Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

← Back to Stories (view on slashdot.org)

Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

Posted by timothy on Friday February 12, 2016 @01:08AM from the one-hand-behind-back dept.

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."

10 of 288 comments (clear)

Min score:

Reason:

Sort:

Re:what? by sittingnut · 2016-02-12 01:15 · Score: 4, Insightful

correct that to "open source sell out", for that is what firefox is
Re:what? by sittingnut · 2016-02-12 01:24 · Score: 5, Insightful

to add to my above, those who are in charge of firefox no longer interested making its core product better and secure. it is interested market and marketing, bowing to establishment ideology and legalese, etc etc
Re:what? by Anonymous Coward · 2016-02-12 01:31 · Score: 3, Insightful

move those goalposts...
Can't expect Firefox to be secure by Anonymous Coward · 2016-02-12 01:37 · Score: 5, Insightful

The FF developers don't have the time for that, they're far too busy destroying the user experience just a little bit more with each release.
It takes a lot of time and effort and great skill to ruin what used to be the best browser you know, it doesn't happen by itself!
(I just wish I were joking. Unfortunately they have the Microsoft disease of "The UI must change with each release to show that we're doing something". It's mind-boggling in its insanity, and it annoys their supporters continually. If they hadn't touched the UI in the last 5 years and devoted all their energy to security and performance instead, FF would still be the leading browser today.)
1. Re:Can't expect Firefox to be secure by Anonymous Coward · 2016-02-12 02:19 · Score: 3, Insightful
  
  Removing cookie management features was the last straw for me. That is an essential feature for browsing the modern web. It's simply bewildering they would remove a critical ability while simultaneously adding weird social media things.
Re:what? by Carewolf · 2016-02-12 02:25 · Score: 5, Insightful

+5 funny. Firefox drops every year at Pwn2Own. So that "superior security" doesn't seem to actually amount to much in real life.
All the browsers fail every single year.
Re:what? by naris · 2016-02-12 03:38 · Score: 5, Insightful

Something being open source has never, ever meant that it is more secure. That is a myth propagated by open source zealots. Open source only means that, the source can be viewed, and most likely changed, by anyone. Open source zealots assume that means it is rigorously vetted by security experts to find any flaws and fix them, which is a huge assumption that mostly likely is not true for most projects.
Re:This is a big bitchslap to Mozilla by arth1 · 2016-02-12 04:33 · Score: 3, Insightful

Yea, Chrome gets a bad rap for how much resources it uses but, it actually has a good reason and, as you pointed out, if it starts hitting your system's ceiling, it starts scaling back.

That's not acceptable. A web browser isn't the only, or even main thing I use my computer for. I don't want my VM to be unable to start because Chrome has used all the memory it could find, less a small bit.
It's not cooperative. It assumes that all memory available has been made available for it only.
Chrome is like a self-serve cafeteria where some people are gluttons who hog all the food, and latecomers only get crumbs. It might be legal, but it sure isn't playing nice. We shouldn't have to have guards standing at the food stations to prevent greedy bastards from ruining the experience for others. Taking all the biscuits and putting one or two back isn't generosity.
Firefox isn't much better. One of my users forgot to close a browser window on a server before going on vacation, and just periodic auto-refresh had caused it to gobble up a quite a few gigabytes of RAM - a large portion of the server's RAM. The server has extra RAM because of disk caching, to the benefit of all users. I ended up having to implement cgroup memory limiting because of Firefox.
Re:what? by Carewolf · 2016-02-12 07:04 · Score: 3, Insightful

All the browsers fail every single year.
Yes but out of Firefox, Edge, Chrome, and Safari, Firefox fails more often every single year. Actually it's typically up with IE, and we all know that IE is a model browser for internet security. /sarcasm
Safari is the browser the fails the fastest and most regularly. Google Chrome is second.
It is assumed because it is pwn2own, and people attack Safari first to win a MacBook.
Re:what? by shellbeach · 2016-02-13 01:14 · Score: 3, Insightful

A true open source project is driven by the community, not by the maintainer alone
Wait, you just make up definitions on the fly, post as AC, and get modded up for it? A true open source project is a project whose code is freely available. That's all.
As for community contribution, firefox looks reasonably healthy to me: https://github.com/mozilla/kit...
Compare that to Pale Moon, which you praise: https://github.com/MoonchildPr... ...
Pale Moon has fewer contributors and a much higher volume of commits coming from a single dev. Not that this is bad -- they're both true open source projects, and different projects have different numbers of contributors.
Maybe instead of whinging, you could learn to code and contribute too?