Hackers detail scary Firefox flaw...Update: They're kidding, mainly.
Update: It seems reports of this Firefox failing may have been premature. See latest from Ars Technica at bottom for clarifications.
Hacker conferences are so much fun. Case in point: San Diego's ToorCon conference on Saturday, when engineers Mischa Spiegelmock and Andrew Wbeelsoi (what names!) took the stage and called the increasingly popular Firefox Web browser a "complete mess." The duo detailed to the world a security flaw in Firefox, which afflicts the browser's handling of Javascript. As if that weren't painful enough, Spiegelmock and Wbeelsoi also said the glitch was probably "impossible to patch." "Internet Explorer, everybody knows, is not very secure," said Spiegelmock. "But Firefox is also fairly insecure." Naturally, Firefox officials were none too happy, reports CNET. The hard-working people from the Mozilla Foundation, which manages Firefox, had hoped for a bit more discretion. Publicizing a Firefox insecurity hurts the browser's image as the safe, spam-free alternative to Microsoft's Internet Explorer. "I think it is unfortunate because it puts users at risk, but that seems to be their goal," groused Window Snyder, head of security for Mozilla. Digg readers are having none of the Firefox bashing. When one posted: "It makes you wonder why people always say FF is the best browser," one reader was quick to fire back: "Maybe because each Firefox flaw is worthy of a news post, while Internet Explorer has so many that no one bothers to write about them anymore." STOP THE PRESSES, we may have been had: The latest nows is that Spiegelmock and Wbeelsoi were just joking. (Like we said, hacker conferences are more fun.) According to Ars Technica, the bug is reproducible, but it is not a new one, nor particularly serious: "Mischa Spiegelmock has now said that the talk 'was to be humorous,' and that the presentation covered a 'previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution.' In other words, they didn't discover a new flaw." Moreover, the two hackers have never actually managed to exploit the bug to do anything more than crash their own, local machine. Also, when they said Firefox had 30 known "exploits," well, that wasn't rigorously fact checked either. Just so you know. Personally I like Opera but use FireFox now and then. I can't remember the last time I used Internet Explorer. Hackers will no doubtly go after the most popular browser so that they can inflict maximum damge on the public, so that's why I feel pretty safe with Opera.
Awe you poor babies... Fire Fox is not safe you fell victim to the hype with out doing your own research to the credibility of such claims. Now that Fire Fox has been hit it must persevere or it will continue to fall...But yes Fire Fox may have lost that edge though be it a small edge.
Its not that Firefox is the 'perfect browser' it�s that it is so much smoother, faster, reliable and scaleable while providing more features to the user then IE.
Firefox does have its flaws but it is still less then the number of flaws in IE There is no such thing as 'perfect' software just 'better' software. Not nice poking fun at someone's name at all. How rude.
Its not that Firefox is the 'perfect browser' it�s that it is so much smoother, faster, reliable and scaleable while providing more features to the user then IE.
Firefox does have its flaws but it is still less then the number of flaws in IE There is no such thing as 'perfect' software just 'better' software. Is anything really "secure"? If man can devise it, man can break into it. Food for thought about the overall health of the Internet.
I use Opera, I live that browser.
Hooray for Opera. There's another twist to the Firefox story that I think deserves mentioning. Firefox 2 and Internet Explorer 7 will both soon be ready for release. Internet Explorer 7 has dramatically re-invented itself and added all of the features that Firefox once boasted and a lot more. Firefox 2 is disappointing in that it is so similar to the previous version. Add to that the fact that Firefox is now reportedly fighting with Ubuntu and Debian Linux over branding, and where does that leave us? Perhaps it is time to explore alternatives to the big 2 browsers!
It always seem that when Microsoft was getting attacked by hackers and showing the flaws of thier work it was ok. Now that Firefox is getting the same treatment they are crying foul. No matter what software there is there are people who will look for holes in the software for better or worse. More times then then not it is use for the worse things hackers, crackers can do. So all you folks who praised Firefox as the safest broweser welcome to Microsofts nightmare and stop crying and belly aching.
Yes, IE has so many flaws it is rediculous. But what I know is that I can almost use Firefox without ever using a mouse because it is so useable of software.
Firefox had a lot more flaws then Internet Explorer did last year. Look at the Symantec report released last week.
I, along with many others, did not need two hackers to know that Firefox is seriously flawed when it comes to Javascript. Most, if not all, live scoring for fantasy sports, which I participate in, is based off of Javascript and when it does not want to work, it can be frustrating. Yes, Firefox has some sort of plug-in they have, but this does not work.
Of course, Firefox officials were unhappy, but they were the cause of it. I have used almost every browser under the sun and still like FF the best. It simply provides the most control over features, including pop-ups, java scripts (with an extension), etc. I find all these haggling over browsers (yours vs mine..etc) quite childlish. Same with operating systems. They are all eventually insecure as long as there are folks out there working to make them so. Instead of blaimg the designers, concertate your efrforts on bashing the malicious folks out there that exploit any weaknesses.
Every piece of software has hidden vulnerabilities. These crackers are merely taking the time find them in Firefox.
When it comes to rendering web sites correctly, Firefox is unparalleled. Microsoft still cannot get it right. IE gives developeres headaches while Firefox supports and enables good design and development on the web. Whoopty do.
yeah Firefox has insecurities, and any popular browser will. The problem will always be between the keyboard and the chair. "Of course, Firefox officials were unhappy, but they were the cause of it."
Tim: Well, it's not just that they reported on the browser flaw. It's that they disclosed the flaw without telling Mozilla and giving them a chance to fix it (the ethical thing to do) and that they have used this exploit to create a 'botnet' for blackhat hackers. Worse yet, one of these guys works for SixApart. It has been reported that firefox has had more bugs within the past year than IE has. In all fairness, the bugs might have been patched in less time, however, the bugs were there. If someone is to label a brower as being insecure by the number of security flaws, Firefox is clearly the looser and Opera is clearly the winner.
Hey Oliver, Owen, time to update your story...
http://www.pcworld.com/article/id,127375-c,mozilla/article.html Firefox Zero-Day Code Execution Hoax?
http://www.eweek.com/article2/0,1895,2023762,00.asp Use Netscape!!!!
I would probably use FizzleFox more if it acted more Like IE... Instead of those hated tabs and constant updating itself, having to download 6 million plugs to find the one that almost works, and FF has never once yet come out of the 'box' being able to view a wmv streaming video.
CNNMoney.com Comment Policy: CNNMoney.com encourages you to add a comment to this discussion. You may not post any unlawful, threatening, libelous, defamatory, obscene, pornographic or other material that would violate the law. Please note that CNNMoney.com makes reasonable efforts to review all comments prior to posting and CNNMoney.com may edit comments for clarity or to keep out questionable or off-topic material. All comments should be relevant to the post and remain respectful of other authors and commenters. By submitting your comment, you hereby give CNNMoney.com the right, but not the obligation, to post, air, edit, exhibit, telecast, cablecast, webcast, re-use, publish, reproduce, use, license, print, distribute or otherwise use your comment(s) and accompanying personal identifying information via all forms of media now known or hereafter devised, worldwide, in perpetuity. CNNMoney.com Privacy Statement.
|
|
| 
