Security Holes Bite Firefox

Mitthrawnuruodo

Moderator emeritus
Mar 10, 2004
13,802
172
Bergen, Norway
A bug in installing search plug-ins can allow malicious code execution, but requires tricking the user to install a specially crafted search plug-in. Input validation errors in InstallTrigger and other XPInstall-related JavaScript objects could allow malicious code execution.
Looks like it's mainly a Windows problem...

...but, anyway, I already got the Mac version of Firefox 1.0.3... so I don't really care... ;)
 

mcarvin

macrumors regular
Oct 26, 2003
212
1
Southern NJ
1. Software isn't 100% perfect.
2. If you're going to get nitpicky about 8 vulnerabilities, please try to be fair and mention the hundreds of vulnerabilities in IE/Win. Bringing Outlook Express and Office into the mix is purely optional.
3. Thanks for mentioning that the Mozilla Organization has a far better track record of turning around security-related patches than MS.
4. Thanks again for mentioning what platforms are affected. Of course, we all know which one platform really is affected.

PC World, we have some lovely parting gifts for you backstage.
 

mad jew

Moderator emeritus
Apr 3, 2004
32,199
6
Adelaide, Australia
mcarvin said:
2. If you're going to get nitpicky about 8 vulnerabilities, please try to be fair and mention the hundreds of vulnerabilities in IE/Win. Bringing Outlook Express and Office into the mix is purely optional.

Fair enough on your other points but I really don't think it's necessary to bring up Microsoft's problems every time another piece of software has a fault. People should be able to criticise applications without having to automatically mention Microsoft.

Otherwise I agree with you though. Especially the "which platforms are affected" issue.
 

mcarvin

macrumors regular
Oct 26, 2003
212
1
Southern NJ
mad jew said:
Fair enough on your other points but I really don't think it's necessary to bring up Microsoft's problems every time another piece of software has a fault. People should be able to criticise applications without having to automatically mention Microsoft.

Otherwise I agree with you though. Especially the "which platforms are affected" issue.
Good enough, but I suppose that bit came from reading too many writers who tried to trash open source as insecure/lacking/etc while ignoring the elephant standing in the room next to them. I wouldn't go so far as to say "Firefox has X, IE has Y" all the time, but it's really fair to just mention that Firefox's list of vulnerabilities is significantly shorter than IE's.
 

mad jew

Moderator emeritus
Apr 3, 2004
32,199
6
Adelaide, Australia
mcarvin said:
Good enough, but I suppose that bit came from reading too many writers who tried to trash open source as insecure/lacking/etc while ignoring the elephant standing in the room next to them. I wouldn't go so far as to say "Firefox has X, IE has Y" all the time, but it's really fair to just mention that Firefox's list of vulnerabilities is significantly shorter than IE's.

Yeah, it really gets me down when I see stuff like that but for short news articles outlining some new problems with Firefox I don't think it's necessarily relevant/appropriate to mention Explorer, let alone Outlook. But then again, when you get articles that just highlight the problems with using open source or Mozilla programs without being critical of their equivalents - Microsoft or otherwise - then it really gets on my nerves. :mad: