digg

Facebook Connect Join Digg About

Mozilla Rebuts Firefox 2 Bug Reports

news.com.com A day after shipping Firefox 2.0, Mozilla on Wednesday largely rebutted two claims of security flaws in the latest version of the Web browser.

Who dugg this? Made popular Oct 26, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

41 Comments

show profanity settings
expand all
  • pbaehr, on 10/12/2007, -2/+24@rolosworld:

    Your amazing script was no match for Firefox's NoScript plugin.
  • Weav, on 10/12/2007, -2/+13Good thing I can just Restore my Session!
  • Dyazwa, on 10/12/2007, -1/+10I think you've got the idea down pretty well.
  • procdaddy, on 10/12/2007, -5/+14why are we all so anti-insects? :(
  • ngmcs8203, on 10/12/2007, -5/+13Rolo that breaks ie7 also... so your spam is lame.
  • honds, on 10/12/2007, -1/+6Hold down enter and press backspace will trigger Firefox's "back" feature while closing the alert()s at the same time. Then close the final box and poof, no noscript yet didn't crash me. Amazing.
  • ngmcs8203, on 10/12/2007, -2/+6iq70... just like your friend rolo up there, this crashes ie7 as well. It doesn't close the session, just locks it up.

    And Weav... yes good thing i can restore my session also.
  • TheZorch, on 10/12/2007, -1/+5No web browser is 100% safe. It is scientifically impossible to make one that is. Even Lynx has small security bugs.

    However, certain browsers are safer than others. IE7 still has ActiveX embedded in it, supposedly its turned off, but could be ways for a hacker to turn it back on without you knowing. Firefox, Opera, Konquerer, Safari, and Lynx do not use ActiveX. None of them are 100% safe, but when compared to IE they are much safer and they are far more standards compliant.

    As of right now only Opera and Safari can pass the Acid2 test.
  • IQ70, on 10/12/2007, -1/+4FF2.0 was supposed to not have that bug when released. It is a bug, so call it a bug. Why are you people defending a valid bug? Anyone can turn off scripting in IE/Opera too and prevent that bug.

    And no its not the same as on IE/Opera. On FF that bug deletes your clipboard via memory corruption.
  • pbaehr, on 10/12/2007, -1/+4@rolosworld:

    Your sarcasm detector is equally amazing. ; )
  • akinder, on 10/12/2007, -0/+3Im sorry, does this have ANYTHING to do with Internet Explorer? No. Stop being a fanboy.
  • Hubris, on 10/12/2007, -1/+3Security experts are going to line up to be the first to discover a security flaw in FF2, they'll get lots of press when they do.
  • xdevit, on 10/12/2007, -0/+2I switched back to 1.5.
    For some reason 2.0 would not launch sometimes, it would make a process but never appear. Also it had crashed 3 times and one of those time my whole pc was locked up. Now i don't know if 2.0 was the cause of that but it was the only app i was running.
  • ronin2040, on 10/12/2007, -1/+3@rolosworld
    (re: the "DOS")
    Not really a true DOS, since you can actually close it by hitting enter and then ctrl w right away...I assume backspace would work as well. I suppose it should be fixed, tho, since its along the lines of a popup that gets past popup killers--an annoyance that needs to be squashed.
  • merce, on 10/12/2007, -1/+2The same can be said of IE7. Compared to all the other changes, the rendering engine only received minor enhancements.
  • SteveMax, on 10/12/2007, -0/+2I find it amazing that a major version number increase in the browser didn't come with at least a minor number increase in the rendering engine.
  • KriLL3.2™, on 10/12/2007, -1/+3Firefox 2.0 still uses gecko 1.8, same as 1.5 did, Firefox 3.0 (Q1 2007) will use 1.9, it will most likely pass Acid2.
  • ArchieAndrews, on 10/12/2007, -2/+3I don't presume to know the nature of the bugs that these "go here and watch FF die" links are displaying, but the article seems centered on 2 security flaws. Are these example urls in the comments the same kind of bug because they don't look like it to me.
  • Escamillo, on 10/12/2007, -0/+1Are you saying that those non-IE browsers don't use binary plug-ins of any kind? No? Then who cares whether my Flash or QuickTime plugin is an ActiveX control or a Mozilla plugin? What's the difference that one would be horrible while the other not? The fact is, there's nothing preventing one from writing a Mozilla plugin that is malware.

    ActiveX's danger was that it included functionality that allowed automatically downloading ActiveX controls when needed (if OK'ed by the user, but users being idiots, blindly OKed malware controls, even though they aren't digitally signed). That particular aspect of ActiveX is what's been shutdown. So as of now, ActiveX is no different than any other binary plugin wrt security.
  • SteveMax, on 10/12/2007, -2/+2while(1)alert("Lamest Denial Of Service!");

    Lamest DOS indeed....
  • kidd3ckz, on 10/12/2007, -1/+1@Digg'scrappyreplysystem or @imtoostonedtoclickproperreplybutton

    And in case you have no page to go back to... press CTRL+F4 to close the tab after you press OK (or before i'm not really gonna test that further)

    That isn't a bug btw.... its a feature. Infinite while loops don't always equal EVIL HAXORING ACTIONS such as this, they are easy to break from if conditions are met especially if you are dependant on multiple conditions.
  • wvdavis, on 10/12/2007, -1/+1Notice that all of the guys pictured with Window have this dazed look on their faces.
  • JaredRR, on 10/12/2007, -3/+3Security bugs aside, FF has been crashing a ~lot!~ on my Mac since the last RC. 2.0 is better, but it's still died at least a dozen times today. :(
  • otip, on 10/12/2007, -1/+1@IQ70: NoScript FTW.
  • RobertBradbury, on 10/12/2007, -1/+1Firefox 2.0 is just like Firefox 1.5.0.4-7 -- NOT READY FOR PRODUCTION USE!
    I managed to produce 3 core dumps and file 3 Talkback incidents in the first half hour of using it. All you have to do (under Linux) is use "ulimit -Sv ###000" to limit the amount of virtual memory to ### MB. Depending upon how many extensions you have installed it generally crashes when its memory usage hits between 100 and 120 MB of memory. This will crash it quickly. You can set your limit to 1.3 GB and push it up into that range of memory consumption over several days of normal use (50-100 windows, 300-700 tabs) and it will dump at that level as well (of course taking 30+ minutes to restore its state when you restart it -- grrrrr...).

    Production level software fails gracefully when it hits system limits (close a tab, close a window, print an error, etc. -- it doesn't abort the program completely)! Firefox (at least 1.5.0.7) doesn't handle its heap memory properly over days of use to avoid memory fragmentation (I can push it up to 1.2 GB, exit it and restart all of the same windows & tabs and have it consuming 800MB). Until the memory limit core dump and excessive memory usage problems are fixed it should be presented as a "toy" browser.
  • x713, on 10/12/2007, -2/+1I don't know about all of you but that link that he gives... I have tried it many times and it never has crashed Firefox for me.
  • SteveMax, on 10/12/2007, -2/+1Exactly. It's not like Gecko or Trident are already perfect in dealing with currently published standards, and need no further improvements.
  • rolosworld, on 10/12/2007, -2/+1pbaehr, ;-)
  • inactive, on 10/12/2007, -2/+1By the way, what kind of name is Window Snyder (Cheif Security Officer at Mozilla)?

    Doesn't stop her from being a hottie though:

    http://www.securite.org/csw/core03/49.jpg
    http://photos.hackinthebox.org/albums/Day-2/DSCN0028.sized.jpg
    http://photos.hackinthebox.org/albums/Bellua-Cyber-Security-2005-Jakarta/DSC_0071.sized.jpg
  • DDoSAttack, on 10/12/2007, -3/+2Ok I waited and I decided that nothing was going to happen. Then I decided to take a quick look at the source code...

    Then I realized that AHA this is why I run NoScript

    So in YOUR ***** EYE!!!

    How is it that creating a big ass never ending loop Mozilla's fault? Maybe this is why they attempted to implement the whole "A script is taking too long" thing.
  • dkoon, on 10/12/2007, -4/+1it's illogical when you compare two pieces of software, you look at the companies' history instead of the software.
  • NSMike, on 10/12/2007, -4/+1And why is that illogical? If a company has a history of putting out software that tends to favor the company's own interests over the interest of the user, why should I trust them to change their tune?

    If another company has a history of putting out software with fewer security leaks, fewer bugs, and more integrated features than the other leading product, why shouldn't I trust them?

    Blindly marching with a company without considering their history AND without testing the software yourself is illogical, but to ignore history is foolish.
  • Dyazwa, on 10/12/2007, -3/+0I am also much more willing to support a company that is constantly trying to stay on the cutting edge with features for their browser, as opposed to a company that only adds features because the underdog is getting a little more attention than expected. Let's not forget that this is the first new version of IE since 2001. Would they have even bothered if the new kid on the block wasn't making them look like fools?
  • NSMike, on 10/12/2007, -5/+1Well, let's see here... Firefox 2.0... Internet Explorer 7.0... Who should have more bugs ironed out, and more features here? People are willing to tolerate more from a company only in the second version of their software which served better than IE, than someone in their seventh with a history of bugs and security risks. Which I don't think is entirely illogical.
  • Wilson, on 10/12/2007, -6/+1Weav: Except if somebody (malicious) is exploiting that on page load, restoring your session would restore the page that crashes Firefox on page load as well! Thus why you are provided the option to not restore your session as Firefox starts after a crash.
  • dkoon, on 10/12/2007, -12/+6so when you discover bugs and vulnerabilities in IE7 it's because Microsoft sucks! and when people discover them on Firefox, it's art and asset?
  • ngmcs8203, on 10/12/2007, -9/+1digg down the dbl post
  • rolosworld, on 10/12/2007, -14/+2pbaehr, I use noscript also...
    please don't call it amazing, its a very lame script... it makes me sad opera is the only browser that can prevent this :-/

    I REALLY hope they fix this kind of stuff... I don't think this is so hard to fix since they already have a stop script algorithm, but it seems to only detect loop's without pause.

    @ngmcs8203, I really don't care about IE7, someone could write a bible about IE horrors.
  • IQ70, on 10/12/2007, -20/+4Click on the link. Wait 20 seconds. You decide.
    http://lcamtuf.coredump.cx/ffoxdie.html
  • MusicalGenius, on 10/12/2007, -22/+5All I have to say is...

    Firefox is art and asset in the form of a browser.
  • rolosworld, on 10/12/2007, -43/+4don't click if you don't want to close firefox..
    http://rolosworld.googlepages.com/dos.html
    I hope they fix this soon....

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.