Firefox 3.5.4 fixes critical memory flaws Mozilla trotted out Firefox 3.5.4 yesterday, which patches 16 vulns - 11 of which were critical bugs. The browser maker said the 11 critical vulnerabilities were found in a number of components such as the JavaScript and browser engines, the GIF color map parser, the strings-to-number converter, three third party media …
Another critical Mozilla security flaw. Sounds like IE all over again. The irony is that alot of these Firefox users switched from IE because Mozilla led them to believe their browser was more secure.
The number of IE updates I get these days is much less than new Firefox releases.
Then again, I only actually get IE updates because I have Windows, I don't actually use that. Opera is where it's at. Security, Stabilities Standards Compliance and cross platform data syncing including my mobile in one lovely package.
So, I installed Windows7 two weeks ago, fresh, and ran Secunia today, not expecting to find any problems. But no, Adobe flash already out of date, even though it installed a Firefox plugin, which I assumed would let me know about any updates released.
Stupid Adobe. I wish some one would release an alt Flash plugin, thank God for Noscript and Adblock.
At least Mozilla let you know when updates are available.
I have been a big Firefox advocate since before version 1 came out but lately not so much. I still use it when I need to log into important accounts as NoScript still offers the best protection against various web flaws that steal passwords. For promiscius browsing these days however I much prefer Chromium on linux because not only is it more secure from process exploits with sandboxing under AppArmor but it is a hell of lot faster on a netbook as well. As for the IE fanboi at the top I will admit M$ is trying to move in the right direction with IE8 but by long ago embedding browser code deep into the kernel space that ship has already sailed. Your browser should run with absolutely as few privledges as possible as it and its plugins are on most desktops the most vulnerable piece of software on the box.
"The number of IE updates I get these days is much less than new Firefox releases."
Could it possibly be because the flaws in IE are being ignored and/or not getting fixed? Duh...
(maybe yes, maybe no, of course -- I don't really care too much because I don't run Windows. I'm just making the point that some people jump at their preferred conclusions without any thought as to why things are they way they are)
And we could always use the good old "critical mass" argument against your preferred browser: nobody uses that, so of course nobody finds vulnerabilities. Security by obscurity, etc. Or not. Isn't it fun to play knee-jerk fanboi?
I'm already using Minefield despite being beta (Hey isn't all software in constant beta anyhow what with update after update?). Forced compatability mode and all is working fine. Reason for switching was you can now use a custom chrome profile to disable the annoying blurry images in the previous FF image scaling.
"At least Mozilla let you know when updates are available"
Firefox never seems to let me know when an update is available, the Reg is normally where I hear, and have to manually tell Firefox to check for updates :(
I wish it would integrate with Windows Update and Apple Update, but both scenarios are probably pipedreams.
The difference is not that one is a bug-free program and the other isn't. ALL large programs have bugs.
The difference is that when bugs in Firefox are found, they get fixed quickly. When bugs in IE are reported to Microsoft, Microsoft has been known to sit on them doing nothing, until such time as either a security researcher publicises the bug, or evidence mounts that black hat hackers are actively expoliting it.
Also, Firefox is open-source, so lots of eyeballs have studied the code, meaning the obvious bugs were fixed long ago. Is that true of IE? Who knows, apart from an unknown number of MS employees and others who signed an NDA. Security by obscurity doesn't work.
"Another critical Mozilla security flaw. Sounds like IE all over again. "
You're either a troll or simply ignorant. Software has bugs. The number of updates for a product does not in anyway indicate how many bugs there is in it or how secure it is. The only things the updates to Firefox indicate is that bugs are being fixed, that Mozilla are open enough to admit these bugs existed and that Mozilla release updates as and when they feel necessary rather than to a fixed schedule (like making you wait until patch Tuesday). You also have to take in to account not only the number of bugs but how quickly they are fixed once they are discovered. On the former, Firefox is open source so anyone can find bugs and tell Mozilla about them, even send Mozilla a fix. IE is closed source, only Microsoft get to see the code and Microsoft don't need to tell you if they found a bug because they can patch it without anyone ever knowing.
Mozilla have a much better record on the latter than Microsoft.
For those who are still at 3.0.x (who have not upgraded to 3.5 yet for reasons such as needed plug-ins not being issued for 3.5 yet) 3.0.15 was issued at the same time as 3.5.4 was. I have not compared the two fix lists but I think that at least some are on both lists due to being newly discovered exploits.
.deb packages The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
