Page 1 of 2 12 LastLast
Results 1 to 16 of 18

Thread: Is the Firefox honeymoon over?

  1. #1
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Location
    Bristol
    Posts
    14,268
    Thanks
    286
    Thanked
    828 times in 468 posts
    • Steve's system
      • CPU:
      • Intel i3-350M 2.27GHz
      • Memory:
      • 8GiB Crucial DDR3
      • Storage:
      • 320GB HDD
      • Graphics card(s):
      • Intel HD3000
      • Operating System:
      • Ubuntu 11.10

    Is the Firefox honeymoon over?

    George Ou writes, in his ZDNet blog:
    Last week's premature disclosure of a zero-day Firefox exploit came a few weeks after a zero-day exploit for Internet Explorer appeared on the Internet. Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months.

    ...the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005. Since that time, new exploits are being released almost on a monthly basis.
    What George fails to investigate is whether the open-source nature of Firefox accelerates the vulnerability discovery process when compared to Internet Explorer. He also doesn't make any mention of the time between discovery and fix availability.

    That's not to say I'm defending Firefox here. It has grown in popularity so it is going to be a hacker target. A piece of software without bugs doesn't exist, however, so it's all about how you deal with them. Do Microsoft or the Mozilla Corporation deal with them better? That I cannot answer.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  2. #2
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,385
    Thanks
    407
    Thanked
    449 times in 331 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    Symantec seem to have the same idea:

    http://www.theregister.co.uk/2005/09...threat_report/


    Is it suprising that minority products like OSX and Firefox might be just as vunerable to security flaws? Not really. I quite agree with the idea that a product's popularity dictates how much of a target it is. Sure MS have introduced vunerabilities in their rush to get functionality into product, but most of this has now been tightened up now and i'd be surprised if they're really any worse off technologically than the competition now. The truth is that MS are just as focused on security (if not more so) than anyone else post SP2, and probably have more resources than anyone else to throw at it.

    We live in a _very_ strange world now - MS products appear to be pretty secure and darn stable. I'd never thought i'd see it
    System 001: Maximus VII Formula, 4790k i7, RTX 2080ti FE (incoming), 16GIG Corsair Vengence DDR3 RAM CL9, Corsair HX1000, ROG SWIFT PG278Q , SSDs, Antec 1200 case, All watercooled. [main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  3. #3
    Member
    Join Date
    Sep 2005
    Location
    Minehead, Somerset.
    Posts
    197
    Thanks
    0
    Thanked
    0 times in 0 posts
    I have to admit however, the speed at which a problem is addressed is far quicker than what I've seen form Microsoft. It may well be that FF tackles each problem as it occurs - MS however goes for groups of them.

  4. #4
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    34,344
    Thanks
    2,628
    Thanked
    2,703 times in 1,700 posts
    • Zak33's system
      • Storage:
      • Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • Nvidia 1060
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win10
      • Internet:
      • Zen FTC uber speedy
    Open Source scares some people, others like the idea of external solutions coming to market quickly.

    I'm open to both side. But Mozilla still carries the candle for me.

    Quote Originally Posted by Advice Trinity by Knoxville
    "The second you aren't paying attention to the tool you're using, it will take your fingers from you. It does not know sympathy." |
    "If you don't gaffer it, it will gaffer you" | "Belt and braces"

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    10,350
    Thanks
    600
    Thanked
    294 times in 204 posts
    I prefer the feel of Firefox over IE, I still use IE for windows update and for a few badly coded pages..

    IMHO IE will bounce back tho, MS wont just sit on there hands and let people shift browsers, they'll come back with the features that FF has and a few other bits and bobs and people in time will shift back so even if FF dies it'll still be a good thing as it'll improve what comes from MS after it...

  6. #6
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    FF forever!

    TBH we knew this would happen, as the platform became more popular, and the fact that the code is open source makes it a lot easier to discover bugs and vulns, and of course, it makes things a lot quicker to patch..

    Maybe once MS start to obey open standards, rather than trying to push their own on everyone I might look at IE again, but I'm not holding my breath..
    (\__/)
    (='.'=)
    (")_(")

  7. #7
    Registered User
    Join Date
    Sep 2005
    Posts
    3
    Thanks
    0
    Thanked
    0 times in 0 posts
    All the more interesting now that Opera has removed the license fee and adverts from its browser, I might be wrong (I'm sure someone will let me know if I am) but Opera is a stable and relatively secure product when compared with IE and Firefox.

  8. #8
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,385
    Thanks
    407
    Thanked
    449 times in 331 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    Quote Originally Posted by quarkslot
    All the more interesting now that Opera has removed the license fee and adverts from its browser, I might be wrong (I'm sure someone will let me know if I am) but Opera is a stable and relatively secure product when compared with IE and Firefox.
    The point is that anythings secure, so long as people aren't hacking it. What's the metric for security anyway? Lack of popularity = more secure?

    I'm an Opera fan, but not just for security via obscurity.
    System 001: Maximus VII Formula, 4790k i7, RTX 2080ti FE (incoming), 16GIG Corsair Vengence DDR3 RAM CL9, Corsair HX1000, ROG SWIFT PG278Q , SSDs, Antec 1200 case, All watercooled. [main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  9. #9
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,401 times in 2,691 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    Opera has its share of vulnerabilities - there have been several upgrades and incremntal releases in the last year to fix serious flaws. As with all software, it has to be kept up to date. The advantage of open software is that the source code is available to large numbers of people interested in finding flaws and fixing them. The disadvantage of open software is that the source code is available to large numbers of people interested in finding flaws and exploiting them... Ok, a bit simplistic, but an element of truth...

  10. #10
    Vive le pants! directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5280k
      • Memory:
      • 32GiB ADATA DDR4
      • Storage:
      • Corsair Neutron XT 960GB
      • Graphics card(s):
      • MSI GTX 980 Gaming 4G Twin Frozr 5
      • PSU:
      • Corsair AX860i
      • Case:
      • NZXT H440
      • Operating System:
      • Ubuntu 17.10, Windows 10
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • FIOS
    RE the symantec study:

    1) it counted only acknowledged bugs by the vendor - deny there's a bug, or call it a "feature", and it wasn't included

    2) It counted only msie bugs, not windows bugs related to msie - so if there was a horrible windows insecurity than could be exploited via IE, that wasn't counted

  11. #11
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,385
    Thanks
    407
    Thanked
    449 times in 331 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    Still it's not a horrifically complicated paradigm - more people using product = more exposure of product = more attractive target for people exploiting it.

    What's the fuss?

    FF is far from perfect - it's always had plenty of bugs.
    System 001: Maximus VII Formula, 4790k i7, RTX 2080ti FE (incoming), 16GIG Corsair Vengence DDR3 RAM CL9, Corsair HX1000, ROG SWIFT PG278Q , SSDs, Antec 1200 case, All watercooled. [main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  12. #12
    hi unreal's Avatar
    Join Date
    Jan 2005
    Location
    East London & Birmingham City Uni
    Posts
    3,657
    Thanks
    14
    Thanked
    37 times in 30 posts
    • unreal's system
      • Motherboard:
      • Intel iMac 20" & Macbook
      • CPU:
      • Intel Core 2 Duo T7200 2.0Ghz
      • Memory:
      • 4gb DDR667
      • Storage:
      • 1TB 7200 Int + 1.5Tb Ext
      • Graphics card(s):
      • ATi Radeon 2400XT
      • PSU:
      • 95W or something?
      • Case:
      • Intel iMac 20" Aluminium
      • Operating System:
      • OSX Snow Leopard (Win 7 x64 on Macbook Bootcamp)
      • Monitor(s):
      • 20" @ 1680x1050 & 27" 1080p HDTV
      • Internet:
      • O2 10mb
    To be honest I hardly notice any difference between IE, Opera and Firefox in terms of operation. The one thing I have found useful is tabbed browsing, but now its the norm in every browser. They are almost the same to me, so I just use firefox rather than IE6. But now it takes ages to start, and hogs much memory as stated, which is getting up my boobs tbh.

  13. #13
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,385
    Thanks
    407
    Thanked
    449 times in 331 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    You have boobs? Lay off the estrogen!
    System 001: Maximus VII Formula, 4790k i7, RTX 2080ti FE (incoming), 16GIG Corsair Vengence DDR3 RAM CL9, Corsair HX1000, ROG SWIFT PG278Q , SSDs, Antec 1200 case, All watercooled. [main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  14. #14
    Vive le pants! directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5280k
      • Memory:
      • 32GiB ADATA DDR4
      • Storage:
      • Corsair Neutron XT 960GB
      • Graphics card(s):
      • MSI GTX 980 Gaming 4G Twin Frozr 5
      • PSU:
      • Corsair AX860i
      • Case:
      • NZXT H440
      • Operating System:
      • Ubuntu 17.10, Windows 10
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • FIOS
    Quote Originally Posted by unreal
    hogs much memory as stated, which is getting up my boobs tbh.
    it's a memory leak in Flash.

    workaround:
    about:config in the address bar
    right click, new integer key, call it "browser.cache.memory.capacity", make it 60,000 (max amount of ram to use in KB)
    restart firefox

  15. #15
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,147
    Thanks
    798
    Thanked
    2,151 times in 1,407 posts
    The big objection i have to how security is handled with firefox. Proof of concept stuff, THERE IS NO GOD DAMN NEED FOR IT. None at all.

    MS do a very good job of keeping the researcher who found the flaw happy enough that they don't need to post about it in depth. This is good. I'm a cracker, i'm going to be giving a few lectuers on the matter (if its not deemed inapropreate). I don't need a howto guide for making my own attack. Its arogance, and stupidity, i've never felt why so many feal the need to get praise from the script kiddies, there not peers, there below that level.

    For this reason, i much prefer to run IIS6 instead of apache 2, and IE7 instead of FF.
    throw new ArgumentException (String, String, Exception)

  16. #16
    Prize winning member. rajagra's Avatar
    Join Date
    Oct 2004
    Posts
    1,023
    Thanks
    0
    Thanked
    0 times in 0 posts
    I think I speak for everyone, when I say... What???

    EDIT> OK, think I understand (& agree) now, thanks Paul
    Last edited by rajagra; 23-09-2005 at 03:37 AM.
    DFI LanParty UT NF4 SLI-D; AMD64 3500+ Winchester ;
    2x XFX 6600GT ; Corsair XMS3200XLPRO TWINX 1GB;
    Dell 2405FPW TFT.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Pop-up / Ad blockers...
    By Nick in forum General Discussion
    Replies: 18
    Last Post: 14-09-2005, 12:10 PM
  2. Top Download for today - FireFox users
    By DR in forum General Discussion
    Replies: 30
    Last Post: 19-05-2005, 08:41 PM
  3. Firefox suffers first 'extremely critical' security hole
    By XA04 in forum General Discussion
    Replies: 18
    Last Post: 12-05-2005, 12:13 PM
  4. Firefox extensions? And a few questions...
    By SilentDeath in forum Software
    Replies: 8
    Last Post: 08-03-2005, 10:01 AM
  5. Firebird dies, Firefox rises from the ashes
    By Iain in forum General Discussion
    Replies: 21
    Last Post: 10-02-2004, 08:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •