Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla: The Good And The Bad

Posted by timothy on from the 10-dollar-fine-if-you-said-ugly dept.

Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!). Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ). Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."

22 of 541 comments (clear)

  1. 6 bug more !? by mirko · · Score: 5, Funny

    OK, 21669 to go :-)

    --
    Trolling using another account since 2005.
  2. Most are already fixed by afidel · · Score: 5, Insightful

    As of 1.2beta almost all of these are fixed. In general opensource is not a whole lot more secure than closed source (both are programmed by humans), they just are more open with information and quicker with fixes.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    1. Re:Most are already fixed by MAXOMENOS · · Score: 5, Informative
      In fact, as of 1.0.1, five of the six bugs are fixed. Only one of these bugs exists in 1.0.1, and it's generally regarded as the least serious. Almost every distribution is running Mozilla 1.0.1 or 1.1 by now. I know I'm running 1.1 on my box, and Ximian GNOME is using 1.0.1.

      Seriously, this isn't as big a deal as it looks, folks.

      --
      Finding God in a Dog
  3. Why users "should" switch by 1984 · · Score: 5, Insightful

    "...resource for convincing stubborn Internet Explorer users why they should switch..."

    Should be:

    1. Provides a better subjective browsing experience
    If that's not true, you'll never win.
    1. Re:Why users "should" switch by bunratty · · Score: 5, Insightful
      If that's not true, you'll never win.
      Win what? Is there some competition to get more people using Mozilla than IE? That's a battle that will never be won as long as IE is shipped with nearly all new desktop computers and Mozilla is shipped with nearly none.

      To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.

      --
      What a fool believes, he sees, no wise man has the power to reason away.
    2. Re:Why users "should" switch by falzer · · Score: 5, Funny

      TEN MINUTES of not responding oh a relatively new machine (2ghz P4, 1/2GB RAM) is NOT, by ANY means acceptable.

      Well, damn, your computer is so fast it can finish an infinite loop in ten minutes.

  4. Read the entire article.... by dartboard · · Score: 5, Informative

    If you read ALL the way to the end of the article you'll note that 5 of the 6 bugs are already fixed in 1.0.1 which has been out for a couple months now. I believe the sixth is already fixed in the 1.2 nightlies.

    1. Re:Read the entire article.... by wandernotlost · · Score: 5, Insightful

      There will always be bugs, whether your software is open source, free, or otherwise. What matters is how you deal with them.

  5. NTLM auth by bunratty · · Score: 5, Informative
    I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer.
    NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha which will be out in about one month.
    --
    What a fool believes, he sees, no wise man has the power to reason away.
    1. Re:NTLM auth by twoflower · · Score: 5, Insightful
      Want to have NTLM support? Vote for it!
      No, write the damn code. That's what software freedom is about. You've missed the entire point.
      --


      --
      Twoflower
  6. These are already fixed by nxg125 · · Score: 5, Informative
    To quote Mozillazine
    The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them.
  7. 10 Things... by yamcha666 · · Score: 5, Insightful

    Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat? Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

    Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE.

    1. Re:10 Things... by Anonvmous+Coward · · Score: 5, Insightful

      "Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE."

      Frankly, I didn't think the '101 things you can do with Mozilla' was that interesting. Most of the stuff there I'd only care about if I were doing web development today. In that case, yes it'd be really cool. But they're trying to oversell features that most people don't use. I just wanna browse the web, I don't care about color coded source viewing. I do care about the browser opening fast without hogging all the RAM. (Fortunately I'm an Opera user.)

  8. Re:A Word on Mozilla by Entropy_ah · · Score: 5, Informative

    the Windows version is hurting
    That's strange because I've found that Mozilla is more stable and faster in Windows vs. its Linux couterpart.

    --
    my other penis is a vagina
  9. It's about the browser by c13v3rm0nk3y · · Score: 5, Insightful

    How my favourite bug was turned into a feature is the best example I have of how easy it is to get off the track with big projects like this.

    The bug got lost in several threads, flames and arguments about what IE does or does not do, until it was finally marked WONTFIX by a Mozilla demi-god. IMHO, they missed the point. There is a constant refrain in Bugzilla about whether something is "standard" or not.

    From my experience, the argument about web standards is used to either fix or not fix something, depending on how someone feels about a problem.

    Don't think it's a problem? don't fix it and say "it's not standard, so we won;t" or "it's not standard, but we break the standard everywhere where it makes sense". Some behaviour need changing? The same arguments apply.

    I may be just whining here, but sometime I think the fact that Mozilla is a web browser is lost in the arguments. I still love Moz, but the fact that the right-margin jumps around on my otherwise fine HTML 4.x and CSS pages will always bother me.

    --
    -- clvrmnky
  10. Re:Bug reporting? by Iamthefallen · · Score: 5, Insightful

    Yeah, imagine that, the Evil MS notifies customers that an update is avaliable, but the wonderful Mozilla organisation has people visiting the site looking for an updated version or patch. I know that my family at least finds that much easier because they have a deep interest in what web browser they use to browse the interweb...

    If you're gonna complain about MS, at least use a valid argument, god knows there's a lot of them, but the kneejerk whining about MS being evil doesn't really do any good for anyone.

    --
    Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
  11. 31 security vulnerabilities in IE by Futurepower(R) · · Score: 5, Informative


    Here's a link. On November 6, 2002, there were 31 security vulnerabilities in Microsoft Internet Explorer

    The link is taken from: Windows XP Shows the Direction Microsoft is Going.. If Spanish is your native language: Windows XP muestra la dirección que Microsoft está tomando.

  12. Re:How about https? by Dr+Caleb · · Score: 5, Informative
    Anyone have this problem?

    With some sites, yes. If they don't support the Mozilla certificates, they won't allow https. I use Mozilla for my Banking (switched banks because they supported Mozilla) and things like Hushmail. For some things at work, I still have to use IE for sites that don't support Mozilla's certs.

    --
    "History doesn't repeat itself, but it does rhyme." Mark Twain
  13. Re:The one thing it doesn't do by Loki_1929 · · Score: 5, Insightful

    How sad. You don't 'talk' to a support technician with Mozilla, but you can usually get in contact with the person who actually wrote the code that's giving you trouble. Personally, I find this preferable to sitting on hold, paying through the nose for phone support, and talking to someone who hardly has the technical knowledge to use a computer, let alone code a browser. Mozilla's problems and bugs are well-documented; IE's are well-hidden. Mozilla has an excellent secuity track record; IE's security track record can be seen by the seemingly endless stream of advirories and patchs.

    It's a shame that these Fortune 500 companies choose inferior products with inferior support on the basis that they're able to hear a human voice when there's some sort of problem; regardless of whether or not that human voice has the slightest understanding of the problem, the solution, or even the product.

    --
    -- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
  14. Re:The one thing it doesn't do by erikdotla · · Score: 5, Insightful

    I've found that the Bugzilla for Mozilla, Newsgroup usefulness, and general web resources are better, or at least equal to, that of Microsoft. Microsoft has an edge with phone support but, I run 10 servers and 50 workstations, all running Microsoft with SQL, Exchange, NT, 2000, and more - and I've never had to call them. I won't.

    I dread calling them. It costs money, immense amounts of time, and I would sit on hold just knowing I'd end up with a moron who would suggest that I try rebooting.

    This notion that a software company must be responsible for it's software, so that someone can be held liable and can be counted on to help, is really just dependency and lack of personal responsiblity, and ultimately a crutch. MCSE means Must Consult Someone Else.

    Perhaps Fortune 500 companies ARE Fortune 500 companies because they pass the task of software support and maintanence off to the companies that make the software, and focus on their core business.

    But they're also the ones spending obscene amounts of money and time trying to understand Microsofts insane licensing policies.

    They're spending time and money evaluating Microsoft's DRM moves, preparing to deal with the inevitable (some would say immediate) consequences of Microsoft's negative, condescending attitude toward it's customers.

    They're the ones who woke up one day and realized they were renting software, not buying it, and that they have an evil landlord and can't do anything about it. They're just happy their investors also like Microsoft so that they percieve this dependency as a "strategic relationship". They're the ones subject to the whip hand.

    I've never walked into a Fortune 500 company and seen Mozilla. I've also never let the public see me having sex. Neither of those means that it doesn't happen.

    --
    # Erik
  15. Re:The 101 list is bullshit by Edgewize · · Score: 5, Informative

    While the 101 list goes a bit overboard, you're wrong to dismiss a lot of the items.

    1. Tabbed browsing is inherantly slower with IE because it creates a new browser instance for each tab.

    5. The side bar is NOT just a history window. You can put virtually anything in it, including slashdot headlines or a google box.

    7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.

    17. At least with 5.5, the "cookie manager" is nothing more than a listview of all your temporary internet files. Mozilla has a real interface with more capabilities.

    22. The average user will not set this, and will inevitably install Bonzi Buddy or some other crap because they click OK too fast. Mozilla comes secure by default.

    46. You can run Mozilla from a network share without ever launching an installer. I'd like to see you do try with MSIE 6.

    77. Yeah, assuming that you have the appropriate locale of Windows. And that you'd never want to run a version that was different from your operating system's locale settings.

    97. True. But you must admit that Mozilla's security process is more open than IEs, and that there won't be major vulnerabilities that go unpatched for months. With IE you have no such guarantee.

    101. You just can't argue with that one. The lizard is cool.

  16. *blink* by Dave2+Wickham · · Score: 5, Funny

    "Supports blinking text
    You can make text blink."

    *blink*

    This is GOOD?