Comments on: Firefox fix plugs security holes

The update fixes a vulnerability that could enable an attacker to create a fake Web site for a phishing scam.

Wha Wha What????

I thought the almighty Firefox was flawless in its security. What gives Firefox. Don't talk the talk if you can't walk the walk.

[System Tyrant]

Hey stick with Microsoft.

If you think Microsoft is so great then stick with them. Oh, and enjoy having to call Microsoft to get their permision to use your computer as well.

Have a nice day :).

Ignorance

"Don't talk the talk if you can't walk the walk."

Don't be a child. Mozilla didn't actually have to try and "fix" anything, seeing as how their software was not to blame for ignorant people falling for phishing scams. People have to learn to use PCs properly for all these types of things to stop all-together, until then you'll have companies like Mozilla trying to placate the masses even if they're not at fault.

[sanenazok]

Go back to your blocks

It's nappie time anyways.

[Ubber geek]

almighty Firefox

http://www.analogstereo.com/fiat_punto_owners_manual.htm

[feranick]

100% safe software doesn't exist

No software is 100% secure by definition. It's basically impossible to develop an application that is bug free. But this is not the point. While it took months Microsoft to produce an update on IE6, and other monts will pass before we can all benefits from further fixing, the mozilla foundation spent about two months for this. Also the IDN sucurity problem is not limited to Firefox. All non-microsoft browser are affected by it by virtue of the plugin they use. IE6 is not affected because it doesn't have such plugin.

[System Tyrant]

I'm not sure..

that it was actually a programming error. As I recall it was implimented the way the standard called for.

[TomTester]

This "hole" was fixed already

This "hole" (correct implementation of a standard abused by people with less than honest intentions) was fixed the same day, see http://tinyurl.com/5lq69

Feel free to continue use of IExplorer... I know I sleep much better since I stopped doing so.

[Kelson]

This is a better fix

The "same-day" fix involved disabling IDN entirely. What FF does now is to display the raw URL in the location bar instead of the decoded URL. It'll be really obvious you're not on paypal.com when you see "xn--paypl-7ve.com" in the toolbar.

It's still a workaround, but at least legitimate IDN-based URLs and links will still *work,* even though they won't appear correctly. People who use IDNs regularly who are willing to risk this flaw can enable the proper display with a hidden preference.

The *right* solution, of course, is for domain registrars to disallow registration of domain names that look identical to existing domains. Given how hard it is to get people to agree on acceptable enforcement of trademarks, I don't see this happening anytime soon, which is why the browsers are rushing to "fix" it on their end.

[Dibbs]

yay!

you know what? i'm glad FF just fessed up and fixed this instead
of hiding it for months. i wish MS and Apple would do the same.
at least Apple has fewer problems.

[sanenazok]

No plugin problems or theme issues

I just wanted to let people know that I had no theme/extension issues after upgrading. I know pre 1.0 FF would run into compatiblity whenever you upgraded.

[AndiC1977]

firefox 1 check for updates fails

firefox 1 for win32 (not checked other ports) check for updates, to say firefox is out of date and 1.0.1 is there to download, ... fails.

anyone else noticed this?

[Prndll]

hhhmmm...

What is the differance between:
A) Two websites sharing nearly identical domain names - one being legit and the other not so legit

and...

B) Two versions of a song - one in CDA on a cd bought at Walmart and the nearly identical version in MP3 downloaded from the net

I see no differance at all. Though, B is looked at as criminal and A is looked at as nothing more than a nuisance. They are pretty much the same kind of thing though. Why are the owners of the legit sites NOT submitting lawsuits? Why are the fake sites allowed to exist? A song has a copy right and so does a trade mark...in this case, part of the trade mark is the website.

but seriously....
There are too many people using Firefox under the assumption they are safer. LOL... Sounds to me like this situation has actually helped to create a bug for Windows users (as if they needed any help). Ok, so it was takin care of fairly quickly. I'll give'm that. But, the fact remains, you still can't seperate IE from windows (even though MS says they now can). If you using Windows, your using IE. The use of Firefox makes no differance. You just end up with a differant GUI and maybe a few more bells and whistles.

As far as standards go...
These so called standards are alot of the problem too. In many cases these "standards" are helping to make problems worse.

So much of this is the fact that these browsers are processing the code on the websites that really need to be ignored. That, and people really need to start actually learning something about how and why computers do what they do. The will of the end user to learn would go along way to either solving this or destroying it.

[Willy Wonker]

It really tweakin up now

This update is must. It like 10 times better than 1.0 FF. It getting closer to being beyond IE.