Critical Flaw in Firefox

Discussion in 'Mac Apps and Mac App Store' started by hkala, May 9, 2005.

  1. James Philp macrumors 65816

    James Philp

    Joined:
    Mar 5, 2005
    Location:
    Oxford/London
    #2
    glad I'm using Safari again since 10.4, but then I was using camino in the dying days of 10.3.
    Oh well.
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #3
    I'm glad Mozilla is addressing these, but to be honest, they're not as bad as they sound. Unlike MSIE in Windows, one is not constantly asked to install extensions to Firefox in an unsolicited fashion by websites. So as long as you navigate yourself to trusted sites for installs, you should be fine. But, a flaw is a flaw, and glad to see team Mozzer tidying it up. :)
     
  3. sorryiwasdreami macrumors 6502a

    sorryiwasdreami

    Joined:
    Apr 24, 2004
    Location:
    way out in the sticks
  4. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #5
    At least, it doesn't run ActiveX, which is mostly a security hole and secondly, a way to embed content.

    I hope it's repaired soon. I'm glad I don't have to run Safari.
     
  5. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    I've been giving Safari a second try since Tiger, but there are a couple of things that annoy me about it still. I might hold onto Safari until FF 1.1, to give it a fair shot, and then decide when I upgrade.

    But I consider the lack of ActiveX support to be one of FF's greatest strengths on Windows! :D
     
  6. kerpow macrumors 6502

    Joined:
    Jan 16, 2004
    Location:
    London
    #7
    Surely these flaws are more dangerous to Windows users than us Mac folk. How would someone we able to have complete control of OS X by a vunerability in Fx? Its not like Fx as access to Root commands.

    Personally I'm not that impressed with Safari. Reading through that "Problems with Tiger" thread alot of people mentioned beachballs in Safari.

    I use Fx at work on PC and home on Mac.
     
  7. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    If you are an admin user, then FF has write access not only to your entire Home folder but also, I think, to your entire Applications folder. Try installing a new searchplugin and seeing where it goes. It would be pretty easy to use an FF extension as a wrapper for a trojan horse. It might also be easy, for instance (eep, I'm giving the script kids a task! :eek: ), to write a plugin that looked through your bookmarks for bookmarks to sites that store secure data -- bookmarks for major financial institutions, etc, and replace them with spoofs, although IDN spoof blocking certainly helps on that account.

    But the fact that mostly, our consumption of extensions is stable, and that they come from trusted sources, does seriously lessen the risk. The big difference is not Mac/Windows, but MSIE/FF. In MSIE, untrusted sites are constantly claiming to have certificates for you to install plugins to let them do this or that. In FF, extensions are something you pretty much only get by request, and so you control that flow, and that pretty much makes this a non-issue, even on Windows, doesn't it?
     

Share This Page