Slashdot Mirror

← Back to Stories (view on slashdot.org)

FireFox as a Security Risk Compared to IE?

Posted by Cliff on from the that's-just-silly-talk dept.

A not-so anonymous Anonymous Coward asks: "The administrator at my work gave me the following reason for not using Mozilla. What do you think? 'FireFox is a security risk. Please refrain from using it. Please continue to use IE 6.0. IE is our only supported browser. FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'" Do any of you have information that could be used to contradict the administrators information on FireFox? Are there configuration options one can reach from about:config that a user can use to address the problem this administrator has cited?

5 of 174 comments (clear)

  1. Adminstrator is full of it by abartlett_219 · · Score: 5, Informative
    browser.cache.disk_cache_ssl? Q.19 here

    by default, ssl cache is disabled on firefox.

    1. Re:Adminstrator is full of it by memodude · · Score: 5, Informative

      Also, you can make it essentially clear the cache on each browser exit by setting browser.cache.memory.enable to true and browser.cache.disk.enable to false.

  2. Call Bullshit by TrebleJunkie · · Score: 5, Informative

    I think I'm going to have to call bullshit on your admistrator.

    In about:config, the property you want to look for is:

    browser.cache.disk_cache_ssl

    From This Page:

    * Description: switch to enable caching of objects served over a secure connection (SSL).
    * Type: boolean
    * Default: false
    * Recommendation: true on systems where it is secure to cache these objects.

    By default, Firefox (and Mozilla. and Netscape.) will *NOT* cache SSL-served pages. And, contrary to your administrator's *other* claim, you most certainly *can* toggle this behaviour in Firefox.

    --

    Ed R.Zahurak

    You know, oblivion keeps looking better every day.

  3. Re:Simple. by randomblast · · Score: 5, Informative

    It would be better for a site like that to use a caching proxy anyway. It puts all the effort on the server, and off the desktops, and you have no problem keeping track of what the desktops have stored on them, so if a desktop machine gets stolen, no sensitive info is on it. This has to be applied to other areas of their computing system as well, of course, but it probably already is, because it's really stupid to cache database results.
    So, if you use a caching proxy instead of client-side caching, you save bandwidth, you save space, you keep it fast for the users, and you don't have to worry about caching SSL pages on your user's machines.

    --
    ...these aren't my real teeth.
  4. Re:Simple. by Anonymous Coward · · Score: 5, Informative

    "The administrator at my work gave me the following reason for not using Mozilla."

    Someone's not going to be an anonymous coward for long...

    "FireFox is a security risk. Please refrain from using it"

    LOL. Very good.

    "IE is our only supported browser"

    Please don't make me change anything. I might have to test it.

    "FireFox saves encrypted pages to disk and does not give you override capability. It also does not allow automatic cache clearing when closing a browser. These are security risks.'"

    OMG, people write this stuff?

    Internet Explorer runs programs if you put them in an XML stylesheet, it runs programs supplied in bitmap images, allows websites to save scripts to disk and run them from the "trusted" zone, and allows any website to run activeX programs with full access to your computer if you ever click OK to a dialog box. These are security risks.