Mozilla Riddled with Security Holes

[Clocker]

I guess no browser is perfect...not even Mozilla.

The Register Article - Mozilla riddled with security holes
http://www.theregister.co.uk/content/55/27934.html


SlashDot Article - Mozilla: The Good And The Bad
http://slashdot.org/article.pl?sid=02/11/06/189211&mode=thread&tid=154


Mozilla Vulnerability Risk List (Not Complete)
http://www.mozilla.org/projects/security/known-vulnerabilities.html

 

[CougTek]

Last, it's been discovered that a problem in Mozilla's implementation of the JavaScript "onUnload" event handler has the potential to leak sensitive information to Web sites about users' surfing patterns. On the face of it this the least serious of the six, and the only one which also affects Mozilla version 1.0.1 and 1.1.

And it's fixed in version 1.2. IE 6 SP1 with all the latest patches still has two holes, one of which allow to gain full access for a malicious hacker.

Moz wins

;-) Kidding. I don't like holes in any piece of software. But IE's security, more than any other browser, is a real running gag. There are possible exploits on Opera and Moz, but they aren't nearly as common.

 

[Clocker]

;-)

Just like Linux.....as more people use it I'm sure more and more holes will emerge. It's still just human programmer's we're going to have to depend on and they all make mistakes whether they work for M$ or some other organization.

Granted, I don't know much about Moz. or Linux but sometimes I wonder if the 'distributed' nature of programs like that make them harder to manage organizationally. I wonder if many issues/problems that happen are the result of that?

Just thinking out loud. I like IE and don't plan on switching. I like Linux too but it just doesn't work for me yet so I have to let it sit...

C

 

[i]

According to the discussion on Slashdot, there were a total of 6 security-related bugs.

5 out of the 6 were fixed months ago by release 1.0.1.

The remaining one is already fixed in the beta release of 1.2.0.

Move along. Nothing to see here. :wink:

 

[i]

(And yes, I am humming "Old MacDonald" while sticking my fingers in my ears. :wink: )

 

[Buck]

That sounds typical for i, me wouldn't act that way.

 

[blakerwry]

The sensationalist title of this post would make you think that there is something majorly wrong with moz... when infact it is probably much more secure than IE... I don't know about opera...

But then... why don't I just telnet to port 80 for ULTIMATE security....

 

[e_dawg]

IE has at last count ~95% of the browser market. Its much higher popularity, market leadership, and the high profile (and hatred) for the company who makes it all contribute to this. If Mozilla had 95% of the browser market, was made by a much hated company like MSFT, and had half the computing world looking for security flaws in its products as if it were a sport, I'd like to see how well it would fare.

When you only have 0.8% of the browser market (Mozilla), people barely know it exists. Security consultants and hackers certainly aren't going to waste their time finding security holes in a browser that nobody uses.

 

[blakerwry]

i agree.

That is why I run IIS 3.0 on my NT server.

All the bugs that are going to be found probably have been found... it's not very hard to secure... and once I set it up correctly I won't have to worry about updating my server on a day-to-day basis.