Critical Firefox Vulnerability Warning

[FatalException]

Looks like Firefox 1.0.3 has a pretty big hole in it. And here, I've been telling people for years that as soon as something becomes widely adopted, exploits will begin to appear to take advantage of security holes in it, no matter who made it.

I'll stick to my Opera - developed by people who ONLY work on browser software full-time (not as part of an OS, like Microsoft, and not as a bunch of people working on it in their spare time as side projects, like most Mozilla programmers). Oh - and so few people use it that hackers don't really seem interested in breaking it.

More info on the deadly Firefox vulnerability: http://it.slashdot.org/it/05/05/08/1...id=154&tid=172

In short - it allows a website to create and execute a batch or .exe executable file on your computer without your knowledge. Fun times.

[Ty44ler]

I wouldnt consider it that big of a hole. All you have to do is Web Features->Turn off "Allow websites to install software". Presto! Firefox rules again!


BTW this was already turned off on my firefox before I even read about the "hole"

[FatalException]

I wouldnt consider it that big of a hole. All you have to do is Web Features->Turn off "Allow websites to install software". Presto! Firefox rules again!

Why would such a feature be turned on by default in the first place? Sounds like someone was asleep on the job. If I wanted software where I was required to screw around with settings and options to ensure that it's secure, I'd use IE...

[Ty44ler]

Actually its quite possible its turned off by default, I just wasnt sure if it was or not so I didnt mention it as default. I don't ever remember turning that option off. Can anyone else say whether this option is on or off by default?

[Martoch]

On by default

[Gomer]

It is on by default... but firefox has always told me before a new site tried to install software... and I have to choose to allow it.

[Ty44ler]

Ive been slightly pwned


Viva La Firefox!

[FatalException]

bump for those who haven't heard.

[Ty44ler]

Seems like you have a major grudge against firefox. What did it ever do to you?!

[sr71000]

be happy fatal...if it was opera that was so popular instead of firefox then all the hackers would be finding the holes in opera and getting you guys there's no such thing as a "secure" browser...just one that's a small enough user base that the hackers just don't care lolol It was inevitable and if opera or any other browser started to become popular like firefox is, the same thing would happen....humans programmed it, humans will hack it....fact of life!

[Blazer06]

I didn’t read the Slashdot post, but would like to point out that there are Two Vulnerabilities not one that affect FF.


-Blaze

[FatalException]

Seems like you have a major grudge against firefox. What did it ever do to you?!

You really want to know? Well, see, when Firefox was still in beta stages, the Firefox people setup a website to promote the browser: www.spreadfirefox.com. One of the ideas behind this site was to get people to contribute money to the Firefox foundation to be used for development and further advertisement of Firefox. I was stupid enough to get talked into contributing $10 to them. They stated that anyone who contributed $10 or more would get their name in the New York Times Firefox Launch announcement advertisement (a full two page advertisement in the NY Times). Sounded like a good idea to me - help a worthy cause and get my name in the paper as an advocate of free software. Win-win, right? Wrong.

The people running the spreadfirefox program promised to email all of us the day before (or at least the day of) the NY Times ad because they didn't know for sure what day it would appear in the paper since they were getting a deal on it from the Times. Instead of emailing us the day before or the day of the ad, though, they emailed us not ONE... but TWO days after the ad ran. Now, living here in Iowa, I don't get the Times delivered to my door daily... and checking with local bookstores and such, none had any copies of the Times from two days prior when I went out and looked. Oh, but the Firefox people were so apologetic about screwing everyone over by taking their money and then not even telling them to run out and get copies of the paper... they offered to SELL COPIES OF THE TIMES to people for $10 or $15 (depending on if you wanted the ad laminated or not) right from the Firefox people. Here, people who already gave money to them - $30 in most cases - I only gave $10 since I was a student and used the "student purchase" option which only cost $10 at the time to contribute - are getting SCREWED by these people who want to take EVEN MORE money from us for a stupid newspaper. $10 for a newspaper I could have purchased for $1.50 if they had sent the email the day the ad came out? SCREW THAT. And screw the bastards at Mozilla and Firefox. If this is how they treat their contributors, then they can go !(@#&$!)( themselves. Opera all the way. At least the people who program Opera GIVE YOU SOMETHING for your money.

And so this is Firefox's open-source mentality... and the entire reason I HATE FIREFOX. I REFUSE to install FF on any of my computers and tell everyone I know to use Opera instead. With any luck, someone more legitimate and honorable than the Mozilla team will begin developing a browser that kicks Firefox's bloated, memory-hogging ass right off the radar. Until then, though, I'll stick to my Opera.

[Blazer06]

Heh, with these new vulnerabilities, FF is being rated at a worse security rating than Internet Explorer.

Of course, though, Opera doesn't have any known security vulnerabilities... and at least when they are found they are fixed, unlike FF who have several outstanding holes that have yet to be patched.




-Blaze

[Blazer06]

You really want to know? Well, see, when Firefox was still in beta stages, the Firefox people setup a website to promote the browser: www.spreadfirefox.com. One of the ideas behind this site was to get people to contribute money to the Firefox foundation to be used for development and further advertisement of Firefox. I was stupid enough to get talked into contributing $10 to them. They stated that anyone who contributed $10 or more would get their name in the New York Times Firefox Launch announcement advertisement (a full two page advertisement in the NY Times). Sounded like a good idea to me - help a worthy cause and get my name in the paper as an advocate of free software. Win-win, right? Wrong.

The people running the spreadfirefox program promised to email all of us the day before (or at least the day of) the NY Times ad because they didn't know for sure what day it would appear in the paper since they were getting a deal on it from the Times. Instead of emailing us the day before or the day of the ad, though, they emailed us not ONE... but TWO days after the ad ran. Now, living here in Iowa, I don't get the Times delivered to my door daily... and checking with local bookstores and such, none had any copies of the Times from two days prior when I went out and looked. Oh, but the Firefox people were so apologetic about screwing everyone over by taking their money and then not even telling them to run out and get copies of the paper... they offered to SELL COPIES OF THE TIMES to people for $10 or $15 (depending on if you wanted the ad laminated or not) right from the Firefox people. Here, people who already gave money to them - $30 in most cases - I only gave $10 since I was a student and used the "student purchase" option which only cost $10 at the time to contribute - are getting SCREWED by these people who want to take EVEN MORE money from us for a stupid newspaper. $10 for a newspaper I could have purchased for $1.50 if they had sent the email the day the ad came out? SCREW THAT. And screw the bastards at Mozilla and Firefox. If this is how they treat their contributors, then they can go !(@#&$!)( themselves. Opera all the way. At least they people who program Opera GIVE YOU SOMETHING for your money.

And, before anybody accuses Fatal as being “cheap” it’s not the money that is the point of his post… it’s the lack of ethics.


-Blaze

[VHockey86]

[Shrug]
To each his own.

I've been using Firefox since it was called Phoenix and haven't ever had issues with. Even this current exploit you have to be pretty dumb to get hit by it anyways. Not that its a good excuse and minimizes the problem, but at the end of the day it doesn't make any difference to me

Besides... no way in heck you could ever convince me to spend 40 dollars for a darn web browser (opera), especially one that lacks alot of the functionality I enjoy with firefox extensions..

[muno]

I doubt any of the browsers are 'safe' with the default options.

Thus, it'd be nice if there was some lite browser which wouldn't allow any of the possible exploit methods to work and it'd be the most used browser.
Of course with the webpages today, you need to have java, flash, javascript and every other possible third-party product support ever imaginable to view the page it wouldn't work

I've used ie core browser at home for years, no virusscan, just about once a month adware scan and have never had a virus and only about two adware items at each scan.

I'm not the regular joe though, and as long as there isn't compulsory update on softwares, I doubt the regular joe even patches his system with the latest version.

[brandon184]

The people running the spreadfirefox program promised to email all of us the day before (or at least the day of) the NY Times ad because they didn't know for sure what day it would appear in the paper since they were getting a deal on it from the Times. Instead of emailing us the day before or the day of the ad, though, they emailed us not ONE... but TWO days after the ad ran. Now, living here in Iowa, I don't get the Times delivered to my door daily... and checking with local bookstores and such, none had any copies of the Times from two days prior when I went out and looked. Oh, but the Firefox people were so apologetic about screwing everyone over by taking their money and then not even telling them to run out and get copies of the paper... they offered to SELL COPIES OF THE TIMES to people for $10 or $15 (depending on if you wanted the ad laminated or not) right from the Firefox people. Here, people who already gave money to them - $30 in most cases - I only gave $10 since I was a student and used the "student purchase" option which only cost $10 at the time to contribute - are getting SCREWED by these people who want to take EVEN MORE money from us for a stupid newspaper. $10 for a newspaper I could have purchased for $1.50 if they had sent the email the day the ad came out? SCREW THAT. And screw the bastards at Mozilla and Firefox. If this is how they treat their contributors, then they can go !(@#&$!)( themselves. Opera all the way. At least the people who program Opera GIVE YOU SOMETHING for your money.

And so this is Firefox's open-source mentality... and the entire reason I HATE FIREFOX. I REFUSE to install FF on any of my computers and tell everyone I know to use Opera instead. With any luck, someone more legitimate and honorable than the Mozilla team will begin developing a browser that kicks Firefox's bloated, memory-hogging ass right off the radar. Until then, though, I'll stick to my Opera.

Oh. I thought that you were actually going to have a legitimate complaint there. Like they didn't put your name in the ad or something.

"Screw the bastards"?! .. Some volunteers sent some dumb e-mail two days later than they should have. Big deal.

If this is one of your biggest problems in life - and it looks from a reasonable perspective that it may very well be - I wish I was you. Sheesh!

Brandon

[Jeordiewhite]

Well I do have to agree with brandon entirely on this one. Opera does give you something for your money, an adless browser. Where as mozilla is a non-proffit organization.
Which you would assume they are pulling in money either way, they would have to work on it full time. While I think it is very petty for that to cause you to look down upon mozilla and come here to rant and rave about it and bash it. Guess it's just me and find ethics coming into play a bit absurd.
It could have had several reasons why your email may have been delayed so you could find the magazine to buy, I dont expect you to take them into account nor do I care. It just seems selfish to me for some reason.

I had been using firefox since the days of pheonix myself, first I used it in linux and one day from a linux user group they posted a new version of the program and I was happy to try firebird on windows. A few security holes certainly aren't going to stop me from using it. If I look back and look at the ethics and security holes in IE, then I find rather disturbing. I like there is atleast an option to turn off the vurnerability.
So you and blaze attack it all you like, but I still have yet to run into a problem that has annoyed me and like the feel of the browser compared to opera and IE. I have no grudge against either and do have opera installed. It's just personal favorites to me, not old vendettas.

[Ty44ler]

very well said Jeordiewhite!

[Twinkletoes]

On by default

On by default...but only for "allowed sites"...

Edit: Er...as Gomer pointed out...