Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox Remote Compromise Leaked
From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 10 May 2005 16:33:03 -0400

Mary Landesman wrote:

I find security in understanding how best to secure a browser, rather than
switching to whichever one advertises the least vulnerabilities regardless
of how open that interpretation might be.

My point is that crunching numbers reveals different results, depending
solely on the desired outcome. One could equally argue that Firefox had the
advantage of learning from IE's mistakes, hence comparing the first six
months of a browser three years later becomes a moot point. But, of course,
if one were to make that argument, one would expect Firefox to have done
better in the previous six months, which it clearly has not.

Of course, you could also make the argument that Microsoft could have learned from Netscape and Mosaic when it bought the mess which became IE from Spyglass.

So that door swings both ways.

Not to mention that you're not talking about the same kinds of mistakes in firefox versus those in IE in all instances. Many of the flaws in IE come from its poorly planned position within MS Windows as an Operating System component. (Before people jump on me - I'm referring to its place in the interface. I'm well aware that it is not part of the Windows Kernel and that you can, if you intend to break a large number of programs, remove IE completely with enough work.) What kind of lessons would Firefox learn from IE's zoning issues? It wouldn't... and any argument that it would is specious at best.

Listen, there are no perfect programs. All programs will have bugs. If you track the statistics, you can play games with the numbers until you're blue in the face. However, what we can say is this:

- Firefox has, at this moment, only 1 quasi-functional unpatched hole while IE has 3 completely unpatched holes. - Firefox is not part of the OS interface and, as such, does not implement poorly concieved zoning interfaces. Mozilla/Firefox are designed the way that browsers should ideally be designed. Some of the holes found in Firefox rely on external programs (like Java) to do their dirty work and some of them are in the web standards and equally apply to IE.
Those are the facts, statistics be damned and firefox still wins.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]