Welcome to WebmasterWorld Guest from 107.20.34.173

Forum Moderators: incrediBILL

Message Too Old, No Replies

Firefox 16 withdrawn due to security vulnerability

Firefox, security, vulnerability

     

longen

2:42 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The vulnerability allowed "a malicious site to potentially determine which websites users have visited", Mozilla said.

[bbc.co.uk ]

engine

5:15 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



I'm pleased it was found at this stage and not after the its released.

It does seem a bad flaw, and follows on from the earlier bug in 15.
Firefox 15.0.1 Fixes Not So Private Browsing Bug [webmasterworld.com]

These bugs don't give me confidence.

g1smd

5:16 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



No sooner than 15.0.1 was out, 16.0.0 appeared.

This "version numbers race" is insane.

SevenCubed

5:23 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



This "version numbers race" is insane.


Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts but maybe they should pass it on to the folks at W3C.

ken_b

5:26 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member ken_b is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I want my old 3.6 back!

incrediBILL

5:31 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



These bugs don't give me confidence.


The fact that they were quickly found and quickly acted upon is a good thing and should give you confidence that the developers are trying to stay ahead of the bad guys.

I'd be more worried if they weren't looking for vulnerabilities and if they found them, kept them quiet so unsuspecting surfers wouldn't know until it was too late.

This kind of thing happens when people escalate development cycles because it's too much too soon as everyone is racing to stay ahead of the competition and that's when security is more likely to suffer.

The problem is people quickly lose interest in any software if it has lengthy product development cycles so keeping it fresh and constantly releasing something new keeps it current in consumers minds, and the hackers.

Firefox should just dial it back a little.

grelmar

6:42 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Isn't it. I can't imagine what the developers are smoking to get them so buzzed with quick version turnouts...


They're smoking from the Agile Development Framework [en.wikipedia.org] crack pipe.

It's a fantastic method of developing software that ensures rapid releases cycles and quickly escalating version numbers, generates massive consulting fees and developer bonuses for all involved, while relieving the developers and management team of any responsibility for long term architectural decisions, vision, or generating actually sustainable code.

It's a very specific variety of Kool-Aid popular in Dot-Com circles right now. A similar variety was last tested in Jonestown.

g1smd

6:57 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



"A camel is a horse built by committee decision".

incrediBILL

7:41 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Things like this remind me of this old gem:
"If builders built buildings the way programmers wrote programs, the first woodpecker to come along would destroy civilization"

GaryK

9:02 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



FF never offered me 16.0, but it just now asked if I wanted to install 16.0.1. I'm not sure what to do so I told it not right now thank you.

g1smd

9:11 pm on Oct 11, 2012 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Presumably that's the fixed version. I'll let other people test it out first though.

tedster

3:34 am on Oct 12, 2012 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



They're smoking from the Agile Development Framework crack pipe.

Right - and that particular approach wasn't really designed for a hostile environment.

I love agile development in the right setting - as a friend of mine describes it "Do it wrong quickly." But when security is in the mix, then doing it wrong can be a major issue. I don't think banks work with agile development.

morehawes

5:42 am on Oct 12, 2012 (gmt 0)

5+ Year Member



I want my old 3.6 back!


Agreed!

incrediBILL

6:27 am on Oct 12, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The old 3.6 leaked like a puppy.

No thanks.

They finally fixed the leak in FF 15 and I left it running for a week without rebooting it daily as the used RAM didn't balloon up to 2GB+ or more.

graeme_p

10:13 am on Oct 12, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



@GaryK, that is the fixed one: [mozilla.org ]

Browsers are a security problem. As I suggested in a recent discussion on the Linux forum, use OS level security (Apparmour on Linux, for example) to limit browsers access to the system. I also use multiple browsers to make it harder for important data to leak through XSS etc.

bhonda

3:08 pm on Oct 12, 2012 (gmt 0)

10+ Year Member



I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases.

For example, Windows 8. Previous version was Windows 7. Everyone knows that since that's a whole version number up, there are big changes afoot.

If Firefox decided to do something radical, something really impressive that we should take note of, how would that be named? Firefox 22? Or was that Firefox 23?

I think they're shooting themselves in the foot for a short term gain, but losing in the long run.

Back on topic though, I think I'll be waiting a little while too before I hit 16.0.1.

g1smd

8:25 pm on Oct 12, 2012 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



You missed it!

16.0.2 is out today.



Just kidding :)

incrediBILL

9:28 pm on Oct 12, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I know it's a little off-topic, but surely having rapidly increasing version numbers hampers their ability to market the actual big releases.


It's a non-profit organization, you think they have marketing money? BWAHAHA!

I think it's more of a situation of keeping a rapid development pace just to prove their worth the grant money being wasted on Firefox.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month