Fire Fox Bugs Need clarification - HTML forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Fire Fox Bugs Need clarification

Version PR 1.0

Javaboy

8:17 pm on Sep 28, 2004 (gmt 0)

10+ Year Member

New to this forum but Please tell me why basic information which could be clearly related is not clearly related.
E.G Firefox PR 1.0
Does it have the Cashing bug I have heard about or not?
Does it have any hacker holes jpeg problems or any other vulnerabilities?

Is the program going to shoot for the mainstream because IE and Netscape 7.X and up still seems to support Java 1.02 Applet code for example and this code has been supported by browsers for years 1.02 did not even have signed applets and was probably one of the safer Java implementations out there. Compatibility is everything in proving you have a better browser. Why have the authors abandoned Java older versions anyway?

Also is there a real source of info about these issues?

I know about wwww.mozila.org but why are they so unclear.
If they have not finished the browser project yet then why not be clear about all of this.

They have to prove they are the best browser by compatibility,
Logging capabilities and votes of confidence in the user community.

That starts with
Test Version PR 1.0
Vulnerability reports
Updates/Patches
Improving compatibility.

Can anyone comment on why they have not done this on the Mozila page describing FIREFOX 1.0?

Saltminer

9:27 pm on Sep 28, 2004 (gmt 0)

10+ Year Member

Javaboy,

I think you're in the wrong forum. For all those questions about Firefox why don't you go to the mozilla.org Firefox forums? There you can read for days about all these questions you have.

Some builds did have problems with the cache. I think it's been fixed, personally I never had a problem with it. The official release is still at least a month away, they're still working on the bug list.

The .jpg exploit is a Microsoft problem. It only affects MS software, and only the more current versions. MS Office 2000 and earlier are OK, the current version needs to be patched.

IE uses Java VM, Firefox won't use it because of it's security problems. So they use Sun's Java 1.3.x, a different creature. That's why when you install Firefox you also have to install Java, rather than use the Java VM already on your system for IE.

Remember they don't have to "prove" anything. They are designing a stand-alone browser. Small, fast and secure. Those that like it will use it, those that don't will use something else. There's nothing to "prove" anymore than Ford has to "prove" anything to Chevrolet, or Gateway "proving" something to Dell.

Jimmy

claus

9:33 pm on Sep 28, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

If you're concerned about that jpg bug, here's a nice page from Microsoft about it:

[microsoft.com...]

As for Java, you can turn that off in FireFox. You can also turn JavaScript off if you like. With the web developer toolbar you can also turn off images, stylesheets, animations, cookies, etc.

nalin

9:43 pm on Sep 28, 2004 (gmt 0)

10+ Year Member

Does it have any hacker holes jpeg problems or any other vulnerabilities?

Yes and no, the jpeg buffer overflow exploit is specific to your Operating System, it is not related to your browser, your newsreader, your image viewer, or any other program. Technically, firefox has no bugs related to the buffer overflow of jpegs. But, it passes the infected files (as it should) to the Windows (or Mac or Linux, or Unix) kernel to handle the files. This in turn allows the exploit to occur on vulnerable machines, similarly with your newsreader, your image viewer, or any other program utilizing window libraries to render jpegs.

Javaboy

10:06 pm on Sep 28, 2004 (gmt 0)

10+ Year Member

I found the clarification I was looking for:
See:
[us-cert.gov...]
for all the info on Mozilla/Firefox browser.

The PR version 1.0 is supposed to take care of the vulnerabilities regarding caching etc...