Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Bad Month for Firefox

Posted by CowboyNeal on from the and-its-bugs dept.

marty writes "Februrary is not a good month for Mozilla developers. Infoworld reports about the efforts of Polish researcher Michael Zalewski, who apparently kept finding new vulnerabilities in the popular browser on a daily basis through the month, first postponing the 2.0.0.2 update, and then finding a remotely exploitable flaw in it immediately after its release."

5 of 195 comments (clear)

  1. Re:How is this bad? by bunratty · · Score: 5, Informative

    The only bad thing is that Michael Zalewski is not following Mozilla policy for reporting security bugs. He should first report them to Mozilla privately and give them some time to fix the problems. Instead, he publicly announces the vulnerabilities so the bad guys can exploit them before Mozilla has any chance to fix the problems. In short, Zalewski seems to believe in full disclosure instead of responsible disclosure.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  2. Re:Compelling reasons to switch to 2? by kv9 · · Score: 5, Informative

    You're also missing the annoying UI design and worse performance.

    I agree that the UI is not the most pretty thing ever envisioned (why does everyone go for ROUND shit now? let me guess, the UI designers have Macs) but performance wise it got better. also it's more stable and the integrated session management allows you to get rid of all the clunky extensions that tried to provide sessions (along with the kitchen sink)

    there's also tabbed browsing improvements and other features. GP, check the changelogs.

    --
    Stop Computers/Cars Analogies on S
  3. Re:No we're not by Mateo_LeFou · · Score: 5, Informative

    "Conclusion? Apache has predictably shown more vulnerabilities than IIS versions over the same time period"

    Conclusion? Apache has predictably reported more vulnerabilities than IIS versions over the same time period

    FYP

    --
    My turnips listen for the soft cry of your love
  4. Re:Compare against the best. by omeomi · · Score: 5, Informative

    But compared to Opera, Konqueror and Safari, it's still quite slow and extremely bloated.

    I use Firefox and Opera on Windows, Safari on OSX, and I have occasionally used Konqueror, but I'll admit, not as frequently. However, I've never noticed a perceptible difference in speed or obvious bloat between Firefox, Opera, and Safari. "quite slow" and "extremely bloated" are obviously complete fabrications...

    --
    ZuluPad, the wiki notepad on crack
  5. Re:How is this bad? by tetromino · · Score: 5, Informative
    In short, Zalewski seems to believe in full disclosure instead of responsible disclosure.
    So do most of us here at /. when it comes to bugs in Windows or IE or Java VM. Why not Firefox?

    No. I would venture to say that most people here believe in giving Windows/IE/Java/Firefox devs a couple of weeks to fix a bug before going public. Coming up with a patch is the easy part. Any large project will need to look for related issues in the rest of the code, to do QA work to make sure the patch doesn't introduce new bugs or vulnerabilities, and to package the updates for all the different architectures and products that happen to be vulnerable. That process takes time; it is physically impossible for the Windows/IE/Java/Firefox team to release an update the same day you informed them about the issue. If you go public on the first day, you are just being an asshole.