Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla: The Good And The Bad

Posted by timothy on from the 10-dollar-fine-if-you-said-ugly dept.

Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!). Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ). Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."

4 of 541 comments (clear)

  1. The 101 list is bullshit by bmajik · · Score: 4, Interesting

    1. You can do this by writing a 12 line VB app that embeds the MSHTML COM control on separate tab controls. Some projects already do this. (Yawn)

    5. uh, hit ctrl-H in IE6

    7,8. Hold control, scroll mouse-wheel

    17. IE does this

    22. This can be set in IE

    31. IE can do this

    46. Is this a joke ?

    77. I don't buy this. IE is a ship-component of Windows XP, and thus exists in 25 distinct locales.

    97. This is just fanboyism. There is no substance here.

    101. Got me there, champ.

    These are just the things I know are crap off the top of my _head_. Why does fanboy shit like this make it to slashdot on such a consistant basis ?

    --
    My opinions are my own, and do not necessarily represent those of my employer.
  2. Point 77 (Mozilla translations) is not really true by Kiwi · · Score: 4, Interesting
    The problem with Mozilla's translation method is that it is designed in such a way that a translation team has to update a translation for every single release of Mozilla. That means that if a given translation team doesn't update the translation, newer versions of Mozilla have to be used in English.

    In particular, if I wish to have Spanish-language dialogues in Mozilla, I (as of a month ago) can not upgrade to Mozilla 1.0.1 because none of the volunteer Spanish translation teams [1] has updated their 1.0.0 translations to version 1.0.1; instead they chose to direct their translation efforts towards 1.1 and 1.2.

    Compare this to AbiWord, which has a translation structure such that, if a given translation team decides that meeting girls at dance clubs is far more fun than spending Saturday night translating dialogues, the translations still work for new versions of the program. If any new dialogues appear, those dialogues will be in English until someone steps up to bat to translate them, but any unchanged dialogues remain translated.

    IE has an edge here, since their translation teams are paid; guaranteeing that any formal release of IE will be translated in to all officially supported languages. The disadvantage to this is, if a given language is deemed by Bill Gates to not be worthy of translation, you have to use the application in English (or one of the other official languages).

    This structure causes Mozilla 1.0.1 to have translations available in languages like Estonian (a beautiful language [2] which has about, as I recall, 2 million speakers) but not in Spanish (which has more native speakers than English--about 325 million).

    OK, thinking out loud, it should not be too hard to set up a perl script which unzips a translation for a given version of Mozilla, compares the labels against the English version for a given later version of Mozilla, and then translates all of the labels it can; leaving the untranslated labels in English. This would be far more productive than posting to Slashdot; perhaps a Mozilla guru can tell me if a tool like this already exists.

    - Sam

    [1] There are three Spanish trnaslation teams: One for Latin American spanish, one for Argentinian Spanish, and one in Spain. The Argentian is the most active group right now.

    [2] One of my linguist teachers is a native Estonian speaker; she once talked to us in Estonian to demonstrate a language learning technique.

    --

    The secret to enjoying Slashdot is to realize that it should not be taken too seriously.

  3. These are only the publicly known bugs by alanjstr · · Score: 4, Interesting

    I'm sure there are security bugs in Mozilla that haven't been made public yet. That was the problem with the onUnload(). It was known about for a long time, but not until it became public did it get fixed.

  4. Open enough? by KjetilK · · Score: 4, Interesting
    Well, are they open enough? their policy allows for not disclosing vulnerabilities.

    The main reasoning seems to be that vendors should be able to protect their customers.

    But what happened with the privacy leak recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.

    Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"

    This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.

    --
    Employee of Inrupt, Project Release Manager and Community Manager for Solid