Forum Moderators: open
A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla official said today.
The browser will crash if it visits a Web page that been intentionally coded with JavaScript in such a way as to target the bug...
[pcworld.com...]
This new story follows on from earlier (debunked) claims of unfixed serious vulnerabilities on Firefox, as well as two contested bugs is IE7.
My analysis: it seems that there is a huge amount of media noise around the IE7/FF2 browser battle, and there are a lot of "security" companies resorting to hyperbole and tenuous claims whilst trying to build a reputation amidst all the hype.
What do you think about these kind of reports?
As an example, the story you cited gives most of its column inches to the report about a brand new trivial Mozilla bug and reserves notice about a potential dangerous issue with IE7 that has been around for at least 2 years until the final, short paragraph.
Microsoft charged a behavior cited as a vulnerability in IE7--where a pop-up window can display content from a different, untrusted Web site--isn't a bug, but a feature
(Love that spin! "Why fix it? What was once a security risk is now a feature!")
Reading the earlier article about the IE6-7 "feature" reveals that "feature's" true nature ... a conduit to cross-site scripting/phishing attacks. The "fix"? Disable a different "feature" in the browser.
Thinking about PCWorld magazine and their #1 advertiser (can you guess who?) leads me to take their reporting on these types of things with a huge grain of salt.
