Firefox Security Flaw "Impossible To Patch"
 

Hackers detail Firefox flaw, calling the browser a "complete mess"
Hacker conferences are so much fun. Case in point: San Diego's ToorCon conference on Saturday, when engineers Mischa Spiegelmock and Andrew Wbeelsoi (what names!) took the stage and called the increasingly popular Firefox Web browser a "complete mess." The duo detailed to the world a security flaw in Firefox, which afflicts the browser's handling of Javascript. As if that weren't painful enough, Spiegelmock and Wbeelsoi also said the glitch was probably "impossible to patch."

"Internet Explorer, everybody knows, is not very secure," said Spiegelmock. "But Firefox is also fairly insecure."

Naturally, Firefox officials were none too happy, reports CNET. The hard-working people from the Mozilla Foundation, which manages Firefox, had hoped for a bit more discretion. Publicizing a Firefox insecurity hurts the browser's image as the safe, spam-free alternative to Microsoft's Internet Explorer. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," groused Window Snyder, head of security for Mozilla.

Digg readers are having none of the Firefox bashing. When one posted: "It makes you wonder why people always say FF is the best browser," one reader was quick to fire back: "Maybe because each Firefox flaw is worthy of a news post, while Internet Explorer has so many that no one bothers to write about them anymore."

http://money.cnn.com/blogs/browser/i...79456257268446

You'll find this due to the Netscape licensing for the Javascript engine. It's a hodgepodge of shit, and they were not allowed to make changes to it. AFAIK, they've been working on a complete code replacement.. at least, that's what the site has said for the past year or so..

whats the cliff notes?

lol open source lol

Eh, Toorcon kicks ass (ya know I love ya G ;) but they're Mac-biased.

Not that there's anything wrong with that, of course :)

glad i use IE!

remember, open EVERY email :thumbsup

dont use i.e. for email , dont use firefox for browsing ... problem solved.. :1orglaugh

Impossible to patch doesn't mean impossible to fix. Quite easilly fixed/plugged in fact.
Two options off the top of my head:

1. Turn off javascript
2. Install the NoScript plugin and let only trusted sites execute js on your machine.

thats gonna make for some awfully boring browsing :)

Using the NoScript plugin here and haven't had a single problem, nor does it annoy me that it blocks shit. My work is much easier now, thanks to it.

So FF's head of security's name is "Window"? :1orglaugh :1orglaugh :1orglaugh

Safari rocks.

I remember back when Firefox (aka Pheonix) was released and had intended to be a "lightweight" bloat-free version of Mozilla. Supposed to be light and snappy, small and functional.

Even though it is incredibly useful (but only after adding the appropriate extensions), FF has long surpassed the bloated sluggishness of the original Mozilla. Seems like its strayed far from its original goals.

Turns out this whole thing was a hoax anyways.

http://digg.com/security/Claimed_Sec...ox_Just_A_Joke

At the end of the day, most viruses and security holes take advantage of IE because most of the surfers HAVE and USE IE. By using Firefox (or Opera) you are putting yourself in a much smaller group, a group much less likely to get targetted to start with.

That the so-called security hole is bullshit just makes me smile :)

Alex