Slashdot Mirror

← Back to Stories (view on slashdot.org)

611 Defects, 71 Vulnerabilities Found In Firefox

Posted by ryuzaki0 on from the rolling-in-bugs dept.

Danny Begonia writes, "Some folks at Klocwork examined the large and complicated code base of the popular open source browser, Firefox. Overall, Firefox is a well written and high quality piece of software. Several builds were performed on the code, culminating in the final analysis of version 1.5.0.6. The analysis resulted in 611 defects and 71 potential security vulnerabilities. The Firefox team has been given the analysis results, and they will determine if or how they will deal with the issues." What are your thoughts — do Firefox and the open source community welcome this kind of analysis?

4 of 434 comments (clear)

  1. False positives by interiot · · Score: 4, Informative

    Note that Klocwork, while definitely a good tool, does tend to produce a fair number of false positives, so it's not possible to try to compare an automated report of potential problems to a list of problems actually agreed to be a problem and actually fixed by an organization.

  2. Tools like this produce lots of false positives by Jimmy_B · · Score: 5, Informative

    Static analysis tools like the one used to produce this list tend to produce lots of false positives, because they can't make as many assumptions as a programmer who knows what's going on, and they can't follow most interactions between different modules. So the headline should be "611 *possible* defects, 71 *possible* vulnerabilities" found. More likely, a small handful of those will turn out to be real (but minor) bugs, and the rest will be bogus.

  3. Re:Obvious. by Danga · · Score: 4, Informative

    I wouldn't trust those numbers from thecounter.com or any of the other sites that depend on user agent. Opera user here and I know for a fact that most of the time I have my user agent set to MSIE 6.0 otherwise a lot of sites give me problems and won't let me load them even though they render just fine. Those same sites a lot of times will load without a problem in firefox, when will web designers stop checking the damn user agent, it is a waste of time and just pisses people off. It has been getting better but still any analysis done that relies solely on user agent is not reliable in my book. I also would really love to have a true way to find out how close that 1% for Opera is to correct because I doubt it is correct.

    --
    Hey, there is only one Return and it's not of the King, it's of the Jedi.
  4. Opera easily countable using useragent string by Chuck+Chunder · · Score: 4, Informative

    Even when Opera is spoofing it's user agent string the text "Opera" is still in there and anyone making a reasonable effort to identify browsers will be able to count it accordingly. Opera's spoofing doesn't hide that it's Opera, it only acts a workaround for sites that only detect a common part of the IE/Mozilla UA string and wouldn't do anything if one of those aren't found.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park