April 19, 2005 1:07 PM PDT

Firefox fans put new spin on browser protection

As security bugs swarm around the Firefox browser, volunteer marketers want to shore up the open-source project's security message.

With Monday's reports of the Mozilla Foundation's patches for significant new security holes that could let attackers install malicious code or steal personal data, Firefox partisans are finally acknowledging that the core sales pitch for their browser may be vulnerable.

"The versions of Firefox up to version 1.0.3 have had terrible security risks," wrote one participant for the volunteer Firefox promotion, Spread Firefox. "I think these security risks have undermined the promise of Firefox as a more secure browser."

While Firefox offers popular features like tabbed browsing that Microsoft's Internet Explorer browser doesn't have (third-party IE-based browsers do offer them), it has managed to take IE down a few notches in market share--primarily based on perceptions that Firefox is safer than IE.

As Firefox approaches the 50 million download mark, some participants have begun contemplating celebrations of that milestone. But others have begun to fret that security concerns are weakening what many see as the browser's primary raison d'etre.

Those concerns have sprung a major leak in the Mozilla's message that Firefox is more secure, as foundation President Mitchell Baker asserted at PC Forum last month.

"The cynical may note that two Firefox security updates have been issued since Mitchell made her comments," Mozillazine wrote in a Monday posting.

The Mozillazine discussion is one of many that have sprung up on Slashdot and other forums after recent columns in InformationWeek and in the IT Observer questioned Mozilla's security superiority.

Eyeing the wave of bad press, Mozilla's marketing volunteers are staying on message with the security theme.

One campaign under consideration would associate the open-source browser with the security of a condom, showing a condom wrapped with the Firefox logo sticking out of the rear pocket of someone's jeans.

"Always use protection," the ad copy reads. "GetFirefox.com. Firefox is the free Web browser that offers greater privacy and prevents pop-ups, spyware and viruses."

The image was developed for a college poster campaign, but was scuttled because of concerns over offending people, according to the blog of Mozilla staffer Asa Dotzler, who manages Firefox and Thunderbird product releases. Mozilla said that volunteers, and not the foundation itself, planned to revive the image.

Mozilla insisted, as it has in the past, that it enjoys fundamental security advantages over IE.

"Firefox is safer for a couple of reasons," said Chris Hofmann, director of engineering for the foundation. "With these security releases, the security development community that works

Page 1 | 2


Join the conversation!
Add your comment
The problem is this...
..... it appears Firefox has no ability to patch itself. So every bug fix requires a full install at this point.

This is no good.

It's going to become as tiresome as Windows and IE if there is a huge download / reinstall every other week.
Posted by mrogo (122 comments )
Reply Link Flag
yes, but ..
this is actually a good thing. a 4.7 meg download is no bigger then most windows update patches, and firefox's inability to just have patches change things within the browser makes it more secore, no fake updates, no spyware eventually learning to take adavantage of its patching system.
Posted by xpgeek11 (12 comments )
Link Flag
Firefox CAN patch itself
Get your facts right... see the little green icon at the top-right of Firefox's window? That means an update is available... click it, and Firefox will auto-update with no work from the user.
Posted by Anonymous1234567890 (53 comments )
Link Flag
Why is it . . .
that Firefox 1.0.x is compared to IE 6?

Firefox 1.0.x has been available for a few months, and has corrected some security problems that have surfaced (before they appeared as exploits in the wild) IE 6 has been out for years, and MS is still trying to deal with new (and existing) security problems that can (and are) exploited.
Posted by finman65 (17 comments )
Reply Link Flag
I have a thought
Perhaps that's because that's what the developers and early adopters have been doing all along. If you're going to play with Microsoft, you'd better be able to back up your claims with rock-solid proof, otherwise they'll either tear you to pieces or buy you. They're quite ruthless like that.

The rabid pro-Firefox crowd, while their devotion is admirable, needs to understand what their browser is not. Firefox is not the digital messiah. Firefox is not going to unseat Microsoft's domination of the Internet browser "business." Firefox is not going to become more than mainstream in its current form.

Granted, competition is good for the industry, but a little reality never hurts the optimistic.
Posted by Christopher Hall (1205 comments )
Link Flag
safer? ignorance.
[i]"Firefox is safer for a couple of reasons," said Chris Hofmann[/i]

Chris is playing on the ignorance that most people don't know about other browsers and only know about IE, so he can conveniently leave out the word "safer [i]than IE[/i]". But this only just confuses people who are led to believe that Firefox is safer than all the other browsers out there (Opera, Safari, iCab, OmniWeb, Konqueror, Lynx) which just isn't true and which also don't support ActiveX.
Posted by nrlz (98 comments )
Reply Link Flag
What Chris actually said...
...was in response to a question posed about Firefox vs. IE, as the previous paragraph makes clear:

"Mozilla insisted, as it has in the past, that it enjoys fundamental security advantages over IE."

You could fault the story for focusing too much on the two browsers at the expense of the others you cite, but you can't fault Chris for "playing" on anyone's "ignorance."
Posted by (23 comments )
Link Flag
Comment was from a non-participant on SpreadFirefox.com
The comment quoted in the article did not come from a Firefox "partisan." Its author has not made any other postings on SpreadFirefox, has not attracted new Firefox users in the past and as far as one can see hasn't participated in the community in any other way.

The CNet article used the comment to imply that active Firefox advocates have second thoughts about the browser, but nothing of that sort has been seen on SpreadFirefox. The site's forums allow anyone to register and post comments, so the posting could have been made by a Microsoft employee, the CNet author or any other person unrepresentative of the Firefox advocacy community.
Posted by behemot (4 comments )
Reply Link Flag
IMO, CNet's irresponsible reporting harms computer users
Running a story on the flaws without overtly mentioning the (already existing) patch keeps users in the dark and unpatched. I think this is irresponsible and unethical.

Don't go slamming someone else without taking a good look in the mirror first.
Posted by M C (598 comments )
Reply Link Flag
I'm not surprised
This wouldn't be the first (or last for that matter) article by CNET that twists the facts. Too bad it dowsn't twist the facts pro-opensource but rather contra. So hard to find some obiective news site when microsoft easily pays tons of $ so that it's products are put in the better light.
IMHO CNET is also part of the "Get the facts" FUD campaign.

And all you who believe these articles and switch back to IE, I'm not gonna stop you, the same way as I'm not stopping smoking people from smoking or suicidal people from comitting their last act.

Posted by (92 comments )
Link Flag
What more do you want ?
The second paragraph starts "With Monday's reports of the Mozilla Foundation's patches for significant new security holes......" how much more overt do you want the mention of the patches to be?

Personally, I'm having fun with Opera 8 right now & don't anticipate hitting the brakes, to go back to the slow buggy that is FF.
Posted by (409 comments )
Link Flag
take a deep breath and repeat after me...
Patching good, must patch, patching keeps me safe...
On a more serious note, having a full install rather then a patch is a lot easier for extension developers/users, since you know what is compatiable with your extension. It is a lot easier to say blah blah works with FF 1.03 or greater, rather then blah blah works with FF .10 with patches blah blah blah installed.
Personally I feel that the FF full update is small and transparent enough for most users to not be affected, also it is a reminder that a PC isn't a bury hea din the sand technology. Be it social or technological we should all do our little bit to keep ourselves safer...
Posted by stevejobless (40 comments )
Reply Link Flag
Failed to mention....
The author fails to point out that Firefox security holes are being taken care of long before they become a problem instead of waiting until they are being exploited as has been the case with the other browser.
Posted by petethechop (2 comments )
Reply Link Flag
Oh, look at that, there's a second page! Sorry, my bad.
Posted by petethechop (2 comments )
Link Flag
Mando asked me to forward his comments...
A friend of mine asked me to followup about the poster, since it was his <a href="http://mandolux.mine.nu/archive/2005/0327.html">recent desktop image</a> that lead Asa to release the original:

<blockquote>Hi! Thank you so much for the kind words. The original photograph is available
in 17x11 inches. And here is the direct link to the desktop:
<a class="jive-link-external" href="http://mandolux.mine.nu/archive/2005/0327.html" target="_newWindow">http://mandolux.mine.nu/archive/2005/0327.html</a>


As for the name: Mando Gomez | email: mandolux@gmail.com | www:
<a class="jive-link-external" href="http://www.mandolux.com" target="_newWindow">http://www.mandolux.com</a>

Best wishes. Mando<br clear="all" />

P.S. The stock photo of the image in the desktop is <a href="http://www.istockpro.com/file_closeup.php?id=238543">available</a>.
Posted by chrismessina (1 comment )
Reply Link Flag
Welcome to the bandwagon :)
Hi C|net and welcome to the bandwagon!

Everyone on this bandwagon belives that firefox, a project which is entirely profit free, and is open source (meaning that people are free to reconfigure the coding and redistrobute), and which is run entirely by volunteers, and which has managed to get over 46 &gt;million&lt; downloads since its release a few months ago, and which holds an enormous percentage of the browser market for considering it doesn't come bundled with an OS that 95% of the world use, is full of holes and security liabilities.

The fact that firefox works differently to MSIE (it infact runs of the Gecko engine) doesn't make it more secure at all. We try and ignore the fact that this means virtually all malicious code designed for internet explorer doesn't work on this browser. ActiveX controls are disabled by default, but who cares? Most people aren't even aware of the threats ActiveX can pose. Plugins have to be enabled per site rather than disabled per site, but surely this doesnt mean anything.

Firefox has a massive community, full of extensions which perform a range of tasks such as automated weather reports, built in search bars, quick searches, RSS support, mouse gestures and the like, which the IE 'community' couldn't dream of having, atleast as effectivly. But who cares?

Lets all jump on the slag off Firefox and the Open Source community bandwagon :)

No, C|Net.
Posted by orangeacid (3 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.