You're entirely correct that this is a difficult bug to report. I suggest working with Firefox Support people, who may be able to help you narrow down the problem enough to file a bug report.
Alternatively, you could try this very alpha. Firefox 3.6 is shaping up to be a performance-focused release. Attention is focused on mobile devices that have both extremely low CPU power and fairly low bandwidth, but many of the improvements will help everywhere.
(You don't happen to be using proxy autoconfig, do you?)
You can't really filter out Flash unless you also filter out zips, javascript, and data: URIs. You're breaking Pandora without actually protecting your users from being exploited through Flash player.
Firefox and IE are the targets of the trojan once it already has control over your computer. That doesn't mean they are "vulnerable" or are in need of patches.
Only the last link in the Slashdot article discusses how these attackers gained control over your computer:
After redirection, the exploit payload site returns highly obfuscated malicious code. The malicious code attempts to exploit MS06-014 (targeting MDAC) and CVE-2006-5820 (targeting AOL SuperBuddy), as well as employing exploits targeting Acrobat Reader and QuickTime. The MS06-014 exploit code will download a Trojan dropper with low AV detection rate. This dropper drops a dll with the name SOCKET2.DLL to Windows' system folder. This file is used to steal user information. The malicious PDF file, served by the exploit site, also has very low AV detection rate.
So, basically an IE hole that was fixed in 2006, plus a handful of plugin vulnerabilities. They didn't even bother looking for an old Firefox vulnerability to exploit, perhaps because too many Firefox users are up-to-date.
Approval processes and the GPL philosophy do not work well together.
If I'm running GPL code on my Wii, but Nintendo won't let me run a modified version on my Wii, I feel like I am being denied the ability to adapt the code to my needs. This is similar to the "Tivoization" concern that GPL version 3 tries to address.
Could it be that Apple does have security improvements in Snow Leopard, but isn't talking about them yet because they don't want people shouting "OMG Leopard is insecure"?
You're correct that filing a "Firefox crashes all the time!" bug with no other information won't help. But you could try your luck with a stack trace in place of steps-to-reproduce. Sometimes that's enough information to understand and fix the bug. Depending on your platform, you may be able to get stack traces for your recent crashes by visiting about:crashes.
Just make sure you don't get caught downloading the iraq war. With all the money they put into it, I don't think they'd be happy to find it being torrented.
Or, in the case of "intelligence" captchas, people from other cultures. One particularly obnoxious site I went to had all questions about rap music and American sports.
Maybe they're trying to keep intelligent people out.
Sometimes, Craigslist's functionality is a little too basic.
* When I got rid of my old sofa, I would have liked to have some kind of auction-like interface. I put it in the "free" section because I had no idea what I could get for it, but someone called and offered me $50 after another person was already on their way to pick it up for free. Next time, I think I'll just post with the sentence "I'll give this away for free or to the highest bidder".
* When I was searching for apartments, I would have loved to have a map. There are a few sites (such as housingmaps.com) that try to integrate apartment listings with a map, but many listings are missing from the maps and many of the listings on the maps are already gone. So I had to click dozens of listings and paste each address into Google Maps to figure out whether it was close enough to my office. I found one but it took a lot more clicking than it should have.
I'm not asking for "flashiness", just well-organized information.
Integrating these new lightweight extension mechanisms is a move back toward being simple and extensible, IMO. Creating a full-blown Firefox extension is not trivial, but currently that's the only way to extend Firefox unless your target audience already has Greasemonkey or Ubiquity installed. Making extensions easier to write, and allowing extensions to be simpler, will make Firefox leaner in the long run.
Search should be simple: give the user what they are looking for.
That's a simple way to state the goal, but it takes a lot of clever algorithms to achieve it. If your search results are irrelevant, spam, scams, or largely duplicates, you didn't get what you were looking for. And if a web site takes over your computer as soon as you visit it, you really didn't get what you were looking for, hence the interstitial warning page.
Oh. In that case, I wonder what this shock site is doing.
(We also consider writing to the clipboard to be a security hole in Flash -- what if you were in the middle of copy & pasting from one Terminal.app tab to another, and the site copied some shell code followed by a line break character?)
Slashdot Mirror
To be fair, not many humans are Einsteins either.
You're entirely correct that this is a difficult bug to report. I suggest working with Firefox Support people, who may be able to help you narrow down the problem enough to file a bug report.
Alternatively, you could try this very alpha. Firefox 3.6 is shaping up to be a performance-focused release. Attention is focused on mobile devices that have both extremely low CPU power and fairly low bandwidth, but many of the improvements will help everywhere.
(You don't happen to be using proxy autoconfig, do you?)
Versions of Firefox before 3.5 ignored the spec on this point, and allowed *.mozilla.org to match foo.bar.mozilla.org. See https://bugzilla.mozilla.org/show_bug.cgi?id=159483
I wonder if it's possible to get certs like *.*.mozilla.org.
You can't really filter out Flash unless you also filter out zips, javascript, and data: URIs. You're breaking Pandora without actually protecting your users from being exploited through Flash player.
Perhaps. But I can only assume the same is true of "AOL SuperBuddy", because I've never even heard of it, and they targeted it.
The power of a machine doesn't matter for affiliate-program fraud.
Firefox and IE are the targets of the trojan once it already has control over your computer. That doesn't mean they are "vulnerable" or are in need of patches.
Only the last link in the Slashdot article discusses how these attackers gained control over your computer:
So, basically an IE hole that was fixed in 2006, plus a handful of plugin vulnerabilities. They didn't even bother looking for an old Firefox vulnerability to exploit, perhaps because too many Firefox users are up-to-date.
Approval processes and the GPL philosophy do not work well together.
If I'm running GPL code on my Wii, but Nintendo won't let me run a modified version on my Wii, I feel like I am being denied the ability to adapt the code to my needs. This is similar to the "Tivoization" concern that GPL version 3 tries to address.
Yes, but it's buggy and blocks your comment too.
I'm not a big fan of tax credits. Why not subsidize the cost of kids' soccer instead?
Can you give me an example of what governments can do to encourage parents to care about their kids' lives?
Could it be that Apple does have security improvements in Snow Leopard, but isn't talking about them yet because they don't want people shouting "OMG Leopard is insecure"?
That could be solved with a change in culture where every office has a shower.
Or a change in culture where helmet hair is seen as stylish, meaning that you're healthy enough and smart enough to commute by bike.
You're correct that filing a "Firefox crashes all the time!" bug with no other information won't help. But you could try your luck with a stack trace in place of steps-to-reproduce. Sometimes that's enough information to understand and fix the bug. Depending on your platform, you may be able to get stack traces for your recent crashes by visiting about:crashes.
Just make sure you don't get caught downloading the iraq war. With all the money they put into it, I don't think they'd be happy to find it being torrented.
I intended my question to be about the OS, but now I see that it was ambiguously worded.
How are you going to keep it secure without getting patches for newly discovered security flaws?
Or, in the case of "intelligence" captchas, people from other cultures. One particularly obnoxious site I went to had all questions about rap music and American sports.
Maybe they're trying to keep intelligent people out.
Sometimes, Craigslist's functionality is a little too basic.
* When I got rid of my old sofa, I would have liked to have some kind of auction-like interface. I put it in the "free" section because I had no idea what I could get for it, but someone called and offered me $50 after another person was already on their way to pick it up for free. Next time, I think I'll just post with the sentence "I'll give this away for free or to the highest bidder".
* When I was searching for apartments, I would have loved to have a map. There are a few sites (such as housingmaps.com) that try to integrate apartment listings with a map, but many listings are missing from the maps and many of the listings on the maps are already gone. So I had to click dozens of listings and paste each address into Google Maps to figure out whether it was close enough to my office. I found one but it took a lot more clicking than it should have.
I'm not asking for "flashiness", just well-organized information.
I got five last-generation Mac Minis and each one came with a remote. So now I have a stack of Mac Minis and five extra remotes.
I believe the argument is that it's worse than increasing income taxes (which are progressive) by a similar amount.
What the heck does that mean?
Integrating these new lightweight extension mechanisms is a move back toward being simple and extensible, IMO. Creating a full-blown Firefox extension is not trivial, but currently that's the only way to extend Firefox unless your target audience already has Greasemonkey or Ubiquity installed. Making extensions easier to write, and allowing extensions to be simpler, will make Firefox leaner in the long run.
Geez, is that why cable TV is so expensive compared to buying a couple of shows on iTunes?
That's a simple way to state the goal, but it takes a lot of clever algorithms to achieve it. If your search results are irrelevant, spam, scams, or largely duplicates, you didn't get what you were looking for. And if a web site takes over your computer as soon as you visit it, you really didn't get what you were looking for, hence the interstitial warning page.
Oh. In that case, I wonder what this shock site is doing.
(We also consider writing to the clipboard to be a security hole in Flash -- what if you were in the middle of copy & pasting from one Terminal.app tab to another, and the site copied some shell code followed by a line break character?)