Re: Mozilla Firefox

From: Jan Il (abuse_at_localhost.com)
Date: 03/01/05 

Date: Tue, 1 Mar 2005 13:46:32 -0500

Hi peeto :-)

>I never really liked Firefox or even the idea of it till version 1.0 came
> out. I tried it and quickly realised it is the best browser around. While
> it
> isn't as feature rich as Mozilla, it's much faster. With the
> "document.all"
> support and support for real standards, it does IE better that IE and
> Mozilla
> bettter than Mozilla. Like I said, I don't like Firefox, I just use it
> most
> of the time because it is better, regardless of mine or anyone else's
> opinion.
>
> Just one of thing I absolutely must ask: There are people everywhere
> claiming that IE is only getting as hacked as much as it is because it is
> the
> most popular browser, and if say, Firefox was as popular it would get
> hacked
> just as much. Interesting. IE is the only browser I am aware of that
> really
> supports ActiveX and is also the only browser that truely allows dynamic
> application installation and execution. So my question is this: How on
> earth
> would a browser other than IE get "hacked just as much" if it was "just as
> popular"? Please take my question seriously and give me a serious answer,
> exactly how would Mozilla, Firefox, Opera, whatever, be hacked? What
> features
> would be comprimised and what would be the consequences? Long before IE
> was
> getting hacked the way it is (tens of millions of known occurances), it
> was
> obvious to some that ActiveX support on the web was asking for this sort
> of
> trouble. I can't see any logical explanation as to how other browsers
> could
> be hacked as much, please enlighten me.

Here is some factual data that might help answer your questions:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Known Vulnerabilities in Mozilla -
http://www.mozilla.org/projects/security/known-vulnerabilities.html

Known Vulnerabilities in Mozilla - FireFox - Thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.pcworld.com/news/article/0,aid,119187,00.asp
http://pcworld.about.com/news/Jan062005id119187.htm

For an unbiased view of vulnerabilities and how they've been handled by
the vendors, have a look here :

IE http://secunia.com/product/11/
Mozilla Firefox http://secunia.com/product/4227/

also....

Courtesy of PA Bear

<paste>
 Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet
 Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2,
 Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x,
 Mozilla *Firefox* 0.x,
 Mozilla *Firefox* 1.x

 The problem is that a website can inject content into another site's
 window if the target name of the window is known. This can e.g. be
 exploited by a malicious website to spoof the content of a pop-up window
 opened on a trusted website.

 Secunia has constructed a test, which can be used to check if your
 browser is affected by this issue:
 http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

 Notes:
 - The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
 *Firefox* 1.0. Other versions may also be affected.
 - The vulnerability has been confirmed on a fully patched system with
 Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.
 - The vulnerability has been confirmed in Safari version 1.2.4. Other
 versions may also be affected.
 - The vulnerability has been confirmed in Opera version 7.54. Other
 versions may also be affected.
 - The vulnerability has been confirmed in Konqueror version 3.2.2-6.
 Other versions may also be affected.
 - The vulnerability has been confirmed in Netscape 7.2. Other versions
 may also be affected.

 Solution: Do not browse untrusted sites while browsing trusted sites.

 Netscape: http://secunia.com/advisories/13402/
 Opera: http://secunia.com/advisories/13253/
 Mozilla/Firefox: http://secunia.com/advisories/13129/
 IE: http://secunia.com/advisories/13251/
 Konqueror: http://secunia.com/advisories/13254/
 Safari: http://secunia.com/advisories/13252/
/paste>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please keep in mind that these are not *my* facts, these are from the
experts. You can also look up the facts for yourself by doing a Google on
the various browsers and their vulnerabilities.

The group of people who are hacking and creating the garbage out there are
now going after the other browsers, and as you can see, they know how to
take advantage of their weaknesses as well. They are making *very* big
money, and for them the programming is child's play. For any user to think
that any one browser is totally invulnerable is a huge mistake. You should
never let your guard down.

The fact is, *any* browser or source that connects to the internet is
vulnerable. Period. The other browser companies are now finding that out.

Hope this helps

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

>
> "Brian" wrote:
>
>> I recently started using Mozilla Firefox as my default browser. It
>> appears
>> to be much more stable and faster than IE. Any other users?
>>
>>
>>

Relevant Pages