Firefox browser on fire!

Reading the morning newspaper - Times of India (yeah i read that)! Browsing through the pages, just before the sports page is the article "Beware, hackers go phishing" (on page 22). Being a techie that is something i like to read and so started reading it!

The last paragraph was a shocker though! It read like 21 vulnerabilities were discovered in Firefox and 13 in MS IE during July - December 2004. Here was a fact that was totally against the Open source (or no responsibility) advocates! The argument put forward that being handled by different people (who have no stake in the product or liability) would make the software more robust. the most touted software release - Firefox by the open source professionals has just shown that the argument doesn't hold water. How many of 21 vulnerabilities were fixed is another question that the Open source cartel wouldn't want anyone to focus on :)

the final conclusion, you are safer browsing with MS IE 6.0 rather than any other browser!
-------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Comments

Abby | baxiabhishek@hotmail.com said…
just finished readin tht article n wz wonderin bout the same whn i stumbled onto ur post.

true, firefox hs hd its share of inconsistencies n is not a leader in competition with IE6.0 as claimed by many open source advocates.

besides, im lukin frwrd to beta release of IE7 in coming months as well.
Jeremy said…
The article actually read that 21 vulnerabilities were discovered in Mozilla browsers, which includes Firefox and the Mozilla suite.

So if you just split the difference between the two, that is only 10 or 11 vulnerabilities per browser. In most cases, those were repaired within a week or so.

Get the facts straight before you start trying to pitch your pitiful browser as more secure.

Besides, what do browser vulnerabilities have to do with phishing scams anyway?
abhishekkant said…
Hi Jeremy

Thanks for correcting me on the Mozilla suite of products. Probably this is why it is difficult to figure out the right tool for the job in Open source world of me too's.
Now coming to what has "browser vulnerability" to do with phishing scams, you should ask the journalist who decided to post this as a part of article on Phishing. Of what i can gather, for home users (the most easy target) browsers are the first line of defense on internet. Browsers world over have evolved from just being browsers to browsing suites. Look at the wikipedia desc of Firefox that says - "Among Firefox's popular features are the integrated pop-up blocker, tabbed browsing, live bookmarks, web standards support, and an extension mechanism for adding functionality. " Now integrated pop-up blocker is one of the safety mechanisms available.
Just to make it clearer, browser flaws do lead to phishing attempts as is evident from the statement - "Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.
http://news.zdnet.co.uk/software/applications/0,39020384,39193992,00.htm
and if you would like to know more about browser and its relation to phishing, check out: http://secunia.com/product/4227/
if you are an avid follower of developments in IE then you should definitely check out the IE team blog at: http://blogs.msdn.com/ie/
Coming back to security, the wikipedia further says - "So far in 2005, Secunia has reported 12 new vulnerabilities in Firefox (http://secunia.com/product/4227/) (3 unpatched), versus 6 for Internet Explorer (http://secunia.com/product/11/) (3 unpatched) and 0 for Opera (http://secunia.com/product/4932/).". ur logic is fine as is the fact that IE still has fewer bugs (12 versus 6)..
the one funny thing is the bugs policy of Mozilla foundation - "do not disclose the bug till it is fixed". isn't it against the philosophy of free knowledge? I wonder how keeping all the info hidden is in congruence with the philosophy that more the people know better will be the product.
Vulturo said…
Abhishek,

Came in through the Mela Link

With due respect, your statement "the final conclusion, you are safer browsing with MS IE 6.0 rather than any other browser!" is completely hideous. What have you been smoking?

The MoFo fixes bugs *much faster* than the IE team does. I love Microsoft, but cant help remarking that it *sat on* the browser development process for four years

After the release of initial 6.0 series there have been zillions of much severe vulnerabilities discovered, the sorts which just dont steal your clipboard contents - the sorts which make it possible for people to *take over* your machines. If your read any Microsoft "KB" security articles, you should know. All these issues have been patched rather slowly by Microsoft and new ones are found quite regularly. The IE engine is buggy by default

Conversely, several of the Firefox "vulnerabilities" which are being reported by Secunia and others (All The Internet Paranoia Barons) are of a much moderate severety, but they are getting all the hype. You could also attribute that to the sudden rise of public interest in firefox. The vulnerabilities were always there - its just that people "explicitly looked for them" because firefox was popular enough now.

"Look, the other *secure* browser also has vulnerabilities". You get what I mean

If you have actually delved into this, some of the Firefox "vulnerability" POCs demonstrated by Secunia and others are *so ridiculous* - the user clearly has to have undergone a lobotomy to fall prey to them.

Plus the POCs are well just POCs - there are a very few instances of "actual application". A very few 'phishers' are specifically exploiting the firefox 'vulnerability'. But this does not mean that the MoFo doesn't fix them. Firefox 1.0.4 includes fixes for *all known "vulnerabilities"* and I'm sure if something else is found you will see Firefox 1.0.5 springing up very quick

Everyone wants to go after a confirmed target "the dumb IE users"

The case is quite different with IE. Maybe it overly suffers sometimes because of its popularity, and you will find more zealous anti-IE hackers, than you'll find anti-Firefox hackers.

IE6 has only 'one' Firefox "feature" - popup blocking (that too restricted to SP2 users, all other windows versions have been disowned)

IE7 is a different story, the beta has to be 'first seen' before commenting on anything.

Please, please please think before you give opinions on such 'volatile' issues.

Popular posts from this blog

My family genealogy : Kurmi

Solving the multi-platform challenge in mobile devices

How to report software piracy in India