http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: 3rd Party Software
Link: Security Holes Bite Firefox (http://www.macbytes.com/link.php?sid=20050419095852)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

So do these sorts of problems affect all versions of Firefox - including Mac and Linux?

A bug in installing search plug-ins can allow malicious code execution, but requires tricking the user to install a specially crafted search plug-in. Input validation errors in InstallTrigger and other XPInstall-related JavaScript objects could allow malicious code execution. Looks like it's mainly a Windows problem...

...but, anyway, I already got the Mac version of Firefox 1.0.3... so I don't really care... ;)

Since the new version fixes the problem, update. If you've updated, what's the point? ;)

1. Software isn't 100% perfect.
2. If you're going to get nitpicky about 8 vulnerabilities, please try to be fair and mention the hundreds of vulnerabilities in IE/Win. Bringing Outlook Express and Office into the mix is purely optional.
3. Thanks for mentioning that the Mozilla Organization has a far better track record of turning around security-related patches than MS.
4. Thanks again for mentioning what platforms are affected. Of course, we all know which one platform really is affected.

PC World, we have some lovely parting gifts for you backstage.

2. If you're going to get nitpicky about 8 vulnerabilities, please try to be fair and mention the hundreds of vulnerabilities in IE/Win. Bringing Outlook Express and Office into the mix is purely optional.


Fair enough on your other points but I really don't think it's necessary to bring up Microsoft's problems every time another piece of software has a fault. People should be able to criticise applications without having to automatically mention Microsoft.

Otherwise I agree with you though. Especially the "which platforms are affected" issue.

Fair enough on your other points but I really don't think it's necessary to bring up Microsoft's problems every time another piece of software has a fault. People should be able to criticise applications without having to automatically mention Microsoft.

Otherwise I agree with you though. Especially the "which platforms are affected" issue.

Good enough, but I suppose that bit came from reading too many writers who tried to trash open source as insecure/lacking/etc while ignoring the elephant standing in the room next to them. I wouldn't go so far as to say "Firefox has X, IE has Y" all the time, but it's really fair to just mention that Firefox's list of vulnerabilities is significantly shorter than IE's.

Good enough, but I suppose that bit came from reading too many writers who tried to trash open source as insecure/lacking/etc while ignoring the elephant standing in the room next to them. I wouldn't go so far as to say "Firefox has X, IE has Y" all the time, but it's really fair to just mention that Firefox's list of vulnerabilities is significantly shorter than IE's.


Yeah, it really gets me down when I see stuff like that but for short news articles outlining some new problems with Firefox I don't think it's necessarily relevant/appropriate to mention Explorer, let alone Outlook. But then again, when you get articles that just highlight the problems with using open source or Mozilla programs without being critical of their equivalents - Microsoft or otherwise - then it really gets on my nerves. :mad: