Comments on: Mozilla offers temporary fix for Firefox flaw

The patch protects against exploitation of a serious flaw by disabling the browser feature that contains the vulnerability.

It's easy to fix,...

...if you don't need to use international domain names (i.e. most users that use a language from Western Europe).

From the article "...to manually disable IDN: type 'about:config' in the address bar, hit enter; type 'network.enableIDN' in the filter toolbar, hit enter; right-click the 'network.enableIDN' item and select toggle to change value to false."

[Des Alba]

You can Toggle it...

back and forth whenever you need to. It's advisable to keep the value at False because the challenge will be irresistable to some people to see if they can waltz through your system...

[M C]

If a flaw is never exploited...

...does it make a sound?

On Cnet it does!

[SmokieUK]

Pee Off

So vulnerabilities shouldn't be reported unless they're exploited? I'm fed up of people like you, always putting CNET down with your "this isn't news" etc. Hello? It's a [b]tech news[/b] site!

If you don't like reading CNET then go away!

[zizzybaloobah]

Which is better?

Firefox, not quite 1 year old, 3 out of 22 Secunia advisories is marked as "Unpatched" in the Secunia database.
or

IE, not updated in years, 19 out of 85 Secunia advisories is marked as "Unpatched" in the Secunia database.

I've yet to switch anyone to Firefox and later find they've reverted back to IE, or that spyware, adware, and other annoyances have returned.

No matter how many times I clean up a PC, if the users insists on using IE, the problems return.

(BTW, Opera is 0 for 7 unpatched)

[Nathan Lunn]

Just as important to note...

I.E. 6.x criticality (based on 69 advisories and not the full 85 current advisories)
Extremely 14%
Highly 29%
Moderately 20%
Less 14%
Not 22%

Taken from http://secunia.com/product/11/

Firefox 1.x criticality (based on 22 current advisories)
Extremely 0%
Highly 23%
Moderately 36%
Less 32%
Not 9%

Taken from http://secunia.com/product/4227/

*Another* security flaw?

I think firefox is starting to find out that it's not so easy to keep its browser secure once it starts getting actual market share and adding more advanced features.

I tried firefox, but eh - while its functional and I still use it on occassion, I still prefer IE under XP SP2.

[unknown unknown]

Reply

I don't know that rate at which flaws are found have increased but when they are, they get more publicity.

This isn't the first time IDN has caused problems, it's been a problem in just about every major browser at some point (at least the one that support it). Fortunitly Firefox is extremely configurable and customizable so that problem features like IDN can be turned off or modified until a full blown patch can be created. If this was a flaw in IE you'd have to wait for patch tuesday.

Microsoft's development of IE is allowed to stagnate until someone starts taking market share then they play catch up.

[hion2000]

Expect it

Firefox's greatest strength over Internet Explorer and Opera is that its Open Source. It is far more likely to find security vulnerabilities since the source is freely available. This is may seem like Firefox isn't secure, but every new flaw found and fixed pushes the next version of Firefox to a newer high in security.