Slashdot Mirror
New Firefox Vulnerability Revealed
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
So who's the moron using unbounded buffers?
Great minds think alike; fools seldom differ.
That a remote stack-based buffer-overflow can be triggered to compromise FF.
But why on earth those friendly developers don't design, implement a damned solution to be used everywhere in the code???
Fix once, fix forever (until next smarter exploit).
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Is this a new copy-and-paste troll? Almost the same post appeared in the Linux kernel exploit article. Apparently some people missed the Defective by Design campaign and are completely unaware that it relates to DRM, not to arbitrary bugs.
I am TheRaven on Soylent News
... and stop using all of your web-apps... sigh...
------ The best brain training is now totally free : )
I don't know anything about JavaScript or Firefox internals, but a public sounding central function call like "DOCUMENT.WRITE" having a length related buffer overflow is just unacceptable. This call is used all the time right? How could this be missed?
Let's just hope that all those eyes are friendly. How many black hats are scouring the source code to generate exploits to sell underground? As quickly as Firefox releases patches, when these bugs aren't reported it's no better than a proprietary browser.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
FTFA: The vulnerability was reported to SecurityFocus (BID 35707) on July 15.
4 days > 24 hours.
It looks like the proof of concept only shows how this could lead to a stack overflow. There is no concept about how this could lead to code execution, which makes this just just another way to crash a browser.
Crashing browsers is of course potentially a problem, but it quite boring while there are still so many ways to do real exploits.
document.write = function(){ alert("This website was designed by a fucking idiot."); };
Well, obviously he meant 24 hours after it was posted on Slashdot. As we all know, it's not real until it's on Slahdot.
It's safe to say that the meme has been co-opted. It seems to pop up in a fair number of articles these days.
In other news, Apollo 11 was faked.
.. as the horrible language that is JavaScript is extended ever more to try and emulate real desktop applications (and more pervasive advertising).
Mang, sometimes I wish I could still get by with a browser that doesn't support JS at all, but web devs insist on building websites that absolutely require JS. For example the free SMS service for my mobile phone network (Meteor) absolutely won't work with JS disabled.
Really? Taking a look at stories that have the defectivebydesign tag there are DRM stories as you point out. However, look at some of the stories in there:
* Critical security hole in Linux Wi-Fi
* Apple issues patches for 25 security holes
* Very severe hole in Vista UAC design
* Surprise, Windows listed as most secure OS
* Vista worse for user efficiency than XP
* Loophole in Windows random number generator
* Remote exploit of Vista speech control
* SP1 unsuccessful in preventing Vista hacks
* Data loss bug in OS X 10.5 Leopard
And so on. So yes, the majority of stories using the tag are DRM-related but there's an increasing usage towards general-purpose software bugs or exploits as shown by the articles I pointed out.
I wonder if this bug what is causing Xorg to crash, as described in this blog post?
I thought they tested 3.5 prior to release.
http://slashdot.org/tags/defectivebydesign
Some stories tagged "defectivebydesign" that are not at all related to DRM:
"Critical Security Hole in Linux Wi-Fi" .MOV + Toshiba + Vista = BSOD"
"Apple Issues Patches For 25 Security Holes"
""Very Severe Hole" In Vista UAC Design"
"MS Responds To Vista's Network / Audio Problems"
"Apple's IPhone 3G Firmware Update Bombs"
"QuickTime
"Vista Slow To Copy, Delete Files"
"Vista Runs Out of Memory While Copying Files"
"Mark Russinovich On Vista Network Slowdown"
"Microsoft Knew About Xbox 360 Damaging Discs"
"Vista Not Playing Nice With FPS Games"
That's as far as I can be bothered to read. Go look at it yourself. That tag is cheerfully applied to many, many stories about Windows or Apple bugs.
The proof of concept has crashed every browser I've tried it on; Firefox (obviously) (and the 3.6 nightly), Epiphany, Chromium, Opera and Android Browser. So is Firefox the only browser that is exploitable during the crash or other browsers affected?
If you use firefox, then you are the moron using unbounded buffers.
These recurring requests to turn off something are getting annoying. Why not automate the process? Set up a page somewhere like
www.mozilla.com/firefox/3.5.1/current-safety.txt
which would list something like
javascript: unsafe
java: safe
flash: safe
Then by default your browser would fetch that file and automatically implement Mozilla's recommendation of the day.
To say, for the contemporary web, "turn off javascript", is to say, "break everything". If I can't safely use the browser with Javascript, I can't safely use the browser.
It's not a meme, though. Or, at least, it's not supposed to be.
It seems to conflict with the program Steam and other programs, issues with minimize/maximize, etc.
Well, the small amount he evidently knows stil allowed him to make a reasonable question, which actually resembles bitching far less then your response does.
After all, FF is open during development, not just after release. 3.5 has been a long time in coming, the code has been out there for lots to see and lots have looked, yet this was missed.
The thing is, open or closed, any major project has a lot of people looking at the code, and at least some of those people, perhaps most, are highly skilled. What this means is that it isn't likely there's an extremely obvious bug in the code. It isn't the sort of thing that someone would look at the source and go "Oh look they forgot to set getHacked = 0," or something like that. If it were obvious, the developers probably would have caught it. Instead the bugs are due to subtle interactions in teh code, that aren't easy to see.
So, more often than not, the way these things get found isn't someone pouring over the code, it is someone trying out attacks on the finished product. They try sending it bad data of various kinds to see how it reacts, or perhaps they see it react in a certain way to good data that gives them an idea how they might craft bad data to exploit it. Whatever the case, they are working on the finished product, and not particularly concerned with the source.
This is why you find bugs even in projects that many people are on, because developing something and looking at the code is real different from trying to exploit the finished product.
Reread the GP's post. He doesn't know anything about JavaScript and Firefox internals. Any fool can tell you that document.write is one of the most public function calls JavaScript uses, and his point is valid.
From TFA:
"Note: Although Javascript access can be restricted with applications such as the NoScript Add-On, it may still be possible for the browser to be exploited if an untrusted website is loaded (with/without the consent of the user, for example, via XSS or compromised-whitelisted website)"
Nice troll though.
The primary difference being that bugs like this Firefox flaw are accidental and unintentional, whereas DRM is quite deliberate hence the "defective by design" nomenclature. That's such a sharp contrast, it's reasonable to assume that someone who fails to notice it is either speaking of what they know nothing about or purposely trolling. In other words, "highly advanced incompetence is indistinguishable from malice."
There were two ideas mentioned by GP, which were the "defective by design" label and the security reputation of IE. It's useful to know where those perceptions come from whether or not you actually agree with them. I'll make a very simplified (and therefore imperfect) summary of what I perceive as their bases.
The only reason why I see such a concept as "defective by design" applied to IE is a vague one. IE (and Microsoft in general) has something of a history of implementing ideas that were predictably unsound, the most notorious of which is probably ActiveX. That's mostly because ideas which are computationally sound are often orthogonal to ideas which are most easily marketed. True to the nature of a corporation, whenever these two are in conflict, the marketing concerns will win. This is where that perception of closed-source (that is, commercial) software that the GP mentioned comes from.
ActiveX is running untrusted code from a hostile network with no sandboxing and with the full privileges of the user running the browser. Before a single line of code is ever written to implement this, you can predict in advance that this is an unsound idea which invites trouble. Microsoft wrote the code and implemented the idea anyway. IMO that was a deliberate business decision because they felt the marketing and promotion of $SHINY_FEATURE would gain them more than they would lose from the PR problems of security issues. Because of how ignorant the general public tends to be about computer security, such decision-making has been largely successful. In other words, the people at Microsoft are not a bunch of idiots who didn't know what they were dealing with. They knew and they made their decision. Still, it's better to call that "faulty design" and "poor priorities" than to hijack a very specific term like "defective by design."
It is a miracle that curiosity survives formal education. - Einstein
with your Zealot-fu...
open source = security (at least that's what i've learned from every other slashdot post).
Porn mode.
A simple heuristic: if you can submit a well-written bug report and at least an attempt is made to fix the issue, it's probably not a design flaw.
It is a miracle that curiosity survives formal education. - Einstein
I might not have been originally intended to be a meme http://en.wikipedia.org/wiki/Meme, but it seems to have become one. The idea that "DRM technology is Defective by Design" seems pretty memetic.
As far as the Vista stories go, the network/copying/audio issues had to (or were believed to at the time) do with the DRM laden audio chain.
This is the reason why I avoid crappy software like Firefox and stick to MSIE! Firefox is riddled with bad, bloated code making it easily subjectable to these types of attacks. On top of that, the development model allows mistakes like this to get into the codebase without proper quality assurance.
If I have to /sarcasm, I will kill you.
One hears about such vulnerabilities often, but I rarely get any sense of just how dangerous this is. How often do these vulnerabilities translate into compromised web pages that the average user who isn't going to download porn....how often do these exploits translate into people actually having their computers compromised and turned into bots? I know many, many computers are compromised...just not sure of the manner in which they are actually pwnd...
But, but, but, that's unpossible!
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Not really a meme, but rather simply a statement, because really they are, defective by design.
Taxation is legalized theft, no more, no less.
You have dogs in your ass.
It's not a buffer overflow. It's a missing OOM check
You see... right there is the cause of this crap. A "missing OOM check" IS A GOD DAMN BUFFER OVERFLOW. The buffer you overflow is whatever heap you take for granted when you DELIBERATELY IGNORE the failure of some allocation. A heap is just an elaborate managed "buffer."
Allocations fail. Even if you don't think they can and have never witnessed it. Even if your boss's design assumes they can't and lacks any way to deal with it. Even if it takes more effort to handle a failure than your deadline will permit. Stop ignoring allocation failures.
Even if firefox is triggering it, it's clearly an issue with Xorg itself. Firefox, nomatter how crappy, should not be able to take out X.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
This is a browser out of memory crash. There is no evidence that this is exploitable while all evidence points to it not being exploitable. Pretty much all browsers crash from this but that doesn't mean that it's a security issue.
Most of those could be argued to be hinting at the the Blu-ray-related DRM present in Vista and newer MacBooks. And the iPhone is a closed system. There's an earlier post with some examples completely unrelated to DRM, and I think in those cases it's a case of the person knowingly using it as a joke to say that whichever commercial os is referenced in the headline is never going to be any good.
As that happens more, it could mean the end of DbD as a DRM flag and just people using it because they heard it once and it sounded cool. But hopefully people will continue to parse the actual words in the phrase. I don't think I've seen it yet where I didn't think it was supposed to be applied humorously.
Of course, this being the internet, and Slashdot at that, sarcasm often goes undetected.
Folks, Noscript will catch most Javascript exploits, but you should have a 'catch net'. AppArmor provides a 'sandbox' around any process you want. Firefox is a good example that I have written a how-to for creating an AppArmor Profile in Ubuntu 9.0.4 Read my blog here Be Safe. Dietrich T. Schmitz
Well, at this stage, no evidence Firefox is defective by design, or that this bug is a result of a design defect.
And thus the problem of slashdot tagging. The tags show up on articles as if they were part of its text or an officially sanctioned categorization of the article.
And yet the tags require no justification, and users who don't understand what some of the tags are normally used for often apply them liberally to articles that have nothing to do with the marking.
Take a look at some of the articles that get tagged DRM: "Ford To Introduce Restrictive Car Keys For Parents", "Massive VMware Bug Shuts Systems Down"
Last I checked, DRM wasn't a general word for all restrictive computer systems. Only computer systems that manage rights to digital content (music and video) by encrypting, preventing copying, and (sometimes) phoning home.
Aids is very dangerous virus that can strike anyone who has sex. A true danger.
But you are on slashdot. You ain't having sex.
Be honest, how many "odd" sites do you visit? How many slutty url's do you follow home?
The danger really depends on what you do. I know people who follow any link, open any email and click on anything in sight. It is amazing what they can do to an innocent virgin computer in just a week.
This bug is already highly overrated, lots of people have tried and so far it only results in crashes. Big whoop.
Most bots are not created by crafty code or even by clever exploits or social engineering. It is just put a file online named Harry Potter The half blood prince.exe online and people will happily download it, install it, click on all security warnings and then wonder why they can't get their movies and complain to their ISP that their movie service sucks (I swear to god, this really happens).
Here is a hint. A movie is more then 10mb. It does NOT have the .exe at the end. WMV is only used people to force a payload via an automatic codec install.
being safe is about using your brain, not relying on some script.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Again, I think the NoScript UI should be part of the core Firefox product.
Yes, there are many sites that require JavaScript. That's the point of NoScript--you can enable JavaScript for just the source domains you trust (e.g. Facebook), in a couple of clicks, and leave it disabled for all the other random sites you browse.
And of course, the NoScript functionality would remain off by default, so naive users wouldn't be confused by it. Just like the functionality to not download images is off by default.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Well, at this stage, no evidence Firefox is defective by design, or that this bug is a result of a design defect.
And thus the problem of slashdot tagging. The tags show up on articles as if they were part of its text or an officially sanctioned categorization of the article.
And yet the tags require no justification, and users who don't understand what some of the tags are normally used for often apply them liberally to articles that have nothing to do with the marking.
Take a look at some of the articles that get tagged DRM: "Ford To Introduce Restrictive Car Keys For Parents", "Massive VMware Bug Shuts Systems Down"
Last I checked, DRM wasn't a general word for all restrictive computer systems. Only computer systems that manage rights to digital content (music and video) by encrypting, preventing copying, and (sometimes) phoning home.
The result? The tags end up being regarded as "just someone's opinion" like all other content (both online and in major media) should be regarded until demonstrated to have a basis in fact. So I would call this a self-correcting system.
Offtopic: I wonder if it's unusual that I have never, ever, not once, added a tag and then reloaded the Slashdot page and seen my tag in place. This has been the case for both commonly-occurring tags and unusual "more creative" tags.
It is a miracle that curiosity survives formal education. - Einstein
I stopped using NoScript after they did shenanigans with Adblock Plus subscription settings. If they're going to do that sort of behind-the-scenes tomfoolery, what else are they up to?
DT
Is this thing on? Hello?
How about an update to the post, Soulskill. There are multiple Mozilla people here saying the report is incorrect yet the headline is propagating around the Web.
When was it reported to Mozilla (the actual people who'd have to see it to fix this)? What was the bug number?
If I report a Linux kernel bug by sending certified mail to my lawyer, and wait a year before I publicly release that information, does that mean the Linux kernel devs takes a year to fix bugs? Or just that I was an idiot that didn't tell anybody?
Plenty of those posts are about explaining what is actually going on, yet they are still tagged defectivebydesign.
Most of those could be argued to be hinting at the the Blu-ray-related DRM present in Vista and newer MacBooks.
No, none of them are. There are other articles about that, but the ones I picked aren't.
This site is full of double standards. This is the same website that is against copyrights when it comes to piracy because it gets them stuff for free, but for copyrights when it comes to a GPL violation because the GPL gets them stuff for free. Whichever is the self-serving position is the one that's adopted.
everyone complaining too much about that firefox 3.5.1 bug, just let the mozilla team do its bets to fix it
When I said "most of those" I meant the tag instance, not the articles. Again, you can't assume the tags were 100% serious.
Not only DRM is defective by design.
This is a security vulnerability caused by the need for faster code.
As the old saying goes: Good, fast, cheap. pick two.
If you can read this, I forgot to post anonymously.
See http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/ for more details, including specifics about how the bug affects different platforms and versions (worst case: unexploitable crash in OS X system libraries).
The primary difference being that bugs like this Firefox flaw are accidental and unintentional, whereas DRM is quite deliberate hence the "defective by design" nomenclature.
Of course it's deliberate.
Insert disk. The movie plays.
That's what sells the slim-line HTPC with Blu-Ray drive and the video card with HDMI out.
The geek rants on and on about the horrors of DRM while his kids are next door watching WALL-E on the 80" DLP. Everyone is happy. Life goes on.
ActiveX is running untrusted code from a hostile network with no sandboxing and with the full privileges of the user running the browser. Before a single line of code is ever written to implement this, you can predict in advance that this is an unsound idea which invites trouble.
It's not entirely untrusted. It either has to be signed, or the user has to explicitly state that they trust the source by confirming a dialog. Now, sure, it seems clear as day to us that this is totally insufficient. But that's only because of long experience with massive networks that's become ingrained into our psyches.
Remember, ActiveX was introduced in 1996. At that time, AOL had just become one of the biggest ISPs. The Internet was not something that ordinary people used. The entire idea of Internet viruses was only about eight years old. Botnets did not exist. Personally, I was eight, and I'm now entering graduate school.
Seriously, people. Watch out for hindsight bias, especially when it comes to The Enemy. Microsoft's error in ActiveX lay, if anything, in not retiring it aggressively enough. Even there, by the time the severity of their error was obvious, there was way too much existing content to just drop it. To say that they should have known that it would be disastrous, back in 1996 — that's just not reasonable.
(Posting as AC because of mod points.)
Hey, if she gets off on small and cute, who's to complain?
You mean, besides the problems that occur because Javascript was not really designed with security in mind?
The current bug under discussion is a programing error. It can be fixed.
The design of javascript has not been magically fixed.
So many of the flaws in the internet technologies were induced by people trying to hit an artificially early market window induced by Microsoft's snake-oil marketing claims.
Was waiting for the day that IE would be safer than FF, IE 6.0, here I come!
See what Mozilla has to say: http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/ In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability. On Windows, Firefox 3.0.x is terminated due to an uncaught exception during an attempt to allocate a very large string buffer; this termination is safe and immediate, and does not permit the execution of attacker code. In Firefox 3.5.x on Windows, the allocations are more robustly checked and no crash will result. On the Macintosh in Firefox 3.0.x and 3.5.x, a crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results. This issue is likely to affect any application using the recommended text-handling libraries on OS X. We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code. We recommend that other developers who use these libraries consider a similar practice, and we have added mitigations in the past for similar bugs in these libraries. As a result of our analysis, we do not believe that this represents an exploitable vulnerability in Firefox. Further, we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly.
"But I also think it's silly to assume and design for Javascript unless Javascript is the whole point of your site. There's so many sites out there that use Javascript for things like drop down menus and sometimes even positioning where CSS would suffice and not require Javascript support it's silly. To turn away 1 in 20 users doesn't seem the brightest idea unless you're building a web application where absolutely the only way to do what you want to do is to use Javascript.
Javascript shouldn't be a requirement for the vast majority of the web, only for those sites that truly need it." - by Xest (935314) on Sunday July 19, @02:31PM (#28748981)
Agreed, 110% - As a user, a user of a webbrowser (or, email program, or even Adobe .pdf files etc. et al (i.e. -> Anything is capable of running javascript in essence)) should ONLY use & allow javascript for sites that DEMAND javascript, for absolutely FULL function (&, only on sites you trust)...
APK
P.S.=> It appears we can agree on some things... lol! Because, I get "into that topic" myself, here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=f95071c12d0fc4e3d6b3c8b08dd8c05d&showtopic=2662
----
And people that've applied it have seen results like this (going on 2++ yrs. testimonial below, & no malware/trojan/virus/spyware/keylogger/worm infestations, period):
----
http://www.xtremepccentral.com/forums/showthread.php?s=97c1e368dad75689a8da7df5a0e97418&t=28430&page=3
"Its 2009 - still trouble free!
I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA user @ xtremepccentral.com
----
And, on the same note as your statements here - I get into nearly exactly what you say, for security's sake, in it's 14th post, in the guide above (stop the delivery boy, the package never gets there (in bad javascript on bogus websites &/or bad adbanners))... apk
I really started to wonder what kind of web this noscript lobby is browsing.
Every single damn bug found with every single lamer, they come here and lobby about noscript. I started to look for =referrer in URLs seriously.
If an updated browser (yes, I keep FF) can't work safely without turning off a central web feature, I move to another browser. Simple as that. Or, I use a decent AV solution which will have state of art heuristics enough to figure it out and stay away from random sites until bug fixed.
I use Omniweb now but Firefox has really became some kind of "internet operating system" these days with web services which would not exist if javascript didn't exist.
If one is that paranoid, there is no need for extensions. ANY site can be hacked for example to inject malicious code. Turn Javascript off and enjoy your nerd browsing.
Seriously, we aren't stupid, some of us are old enough to remember first javascript enabled version of netscape. Enough with noscript advertisements.
"Critical Security Hole in Linux Wi-Fi"...
*snip*
That tag is cheerfully applied to many, many stories about Windows or Apple bugs.
And linux bugs - not sure what your point is.
My pics.
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
Simply put, just because something is there does not necessarily mean it should be used. I have Flash, Java, and numerous server-side and/or client-side tools here. Some of them are mighty obscure due to the fact that I started coding back in the early '70's. I can use them, and for many I even have code generators that create nicely formatted, validated, compact code. I'd dare even say I might be more productive. However that does not mean that they are the right tool for a particular task.
The examples brought out as evidence so far would be far more efficiently coded using CSS and templates. That they are stupidly coded in JS is just as silly as using C# or Java to generate static content. Templates are more efficient and why Include was created in the first place! You are utilizing a dynamic language to implement a static output which is absolutely silly and it is highly likely to flummox both the search spiders and the intelligence {if any} in your web server. You do know how to code for higher efficiency on your web server, don't you?
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
Just turn off all scripting.
Problem solved.
It appears that over 90% of browser attacks are caused by exploiting vulnerabilities (bugs) in scripting code.
Turn off scripting, and you're not vulnerable to those attacks.
Of course, with scripting turned off, there are some things you can't do (like meta-moderate slashdot, thank you very much), but, for the most part, you don't need scripting at all.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Yes, you were an *idiot* who didn't tell anybody!
Not everybody is a Windows-using gamer, you know. I have not had a single issue with 3.5.
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Try counting the instances for each OS, and perhaps you'll see.
... on Firefox 3.5.1 / Windows XP.
Try counting the instances for each OS, and perhaps you'll see. ...that the majority of times the tag is incorrectly applied is for Windows? So why mention OS X or Linux at all?
My pics.