back to article Mozilla quashes Firefox JavaScript peril

Firefox users need to update their browser software following the release of updates designed to fix multiple security vulnerabilities. Security bugs in the JavaScript engine used by the popular open source browser might be exploited to corrupt system memory, a type of attack that could allow hackers to inject hostile code onto …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Just when we thought were were free of browser bugs...

    While Firefox is a good browser and, IMHO, far above MSIE, I am dismayed at the bugs they have been fixing. This is entirely reminiscent of Micro$oft problems. Can't anyone make a browser that does not allow people to inject malicious code or take over your system?

  2. Andy Silver badge

    Can't anyone make a browser that does not allow ...

    Sure. It's called Opera.

  3. Anonymous Coward
    Anonymous Coward

    Re: Just when we thought were were free of browser bugs...

    The answer to your question "Can't anyone make a browser that does not allow people to inject malicious code or take over your system?" is probably "no".

    What sets firefox aside from you know what is the speed with which the vulnerabilities are plugged after they're found (and almost always *before* they're exploited) and the transparency around the whole process.

  4. J

    Let's not forget...

    ...also how easy is the upgrade process, at least with version 2+. A little window shows up, you click the "download and install", and a couple seconds and a browser restart later and you're done. I don't know how other browsers work, so this might be no news, but this is the best I've seen in the ~13 years I've been using web browsers.

    I hope they keep improving (and pressuring others to improve).

    J

  5. Keith Doyle

    Best fix for this sort of thing-- dispense with unnecessary featurism

    The only new features I want at this point in a browser are stability and security. Except for those, leave the darn thing alone. I'm still using Firefox 1.5 and don't plan to upgrade. It isn't a commercial product, and consequently shouldn't need to keep accumulating features people don't need in order to remain solvent. That is a big reason why Microsoft software is so buggy, they have this incessant need for you to "upgrade," and with every new feature enters new bugs in a vicious cycle. Give the developers something else to do with their "idle hands" rather than this. Nothing will ever be perfect, but there becomes a point when a work is optimal, where attempts to further improve it actually make it worse-- the challenge is in recognizing when it's at that point before it gets "enhanced" into junk like Netscape and a few others I can think of did...

  6. Anonymous Coward
    Anonymous Coward

    Bugs exists in every piece of software - the question is how fast they are fixed

    My confidence on Firefox and Mozilla foundation is based on the speed to fix security issues. On a regular basis, Microsoft takes two to three months to fix a security hole while Mozilla fixes it on two or three days.

    Another point: a Mozilla patch is almost transparent and it usually downloads several Kbytes. On each MS update patch, it usually takes Mbytes and we can never forget the bureacracy to verify if WIndows is official, if hardware is compatible, if ActiveX is installed, etc, etc, etc

  7. Joe K

    Still beats IE

    However, it does not beat the lovely, well programmed, and increasingly wonderful Opera.

    Mouse-gestures, Widgets and speed-dial have enchanced my life 10978%!

  8. Dillon Pyron

    Patch Tuesday

    "What sets firefox aside from you know what is the speed with which the vulnerabilities are plugged after they're found (and almost always *before* they're exploited) and the transparency around the whole process."

    And it's not even patch Tuesday.

  9. Mike

    Re: Can't anyone make a browser...

    Sure, but then you could not use it to do your banking, check your prescriptions, put in a vacation request at work, or a myriad of other tasks for which, now, bleeding-edge Web 2.0 is now the _only_ way that some organizations allow communication at all.

  10. Ole Juul

    Choose remote execution ... or text only.

    The problem is that, by definition, we're inviting remote execution of code. When you click on a page you want that page to initiate programs on your computer such an image viewer, a sound file player, you name it. That's what we call a browser nowadays. You can decide not to do those things automatically, but you end up with a text browser where you have to do it all manualy.

    To avoid malitious code, try something like LINKS. If you're just looking for information, it's *really* fast, and lots of fun.

  11. James Penketh

    I normally use firefox...

    And just upgraded to 2.0.0.4

    but it won't worry me much. There is very little a virus can do on a *true* multi-user system that protects all the system from numpty users (e.g. me.)

    And if it all starts getting too much, I'll just switch to lynx.

  12. Anonymous Coward
    Anonymous Coward

    Firefox vs. IE

    Frankly, IE7 has made great strides, and despite the difficulty in admitting that IE7 "aint all that bad" it has to be said.

    I've come across equally as many CSS display bugs and Javascript interpreter bugs with Firefox as I have with IE since the 2.0 and 7 release of each browser respectively, both browsers seem to have had their fair share of vulnerabilities recently also.

    Firefox has the rebellious open source route hype going for it, the general public think you're cool and know about computers if you use Firefox and so it's widely used instead of IE, whilst at the same time not really offering much over IE.

    I'm not anti-open source in any way, I really do despise Windows and am a big fan and heavy user of many open source products like Apache and MySQL. I've also done my fair share of contributions to various GPL projects on sourceforge but I truly do believe Firefox is one of the problems with the open source attitude, it's popularity is largely hype based but the technical truth is that it doesn't live up to the "more secure", "more standards compliant" hype that is often used to advocate it over IE.

    Ironically, Opera, a browser which I admittedly don't use myself (sheer convenience, I'm simply too lazy to download, install and get used to using it full time) is the browser I've seen offer the greatest standards compliancy, it's not faltered on any of the CSS layout bugs I've seen Firefox and IE cough up in relation to the W3C specs. I don't know Opera well enough to comment on it's features, security and so forth - I've only used it in the past to ensure my site layouts are correct in all browsers and needless to say keeping Opera happy was far less painful than trying to make IE7 and FireFox 2 happy when writing standards compliant and good-practice layout techniques that frankly all browsers should be able to display without trouble.

  13. Ernest

    FF IE7 blah blah

    The whole FF2 vs IE7 comes close to a draw in reality. HOWEVER FF has a huge mature addon community that includes greats like Forecast fox hehe, and the essential ad blocker + NOSCRIPT.

    With no script non of those dodge fake jpg or gif or phishing scripts will run unless u allow it. makes browsing a lot safer.

  14. Anonymous Coward
    Anonymous Coward

    Firefox getting bloated

    I've been a fan of Firefox since the Phoenix days, but I don't like the direction the browser has taken since 2.x. For one thing, it now has a horrible iconset and very dull UI colours. My preferred Firefox version is 1.5 as it has a functional, elegant interface. The browser also seems to have gotten more sluggish since 2.x, and yet has added practically no new functionality - talk about version number inflation!

    Even little things like the MacOS style Options (tabs on top as opposed to side) - why did they do that? The MacOS market share is tiny anyway - about 5%, and no-one uses Firefox on it; they use Safari instead. They should focus on making the UI experience for the Windows userbase as seamless and elegant as possible.

    Roadmaps plans for 3.x seem to be more of the same - no substantial new features, more bloat. I can see Firefox market share dropping lower and lower from its 20-25 high. It's just not responding to users' needs and reverting to its bad old ways. The development community seem to be - like virtually all open-source software - inept at dealing with what users want. There's a good likelihood it will go the way of Netscape Navigator.

    Opera is a nifty browser and I'm a big fan of 9.20. The quick options menu and more config options are very useful. It's probably more of a "power user" browser though, not one your average user will want to use. And hey, there's nothing wrong with that; because neither Firefox or IE give you enough flexibility out of box regarding images/plug-ins/Javascript/mouse gestures. Its fast-forward and "user mode" functions is also very useful. Oh and I find Firefox plugins to be quite useless; they don't make up for Opera's native features. They seem to be poorly coded, with bad front ends and it just adds another layer of programming language - i.e. it slows things down.

    Opera does seem to be less stable than the rest, however. It has the highest crash frequency of them all. Maybe this is my setup, I don't know; maybe it doesn't have enough RAM/cache space. But thankfully it's session recovery tool is top notch.

    So it's Opera 9.20 and Firefox 1.5 for me. Please, Mozilla change that disgusting icon set and stop the version name inflation!

  15. Richard Kay

    Use a VM as a web browsing sandbox

    If you have to run a browser with all the latest plugins and ability automatically to handle all kinds of multimedia content and not risk this compromising your main system, you are probably best off running this inside a virtual machine sandbox and reverting the VM to its state before the session after visiting any untrusted website. You may want to keep your host system browser/s for regularly visited (presumably trusted) sites where you want to take advantage of remembered cookies and passwords etc, and another VM for websites you visit on a one-off basis and which you can revert.

    For the very rare sites that don't work with either Firefox or Konqueror (which seems more capable but not as elegant as Firefox) I run a VM with IE using VMware and revert it immediately after the session.

  16. Anonymous Coward
    Anonymous Coward

    Re: Firefox vs. IE

    ‘Frankly, IE7 has made great strides, and despite the difficulty in admitting that IE7 "aint all that bad" it has to be said.’

    The only real deal-breaker with IE7 is that you have to "upgrade" to XP-SP2 or Vista to be able to use it. Sorry, but a €250 upgrade of an O/S just to be able to use more up-to-date bugware really isn't on the table. I'll keep FF on my W98SE system that I boot into maybe once a month.

  17. Gordon Fecyk

    Just when we thought we could surf as Admin again

    "Can't anyone make a browser that does not allow people to inject malicious code or take over your system?"

    How about an entire operating system?

    You could've caught Firefox bugs before the fact with limited accounts on Vista, XP or even 2K. Don't want to spend $250 on an OS upgrade? Spend $100 on an after-market copy of 2K on eBay, and ditch 98 already.

This topic is closed for new posts.