Welcome to WebmasterWorld Guest from 3.227.2.109

Forum Moderators: open

Message Too Old, No Replies

Mozilla confirms second FF 2.0 bug, downplays significance

Denial of service issue

     
7:05 pm on Nov 2, 2006 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9074
votes: 6


Another minor bug in Firefox 2.0 has been confirmed by a Mozilla spokesman, although it apparently represents no danger to end-users:

A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla official said today.

The browser will crash if it visits a Web page that been intentionally coded with JavaScript in such a way as to target the bug...

[pcworld.com...]

This new story follows on from earlier (debunked) claims of unfixed serious vulnerabilities on Firefox, as well as two contested bugs is IE7.

My analysis: it seems that there is a huge amount of media noise around the IE7/FF2 browser battle, and there are a lot of "security" companies resorting to hyperbole and tenuous claims whilst trying to build a reputation amidst all the hype.

What do you think about these kind of reports?

9:51 pm on Nov 2, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 20, 2004
posts:1477
votes: 0


I think it's important to look at who is publishing the report and try to get the real story by seeking out additional sources of information.

As an example, the story you cited gives most of its column inches to the report about a brand new trivial Mozilla bug and reserves notice about a potential dangerous issue with IE7 that has been around for at least 2 years until the final, short paragraph.

Microsoft charged a behavior cited as a vulnerability in IE7--where a pop-up window can display content from a different, untrusted Web site--isn't a bug, but a feature

(Love that spin! "Why fix it? What was once a security risk is now a feature!")

Reading the earlier article about the IE6-7 "feature" reveals that "feature's" true nature ... a conduit to cross-site scripting/phishing attacks. The "fix"? Disable a different "feature" in the browser.

Thinking about PCWorld magazine and their #1 advertiser (can you guess who?) leads me to take their reporting on these types of things with a huge grain of salt.