Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Critical Flaw in Firefox
- Thread starter hkala
- Start date
- Sort by reaction score
glad I'm using Safari again since 10.4, but then I was using camino in the dying days of 10.3.
Oh well.
Oh well.
I'm glad Mozilla is addressing these, but to be honest, they're not as bad as they sound. Unlike MSIE in Windows, one is not constantly asked to install extensions to Firefox in an unsolicited fashion by websites. So as long as you navigate yourself to trusted sites for installs, you should be fine. But, a flaw is a flaw, and glad to see team Mozzer tidying it up. 
mkrishnan said:I'm glad Mozilla is addressing these, but to be honest, they're not as bad as they sound. Unlike MSIE in Windows, one is not constantly asked to install extensions to Firefox in an unsolicited fashion by websites. So as long as you navigate yourself to trusted sites for installs, you should be fine. But, a flaw is a flaw, and glad to see team Mozzer tidying it up.
At least, it doesn't run ActiveX, which is mostly a security hole and secondly, a way to embed content.
I hope it's repaired soon. I'm glad I don't have to run Safari.
bousozoku said:
I've been giving Safari a second try since Tiger, but there are a couple of things that annoy me about it still. I might hold onto Safari until FF 1.1, to give it a fair shot, and then decide when I upgrade.
But I consider the lack of ActiveX support to be one of FF's greatest strengths on Windows!
Surely these flaws are more dangerous to Windows users than us Mac folk. How would someone we able to have complete control of OS X by a vunerability in Fx? Its not like Fx as access to Root commands.
Personally I'm not that impressed with Safari. Reading through that "Problems with Tiger" thread alot of people mentioned beachballs in Safari.
I use Fx at work on PC and home on Mac.
Personally I'm not that impressed with Safari. Reading through that "Problems with Tiger" thread alot of people mentioned beachballs in Safari.
I use Fx at work on PC and home on Mac.
kerpow said:
If you are an admin user, then FF has write access not only to your entire Home folder but also, I think, to your entire Applications folder. Try installing a new searchplugin and seeing where it goes. It would be pretty easy to use an FF extension as a wrapper for a trojan horse. It might also be easy, for instance (eep, I'm giving the script kids a task!
), to write a plugin that looked through your bookmarks for bookmarks to sites that store secure data -- bookmarks for major financial institutions, etc, and replace them with spoofs, although IDN spoof blocking certainly helps on that account.But the fact that mostly, our consumption of extensions is stable, and that they come from trusted sources, does seriously lessen the risk. The big difference is not Mac/Windows, but MSIE/FF. In MSIE, untrusted sites are constantly claiming to have certificates for you to install plugins to let them do this or that. In FF, extensions are something you pretty much only get by request, and so you control that flow, and that pretty much makes this a non-issue, even on Windows, doesn't it?