digg

Facebook Connect Join Digg About

Mozilla 'Fixes' 24 Bugs. Firefox is NOT Vulnerable

news.yahoo.com This is in response to the false digg that Firefox is vulnerable: Secunia tagged the overall updates -- to Firefox 1.5.0.2 and 1.08, and Sea Monkey 1.0.1 -- as "Highly critical," its second-from-the-top ranking. Mozilla Corp. updated its Firefox browser to patch a mega-batch of 24 vulnerabilities, the bulk of them tagged "critical."

Who dugg this? Made popular Apr 15, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

67 Comments

show profanity settings
expand all
  • Waffles, on 10/12/2007, -5/+29Don't you understand? When Firefox fixes bugs, they fix them so completely that they never existed in the first place. The fix extends backwards in time. Let's see microsoft do that!
  • msaleem, on 10/12/2007, -7/+23The following frontpage story seeks to scare firefox users into thinking that they are insecure: http://digg.com/security/21_Firefox_vulnerabilities_reported_today._Either_update_or_install_Opera. That however is NOT the case. All those security issues, and more, were already patched. Secunia was merely reporting that those were issues in the past, which have been now addressed.
  • Phyltre, on 10/12/2007, -0/+13Why is the vulnerability of Firefox turning into some kind of political warzone? It's a browser, not an atomic bomb!

    "What? Vulnerable? How DARE you suggest Firefox is vulnerable! We shall settle this in the only way befitting gentlemen--Rasslin, No Holds Barred!"
  • inactive, on 10/12/2007, -1/+12Upon hearing that there were 24 bugs being fixed by the Firefox programmers, Jack Bauer immediately went in and shot every one of them. Jack Bauer gets fixed by no man.
  • phpirate, on 10/12/2007, -2/+12I don't think it scared anyone successfully. Right when it went front page it was marked as inaccurate, and plus my comment was right at the top where people could see it and see a user saying that it was not true.

    Generally, it wouldn't take a big hit to firefoxes already huge number of users. Even if there were 21 vunerabilities, I somehow doubt many people would change over. Extentions are way too addictive. I literally can't live without adblock ;)

    Plus, your article makes it sound like there were vunerabilities but mozilla rushed to fix them or something...
  • inactive, on 10/12/2007, -5/+15nothing worse than idiots spreading FUD... you get my digg.
  • Portfolioso, on 10/12/2007, -0/+9I was the first to point out to everyone that this was up to 1.5.0.2 or 1.08.. No one seemed to understand that before I said it...

    http://digg.com/security/21_Firefox_vulnerabilities_reported_today._Either_update_or_install_Opera.#c1466471
  • yensed, on 10/12/2007, -5/+11Anyone with firefox knew this. It was just opera fan-boys trying to make everyone think opera is better then FF.
  • SanityInAnarchy, on 10/12/2007, -2/+8However, if you actually look at what's being said by the intelligent people, not the fanboys -- I know, it can be hard to tell the difference...

    Often the comparison given is just awful. It's not just Firefox -- we'll see "studies" claiming Windows is more secure because it's patched fewer "critical" vulnerabilities than a given Linux distro. Anyone who knows what a Linux distro is, and puts a little thought into this, can see why that's not a fair comparison.

    First, what constitutes a "critical" vulnerability? Often the study wouldn't even check, and would compare MS "critical" to ALL Linux Vulnerabilities.

    Second, vulnerabilities in what? Windows is a lot smaller than a Linux distro. If you're going to compare vulnerabilities across the whole distro, you'd have to compare it to Windows IIS Office AIM.... you get the idea.

    And finally, with the source code available, you're not going to see vulnerabilities kept quiet and secret, and left unpatched for weeks or months even though the patch is probably a one-liner. If there's a vulnerability, it's generally found and patched pretty quickly.

    It's not that we can't accept that Firefox is vulnerable, it's that we're so sick of competing with all the FUD. Yes, sometimes something real comes along, but we're a bit... unprepared for that.
  • gonz, on 10/12/2007, -2/+6Funny how the title partly says "Firefox is NOT vulnerable"... Haha, of course it is and so is everything else even remotely big.
  • inactive, on 10/12/2007, -3/+7They have yet to fix the bug I put in months ago regarding messed up floats.

    See: https://bugzilla.mozilla.org/show_bug.cgi?id=317237
  • davidirock, on 10/12/2007, -0/+3is firefox 2 (bon echo) vulnerable, because it came out before the security fixes. I use that one. I honestly am asking. (And I use it because it's much faster then 1.5 when tweeked.)
  • greenknight, on 10/12/2007, -0/+2It was not 24 bugs in Firefox, it was 24 bugs in all of Mozilla's products. Only 7 patches were in Firefox 1.5.0.2.
  • jinexile, on 10/12/2007, -1/+3Anyone going to myspace deserves this fate, I call this a feature.
  • w00ters, on 10/12/2007, -0/+2I don't care about browser vulnerabilities. Most of the damage done to a user is through clicking on some malware infested link, not by browser vuln. There are still tons of undisclosed vulns for both FF and IE and like I said the bigger security issue is user ignorance by way of clicking malware infested links. Now that IE has some competition, both browsers will likely remain on top of the patching game (which has been the trend for the past year now) so disclosed vulns will hardly be an issue for either browser.
  • kurupt, on 10/12/2007, -0/+2Jack Bauer: You do not want to test me. Now tell me, WHERE ARE THE DAMN BUGS??
  • geekee, on 10/12/2007, -0/+2"Mozilla Fixes 24 Bugs In Firefox, Majority Marked Critical"

    They just fixed a number of critical vulnerabilities. No one in their right mind should believe Firefox is secure. It's just obscure enough to not get attention from hackers. Telling people they're secure when they're not is being dishonest. Is there such a thing as anti-FUD. Downplaying real threats to passivate your user base. I love how the article's title was changed to make people feel safe.
  • Swift2, on 10/12/2007, -1/+3See how agenda drives news? You can report the same story on CBS and FOX and think you live in different worlds, and in a way, you do. Firefox was never touted as 100% safe, just a lot safer than Internet Exploder, and lighter and faster, too. So, if you want people to change to Opera, you have two choices: explain the good things about it, which is difficult, or spread FUD about Firefox. Much easier. All you have to do is change a few intensifier words. I'm looking forward to a time when we can make these decisions based on thorough examination, and side-by-side comparisons. Not FUD.
  • Shinglor, on 10/12/2007, -0/+2"And finally, with the source code available, you're not going to see vulnerabilities kept quiet and secret, and left unpatched for weeks or months even though the patch is probably a one-liner. If there's a vulnerability, it's generally found and patched pretty quickly."

    I think you'll find that some security vulnerabilities are marked as confidential in bugzilla. I don't have any links to back me up but I'm almost certain that there are vulnerabilities left unpatched for weeks or months in Firefox.

    If you look at Secunia's Opera page you'll see that every found vulnerability is patched. Opera is closed source too so I don't think it makes a difference, it only matters how much the developers care about security.
  • aura, on 10/12/2007, -0/+1I agree, no browser or PC is ever fully secure. Even if you unplug your PC from the net, someone can still break in and access it manually.

    It all depends on how good your locks are and how many people are trying to break in. FF and Opera are targetted less than IE, but all 3 have released updates recently to address issues.

    The bottom line is no browser is 100% secure or invulnerable, so stop telling people they are!
  • booberry, on 10/12/2007, -0/+1It saves lives...many a hobit has been lost to the myspace snapping clam.
  • Izzie, on 10/12/2007, -0/+1Mislabeled title.
    Firefox still has known vulnerabilities including 2 vulnerabilities from 2004
    http://secunia.com/product/4227/
    Besides, that there is also the undisclosed or undiscoveed yet vulnerabilities.
    firefox being not vulnerable is just a mtyh as explained here: www.firefoxmyths.com

  • djdole, on 10/12/2007, -0/+1Reported as inaccurate.
    I use Firefox (except for windows update, damnit), so I'm not a safari/opera/IE fanboi.
    I just understand and am must willing to admit that no software is "Not Vulnerable".

    There are ALWAYS vulnerabilities; the majority of them are just not discovered yet.

  • RotAtoR, on 10/12/2007, -1/+2If you look at the Secunia article, that list of vulnerabilities was actually released by Mozilla specifically as a list of vulnerabilities fixed by 1.5.0.2.
  • worbd, on 10/12/2007, -0/+1Inaccurate. Reported as such.

    The digg story does NOT say that Firefox is vulnerable at all. In fact, it says "UPDATE or...", which implies that an update is available.
  • whitehatlurker, on 10/12/2007, -0/+1Something interesting about this was the way that Secunia treated the vulnerabilities. Rather than issuing 24 advisories, there was just one. From Mozilla's point of view this cuts both ways - one, FF is seen as having had less vulnerabilities when you look at Secunia's charts than it really should get charged for, and two, its "patched" ratio is lower than it should really get credited with.

    However, this cuts into my "trust" of Secunia's methods. (I'm too tired to think of a synonym that works better - I trust them as little or as much as I did before.) Do they play favorites or are they just being lazy?

    I suppose that there are other causes for this - there really is no way to determine how many security holes discovered "in-house" are patched in closed source updates. (Though I feel that Opera is more upfront about this than MicroSoft, just to disclose my bias.)
  • mistshadow2k4, on 10/12/2007, -0/+1If you think most users don't go to porn sites, you ned a reality check. It truly is one of the most common uses for a browser. Do some research on the subject. No, not porn, how many people visit porn sites and how much of the internet-using population that adds up to.

    IE doesn't cause problems? If that were true I wouldn't be able to afford the parts for the computer I'm building -- and I just bought a 320 gig WD hard drive last night. I fix computers and the vast majority of problems I see are spyware and viruses that downloaded themselves straight into the person's computer through Active X. Sure you "don't see the problem" immediately simply because this crap downlaods into your system without you knowing it! It's later that the trouble starts as more and more files get infected.

    I'm actually a decent person, so I tell these people to run a different browser; FF, SeaMonkey, Opera, virtually anything but IE. Most don't listen so they just keep getting these problems. More than once a computer has been brought to me with a hardware problem and I found malware on the system that the user didn't know about. I have to admire the malware-writers who can code it do that; the spyware/trojan/whatever is running in the background but isn't causing the system problems and is using so little RAM that the user never notices it there.
  • ccheath, on 10/12/2007, -2/+3a classic FUD operation
  • tehciv, on 10/12/2007, -1/+2Not vulnerable? Great! No need to ever patch again then!
  • inactive, on 10/12/2007, -1/+2Are you retarded, NotParker? You seem to have missed the entire point.
  • inactive, on 10/12/2007, -1/+2"I don't think it scared anyone successfully. Right when it went front page it was marked as inaccurate, and plus my comment was right at the top where people could see it and see a user saying that it was not true."

    For the most part, a lot of the critical bugs that FireFox encounters are bugs that would rarely affect anyone. I mean, think about it, what kind of websites are you carelessly visiting that would do malicious things without flash/java/cookies/activex, etc? Sure, theoretically, they are potential problems but in the full scope of things they are not huge concerns. And since they are patched rather swiftly, it wipes out the potential damage before much can occur in the first place.
  • inactive, on 10/12/2007, -1/+1Who cares either way. I mean that article was really no worse than any of the Switch to Firefox posts that routinely make it to the home page..

    Basically, how about we just call for a moratorium on ALL "switch to this (browser or OS)" and let other people enjoy what THEY want!

    Who the hell CARES what other people use? How does that afect YOUR computer/internet experience? Just let others use what they want. If they are using Windows and IE, it is because they do not see a need to switch. And do you know why? Becuae the VAST majority of people who use Windows and IE NEVER see a problem. Not once. If you use IE to go to legitimate sites without warez or porn, there is no real danger. And since most people don't go to those sites they are fine.

    So remember this article and the last one. And when you are about to submit the latest "Switch to Firefox" post, DON'T. Honestly...do you think even ONE person has switched browsers based on what an article on Digg has said!
  • inactive, on 10/12/2007, -1/+1how to crash firefox, step 1, go to myspace, and browse a few profiles, then, firefox will crash, especially on mac
  • sappyvcv, on 10/12/2007, -1/+1It's not supposed to be a scare. It's information. Are you afraid of information?

    There are some people out there still using 1.0.x because 1.5 initial gave them problems. It's good to notify these people to try and upgrade now.
  • MrDan, on 10/12/2007, -3/+3"Firefox is NOT Vulnerable".

    You do not state which version. Not everybody has totally up-to-date versions installed.

    Evidently the version with the 24 vulnerabilities IS vulnerable.

    The article you are trying to argue against suggested that people update to the lastest version of Firefox to fix these vulnerabilities.
  • JudgeDredd, on 10/12/2007, -1/+1Not at all. I will give it a dig.
  • kaidadragonfly, on 10/12/2007, -1/+1I didn't know it was illegal for sites to host porn.
  • SanityInAnarchy, on 10/12/2007, -5/+5True enough, but you just hit on one major reason Mozilla/Firefox tends to be more secure. Quicker to patch holes.

    And not "just a bit". MS will often know about a vulnerability, but keep quiet about it for months, until they finally decide it's worth fixing.
  • JudgeDredd, on 10/12/2007, -1/+1"gksudo firefox" Update, and get out of root. Yeah, this scare is no reason to panic.
  • sappyvcv, on 10/12/2007, -0/+0And there were bugs for older versions of firefox fixed as well. also, they have not released information on all of the security things fixed yet either.
  • Kiba, on 10/12/2007, -2/+2YAWN!

    People on the firefox team fixes security bugs before any anybody can use it in the wild. This is why Firefox is not vunerable.

    They only rush out an emergency release because a) there an exploit in the wild !
    b) Some researcher report it to the public.

    Anyway, we will see more vunerability published in the next stability and security update of Mozilla Firefox because they already fixed and they have no need to keep it serect.
  • dime, on 10/12/2007, -6/+6
    My God... so much fanboyism my head is going to implode.

    Everything is vulnerable, Mozilla's just a bit quicker to patch holes. This post is just as sensational as the original it was trying to discredit.

    lolz@theironyyyyy.
  • tehciv, on 10/12/2007, -3/+2It's pretty sad when the only response to a critisism of Firefox is "lol ie is worse lol"
  • sappyvcv, on 10/12/2007, -3/+2Logic has no place here buddy.
  • DanAtkinson, on 10/12/2007, -2/+1Um... 'Firefox is NOT vulnerable'? So it's invulnerable then?! That's a complete lie!

    Deary me. :( Reported as innacurate.
  • binarypower, on 10/12/2007, -2/+1Did the person who posted this story mean to say "invulnerable"?
  • inactive, on 10/12/2007, -3/+2Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code
  • kalphegor, on 10/12/2007, -2/+1One Browser. Firefox.
  • NerdOfPrey, on 10/12/2007, -1/+0OT: all else aside, the latest revision is *much* snappier than earlier iterations. I was previously running 1.0.5 - this release starts and renders far more quickly on the same hardware. Additionally, the peculiar "refuse to minimise" issue I've previously wrestled with seems to have been taken care of, and I much prefer the reorganised Options dialog box - significant improvements, great job dev team!
  • mDot, on 10/12/2007, -3/+1I personally wasn't 'scared'. An unpatched Firefox on an unpatched Linux distro is more secure then even a patched IE on a 'protected' Windows system. Though, I did install version 1.502, but mostly just to see if I could.

    /digg
  • Fetching more discussions...
    Show 51 - 67 of 67 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.