FrameShifter

Hackers detail Firefox flaw, calling the browser a "complete mess"
Hacker conferences are so much fun. Case in point: San Diego's ToorCon conference on Saturday, when engineers Mischa Spiegelmock and Andrew Wbeelsoi (what names!) took the stage and called the increasingly popular Firefox Web browser a "complete mess." The duo detailed to the world a security flaw in Firefox, which afflicts the browser's handling of Javascript. As if that weren't painful enough, Spiegelmock and Wbeelsoi also said the glitch was probably "impossible to patch."

"Internet Explorer, everybody knows, is not very secure," said Spiegelmock. "But Firefox is also fairly insecure."

Naturally, Firefox officials were none too happy, reports CNET. The hard-working people from the Mozilla Foundation, which manages Firefox, had hoped for a bit more discretion. Publicizing a Firefox insecurity hurts the browser's image as the safe, spam-free alternative to Microsoft's Internet Explorer. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," groused Window Snyder, head of security for Mozilla.

Digg readers are having none of the Firefox bashing. When one posted: "It makes you wonder why people always say FF is the best browser," one reader was quick to fire back: "Maybe because each Firefox flaw is worthy of a news post, while Internet Explorer has so many that no one bothers to write about them anymore."

http://money.cnn.com/blogs/browser/i...79456257268446

__________________

GrouchyAdmin

You'll find this due to the Netscape licensing for the Javascript engine. It's a hodgepodge of shit, and they were not allowed to make changes to it. AFAIK, they've been working on a complete code replacement.. at least, that's what the site has said for the past year or so..

__________________

madawgz

whats the cliff notes?

__________________
TAEMDLRMSKRJIXMRLSMRJ.

GrouchyAdmin

lol open source lol

__________________

marzzo

Eh, Toorcon kicks ass (ya know I love ya G ;) but they're Mac-biased.

Not that there's anything wrong with that, of course

__________________
4 5 zero - 2 2 - nine nine nine

squishypimp

glad i use IE!

__________________

L-Pink

remember, open EVERY email

SmokeyTheBear

dont use i.e. for email , dont use firefox for browsing ... problem solved..

__________________
hatisblack at yahoo.com

Superterrorizer

Impossible to patch doesn't mean impossible to fix. Quite easilly fixed/plugged in fact.
Two options off the top of my head:

1. Turn off javascript
2. Install the NoScript plugin and let only trusted sites execute js on your machine.

SmokeyTheBear

thats gonna make for some awfully boring browsing

__________________
hatisblack at yahoo.com

DamageX

Using the NoScript plugin here and haven't had a single problem, nor does it annoy me that it blocks shit. My work is much easier now, thanks to it.

__________________

Ebola

So FF's head of security's name is "Window"?

Tuga

Safari rocks.

__________________

drjones

I remember back when Firefox (aka Pheonix) was released and had intended to be a "lightweight" bloat-free version of Mozilla. Supposed to be light and snappy, small and functional.

Even though it is incredibly useful (but only after adding the appropriate extensions), FF has long surpassed the bloated sluggishness of the original Mozilla. Seems like its strayed far from its original goals.

__________________
ICQ: 284903372

drjones

Turns out this whole thing was a hoax anyways.

http://digg.com/security/Claimed_Sec...ox_Just_A_Joke

__________________
ICQ: 284903372

RawAlex

At the end of the day, most viruses and security holes take advantage of IE because most of the surfers HAVE and USE IE. By using Firefox (or Opera) you are putting yourself in a much smaller group, a group much less likely to get targetted to start with.

That the so-called security hole is bullshit just makes me smile

Alex