefox is great because as soon as a patch for a bug is fixed, they release the next revision. Fair enough it makes for a lot of updating, but would you rather be vulnerable for months and months before a service pack is released? Thought not.

Verschwindende wrote:
  • CSS doesn't make pies

Chris..S
Chris..S's picture
Offline
Moderator
Last seen: 6 years 42 weeks ago
Timezone: GMT+1
Joined: 2005-02-22
Posts: 6078
Points: 173

Firefox and Mozilla vulnerabilities vs MSIE

Is it just me, or in FF1.0.4 has the behaviour of highlighting in the address bar changed?

Joseph Sprint
Joseph Sprint's picture
Offline
Enthusiast
Last seen: 4 years 46 weeks ago
Timezone: GMT+1
Joined: 2005-04-15
Posts: 381
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

Havn't noticed a change, it still seems naf compared to internet explorers address bar.

thepineapplehead
thepineapplehead's picture
Offline
Guru
Last seen: 47 weeks 5 days ago
Timezone: GMT+1
Joined: 2004-06-30
Posts: 9668
Points: 801

Firefox and Mozilla vulnerabilities vs MSIE

What do you mean, changed?

Verschwindende wrote:
  • CSS doesn't make pies

Chris..S
Chris..S's picture
Offline
Moderator
Last seen: 6 years 42 weeks ago
Timezone: GMT+1
Joined: 2005-02-22
Posts: 6078
Points: 173

Firefox and Mozilla vulnerabilities vs MSIE

one click is now cursor at the point clicked. I am sure before one click highlighted the whole address.

HellsBells
HellsBells's picture
Offline
Leader
Bedford, UK
Last seen: 11 years 11 weeks ago
Bedford, UK
Joined: 2004-04-07
Posts: 851
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

Still highlighting the whole address for me...

My strategy is so simple an idiot could have devised it!

"Also, your CSS (no offence) makes me want to gouge my eyes out with a rusty spoon" - TPH

nix
nix's picture
Offline
Enthusiast
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Last seen: 10 years 7 weeks ago
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Timezone: GMT-4
Joined: 2003-08-12
Posts: 159
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

since we're comparing FF with IE...

IE7 will have tabbed browsing and better PNG support!

FF has some problems, slow load up speed, and some layout issues that tick me off real bad.

I refuse to be like the faceless masses of sheep and have a signatu......awwwwwwwww CRAP!!

Backups? Ha! I've never had troub**&{[}$$ERROR NO CARRIER

Fruitcake
Offline
Enthusiast
Perth, Australia
Last seen: 11 years 15 weeks ago
Perth, Australia
Timezone: GMT+8
Joined: 2004-04-12
Posts: 257
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

Firefox is just awesome Laughing out loud
It's now my full-time browser apart from IE required sites.

I am Dan, Dan I am.

gary.turner
gary.turner's picture
Offline
Moderator
Dallas
Last seen: 13 hours 1 min ago
Dallas
Timezone: GMT-5
Joined: 2004-06-25
Posts: 9738
Points: 3817

Firefox and Mozilla vulnerabilities vs MSIE

nix wrote:
since we're comparing FF with IE...

IE7 will have tabbed browsing and better PNG support!

FF has some problems, slow load up speed, and some layout issues that tick me off real bad.
About time, isn't it? Mozilla/Phoenix has had tabbed browsing for what, five years? Opera's had it even longer. And png images? How far behind the curve can one browser be?

Cold start speed? IE may have a smidgeon on Firefox. It should, considering it's half loaded by default.

What are those layout issues? Firefox seems to be the single most compliant browser out there. I cannot, off hand, think of a single non-trivial issue that Firefox mishandles. This forum wouldn't be nearly as necessary were IE as good.

How many years will it take for IE7 to have a market share we can appreciate. As far as I am aware, it will only be available for XP, and Longhorn (if it ever comes out). Where does that leave the folks running 95 (yes, they're out there), 98, 98se, 98me, 2K, and NT4. As far as that goes, why haven't there been security upgrades for IE6 ported to all MS OSs still in common use?

If you're putting your hopes in IE7 being the next coming of the promised one, you're definitely a poster child for the word 'faith':
    The assent of the mind to the truth of what is declared by another, resting solely and implicitly on his authority and veracity, without regard to fact.
cheers,
gary

[/]

If your web page is as clever as you can make it, it's probably too clever for you to debug or maintain.

nix
nix's picture
Offline
Enthusiast
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Last seen: 10 years 7 weeks ago
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Timezone: GMT-4
Joined: 2003-08-12
Posts: 159
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

kk5st wrote:

What are those layout issues? Firefox seems to be the single most compliant browser out there. I cannot, off hand, think of a single non-trivial issue that Firefox mishandles. This forum wouldn't be nearly as necessary were IE as good.

http://www.csscreator.com/css-forum/ftopic8937.html

I've mentioned it before here and at other places.

also, check out this site: http://www.isopach.com . The chains holding the menu up are screwed up. I've only noticed this problem twice. The first time I fixed it because it was my own job, but this one I have no part in and think it could be a problem for other FF users when they view such sites.

This problem only ever shows up in FF. It is perfect in IE. Explain how this could be.

I refuse to be like the faceless masses of sheep and have a signatu......awwwwwwwww CRAP!!

Backups? Ha! I've never had troub**&{[}$$ERROR NO CARRIER

gary.turner
gary.turner's picture
Offline
Moderator
Dallas
Last seen: 13 hours 1 min ago
Dallas
Timezone: GMT-5
Joined: 2004-06-25
Posts: 9738
Points: 3817

Firefox and Mozilla vulnerabilities vs MSIE

In the first case, I don't see the problem you're talking about. Did you fix it? I can see that there is no DTD or character encoding, making the page invalid html. That makes the page dependent on IE running in quirks mode, using an improper box model. As to the Flash, there is a way to write valid html, embedding a Flash object. See http://www.alistapart.com/articles/flashsatay/

The second example is simply Moz's own version of the white space bug. Fix it by removing the \n between </tr> and <tr>. Better yet, the page should be refactored as well structured, semantic html + css. That is a trivial bug, and one that also has its variations in IE.

cheers,

gary

If your web page is as clever as you can make it, it's probably too clever for you to debug or maintain.

DCElliott
DCElliott's picture
Offline
Leader
Halifax, Canada
Last seen: 2 years 10 weeks ago
Halifax, Canada
Timezone: GMT-3
Joined: 2004-03-22
Posts: 828
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

I notice a previous thread of mine regarding backdoor access to FF1.0 was mentioned above - the ftp link in that thread no longer works but the one below mirrors new FF releases:
http://ftp.surfnet.nl/pub/internet/mozilla/mozilla.org/firefox/releases/
.

DE

David Elliott

Before you ask
LearnXHTML|CSS
ValidateHTML|CSS

nix
nix's picture
Offline
Enthusiast
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Last seen: 10 years 7 weeks ago
(n): a position or site occupied or available for occupancy or marked by some distinguishing feature
Timezone: GMT-4
Joined: 2003-08-12
Posts: 159
Points: 0

Firefox and Mozilla vulnerabilities vs MSIE

kk5st wrote:
The second example is simply Moz's own version of the white space bug. Fix it by removing the \n between </tr> and <tr>. Better yet, the page should be refactored as well structured, semantic html + css. That is a trivial bug, and one that also has its variations in IE.

How would you go about doing that? I had the guy (my bro) remove the whitespace from the tr before and leading up to the space issue and no dice.

I refuse to be like the faceless masses of sheep and have a signatu......awwwwwwwww CRAP!!

Backups? Ha! I've never had troub**&{[}$$ERROR NO CARRIER

thepineapplehead
thepineapplehead's picture
Offline
Guru
Last seen: 47 weeks 5 days ago
Timezone: GMT+1
Joined: 2004-06-30
Posts: 9668
Points: 801

Firefox and Mozilla vulnerabilities vs MSIE

Um, this is completely going off the topic.

However, the whitespace is still there:

<tr>
    <td><img src="images/spacer.gif" width="198" height="1" border="0" alt=""></td>
    <td><img src="images/spacer.gif" width="1" height="1" border="0" alt=""></td>
    <td><img src="images/spacer.gif" width="794" height="1" border="0" alt=""></td>
    <td><img src="images/spacer.gif" width="5" height="1" border="0" alt=""></td>
    <td><img src="images/spacer.gif" width="1" height="1" border="0" alt=""></td>
  </tr> <-- here
  <tr>

Verschwindende wrote:
  • CSS doesn't make pies