Thanks Imaster. It comes as no surprise that there are vulnerabilities (any browser IS software, after all) and I'm glad they're being uncovered. And given the Moz developers' track record, they'll be patched in short order, I hope.
From the 2nd link above - the ZDNet article:
|One reader even took issue with the claim that Firefox is inherently more secure than IE. "Firefox may offer some 'security through obscurity', but once it gets to any sort of critical mass then it will be targeted. Since the hackers have the source code their lives will be that much easier, and when a patched version is released it will be easy for them to see where the vulnerability is and target older versions," said one London-based IT worker. |
I've heard this argument before - in this very forum. It sounds right, on the surface, but I don't think it is. Time will tell, of course, but the kinds of liabilities IE has given us, where just visiting a web page downloads a worm and so on, are not likely to be found in Moz/Firerox.
Of necessity any non-MS browser is not so tightly tied to the operating system the way IE is - and that "integration" is the source of many vulnerabilities. So while it is true that a higher market share will bring more attempted exploits, I still doubt we'll see the same severity of security problems that have plagued Internet Explorer.
Hackers don't need access to the source code to exploit vulnerabilities (if they did IE would be totally safe) so the argument that this makes Firefox weaker than IE is completely false.
I've used FireFox exclusively for the past few months and I love it. I've only had a couple of sites that won't work because of it, but other than that it's great!
With regards to hackers, whadaya gonna do? No browser is gonna stop 100% of it.
Moz and FF will start getting some heat as they gain popularity and will understand first hand what IE has had to endure all these years.
The true test of quality will be the speed at which a problem is recognized and corrected.
Also a factor in market success - which organization is better at spin and playing the media. Here's where mediocre products can still previal despite the fact that there are better alternatives. We've seen it over and over, in technology and elsewhere in the market.
So, here's where it gets interesting to me. Whatever I read, I like to look under the surface a bit for the hidden motivation, the roots.
I'm hoping this forum can be a place where do exactly that, and sort out the spin for what it is - wherever it originates.
justgowithit, there have been security holes in Mozilla/FF in the past, so it's not like no one has been looking for them before. How secure a browser is doesn't depend on how widely used it is. And with the $500 bounty on security flaws found in Mozilla, I'm sure more people than ever before are trying to find new ways to compromize Firefox. Money is always a nice incentive.
These two new ones aren't exactly critical vulnerabilities either...
every serious coder I know is willing to go to great lengths for the $500 *and* the claim of having submitted/been-paid for a Mozilla bug. It's a nice bounty.
but these are both bugs from older versions. They were removed by Mozilla themselves.
Mozilla, should add an "auto-update" feature to their browsers that automatically update to the latest versions.
|Hackers don't need access to the source code to exploit vulnerabilities (if they did IE would be totally safe) so the argument that this makes Firefox weaker than IE is completely false. |
Totally agreed. After all, Apache seem to be doing quite nicely.
They don't NEED the source code, but wouldn't having it make it easier - assuming you know how to read it, of course?
|Mozilla, should add an "auto-update" feature to their browsers that automatically update to the latest versions. |
This is already there in firefox 1.0
I dont know wether this is related to this thread but Firefox (Mac OSX version) seems to have a bug regarding 301 redirects.
Once the browser reads the redirect, there is no way to load the old page, even if the redirect instruction is no longer there on the server.
If you are testing htaccess files it can be a nightmare!
Maybe some other user could corroborate this problem in another platform.
If I understand you correctly, clearing the cache would probably work.
It does! What a fool I am.
However, perhaps a simple reload should be enough for this..?