securityfocus.com — This weakness has been known since June but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5. So why did they release 2.0 without a fix? If "security" is what makes FireFox better, how do we explain known vulnerabilities unpatched on major releases?
Oct 29, 2006 View in Crawl 4
mbthompsonOct 29, 2006
As said above:"Firefox devs have been stating over and over: this is no longer a vulnerability. It *was* fixed in 1.5.0.5. What remains is a crash, which is a DOS, not a vulnerability."Marked as inaccurate.
Closed AccountOct 29, 2006
The second test crashed IE7 as well as Firefox.
hellfire51Oct 29, 2006
If you go to the Proof of concept, it even says that the first testcase is totally fixed (does not crash Firefox nor represent a vulnerability) and the second testcase still results in a crash but no remote code execution. Marked as inaccurate.
Closed AccountOct 29, 2006
If someone posts an inaccurate article about your closed-source Opera, you'd get your panties in a bunch, so stop being a tool.
akinderOct 30, 2006
So, can you understand C++ then? Have you ever looked at the Mozilla code or even tried to compile it? Thats what I thought.The open source idealogy is great on paper, but unless you're teaching everyone C++ and software methodology along with it, it's worthless unless you're an uptight elite programming prick. Which, 90% of OSS adopters seem to be.
maninblac1Oct 30, 2006
@jgruberWell it's nice and all that you think this way. But this is not how the world works, specifically, this is not how america works.You work for a living right, you get paid for your services and expertise, and that makes you no different than the "corporations" that you claim must be toppled by the open source movement.Let us face cold hard reality, it's painful i know, but everyone comes this point in their lives. Our country is built on capitalism, we pay for the best, because it's the best, or we use the cheapest because it's cheapest.The computing world you suggest is a communist one, and while it's true that communism can work, it can not work on a large scale. Linux is not large scale because of this, i mean honostly, how on earth can microsoft beat the price of "FREE" for a comparable product, it can't. So why aren't the masses fawning over linux, Ubuntu, even SUSE and mandriva have made for quite capable "relatively" user friendly environments. There's a good reason to use linux, yet few people do. Why?Well the answer has been mulled over a thousand times on digg, but all those comparison's don't matter.There's a few key differences, first is accountability, closed source always has an owner...someone who is responsible for the product, open source can often be impossible to determine who did what, so who is accountable when something goes wrong. Who do you blame when the traffic controller powered by linux causes a 13 car and 20 death accident. The other is trust, which goes hand in hand with accountability. This may seem like a backwards argument, but understand how the consumer thinks. In open source anyone can contribute, just about anything they want, good and bad. Those who aren't smart enough to read the code and find the bad well, they must trust the developers to not be doing things that they shouldn't be. Closed source, they can't even read the code, but there is a group of people overseeing that ensuring it's quality, so if there is something that shouldn't be there, at least the consumer knows who to sue.Open source if a lovely fluffy cuddly thing, but it doesn't make a good business model. Look at google, sure it all looks free, but you miss the business model underneath because of the ad-blocking.
creativewarriorOct 30, 2006
This has been fixed by firefox already even before the release of FF 2 . These and other FF 2 issues along with the IE 7 issues have been written in this article. <a class="user" href="http://infopowered.blogspot.com/2006/10/ie-7-and-firefox-2-vulnerabilities.html">http://infopowered.blogspot.com/2006/10/ie-7-and-firefox-2-vulnerabilities.html</a> If you check it you would see that this particular issue brought forward by bugtraq was already addressed and taken care of and even secunia has reported it as a zero issue now. The link to the secunia report on the bugtraq issue is also in that article.
subgeniusdOct 31, 2006
Checked the exploit link:"CONGRATULATIONS!Your browser is probablyNOT VULNERABLE, or yourcomputer is too fast."Opera 9.02. CPU only 1.2Ghz. Panties unbunched.