Welcome to WebmasterWorld Guest from 54.205.176.107

Forum Moderators: incrediBILL

Message Too Old, No Replies

Firefox 16 withdrawn due to security vulnerability

Firefox, security, vulnerability

     
2:42 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 7, 2003
posts:788
votes: 0


The vulnerability allowed "a malicious site to potentially determine which websites users have visited", Mozilla said.

[bbc.co.uk ]
5:15 pm on Oct 11, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23502
votes: 410


I'm pleased it was found at this stage and not after the its released.

It does seem a bad flaw, and follows on from the earlier bug in 15.
Firefox 15.0.1 Fixes Not So Private Browsing Bug [webmasterworld.com]

These bugs don't give me confidence.
5:16 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


No sooner than 15.0.1 was out, 16.0.0 appeared.

This "version numbers race" is insane.
5:23 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 14, 2010
posts:985
votes: 0


This "version numbers race" is insane.


Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts but maybe they should pass it on to the folks at W3C.
5:26 pm on Oct 11, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ken_b is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 5, 2001
posts:5777
votes: 87


I want my old 3.6 back!
5:31 pm on Oct 11, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


These bugs don't give me confidence.


The fact that they were quickly found and quickly acted upon is a good thing and should give you confidence that the developers are trying to stay ahead of the bad guys.

I'd be more worried if they weren't looking for vulnerabilities and if they found them, kept them quiet so unsuspecting surfers wouldn't know until it was too late.

This kind of thing happens when people escalate development cycles because it's too much too soon as everyone is racing to stay ahead of the competition and that's when security is more likely to suffer.

The problem is people quickly lose interest in any software if it has lengthy product development cycles so keeping it fresh and constantly releasing something new keeps it current in consumers minds, and the hackers.

Firefox should just dial it back a little.
6:42 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
posts:683
votes: 0


Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts...


They're smoking from the Agile Development Framework [en.wikipedia.org] crack pipe.

It's a fantastic method of developing software that ensures rapid releases cycles and quickly escalating version numbers, generates massive consulting fees and developer bonuses for all involved, while relieving the developers and management team of any responsibility for long term architectural decisions, vision, or generating actually sustainable code.

It's a very specific variety of Kool-Aid popular in Dot-Com circles right now. A similar variety was last tested in Jonestown.
6:57 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


"A camel is a horse built by committee decision".
7:41 pm on Oct 11, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


Things like this remind me of this old gem:
"If builders built buildings the way programmers wrote programs, the first woodpecker to come along would destroy civilization"
9:02 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 17, 2002
posts:2251
votes: 0


FF never offered me 16.0, but it just now asked if I wanted to install 16.0.1. I'm not sure what to do so I told it not right now thank you.
9:11 pm on Oct 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Presumably that's the fixed version. I'll let other people test it out first though.
3:34 am on Oct 12, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


They're smoking from the Agile Development Framework crack pipe.

Right - and that particular approach wasn't really designed for a hostile environment.

I love agile development in the right setting - as a friend of mine describes it "Do it wrong quickly." But when security is in the mix, then doing it wrong can be a major issue. I don't think banks work with agile development.
5:42 am on Oct 12, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 5, 2008
posts: 94
votes: 0


I want my old 3.6 back!


Agreed!
6:27 am on Oct 12, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


The old 3.6 leaked like a puppy.

No thanks.

They finally fixed the leak in FF 15 and I left it running for a week without rebooting it daily as the used RAM didn't balloon up to 2GB+ or more.
10:13 am on Oct 12, 2012 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2589
votes: 60


@GaryK, that is the fixed one: [mozilla.org ]

Browsers are a security problem. As I suggested in a recent discussion on the Linux forum, use OS level security (Apparmour on Linux, for example) to limit browsers access to the system. I also use multiple browsers to make it harder for important data to leak through XSS etc.
3:08 pm on Oct 12, 2012 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases.

For example, Windows 8. Previous version was Windows 7. Everyone knows that since that's a whole version number up, there are big changes afoot.

If Firefox decided to do something radical, something really impressive that we should take note of, how would that be named? Firefox 22? Or was that Firefox 23?

I think they're shooting themselves in the foot for a short term gain, but losing in the long run.

Back on topic though, I think I'll be waiting a little while too before I hit 16.0.1.
8:25 pm on Oct 12, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


You missed it!

16.0.2 is out today.



Just kidding :)
9:28 pm on Oct 12, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases.


It's a non-profit organization, you think they have marketing money? BWAHAHA!

I think it's more of a situation of keeping a rapid development pace just to prove their worth the grant money being wasted on Firefox.