mailing list archives
Re: Firefox Remote Compromise Leaked
From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 10 May 2005 16:33:03 -0400
Mary Landesman wrote:
I find security in understanding how best to secure a browser, rather than
switching to whichever one advertises the least vulnerabilities regardless
of how open that interpretation might be.
My point is that crunching numbers reveals different results, depending
solely on the desired outcome. One could equally argue that Firefox had the
advantage of learning from IE's mistakes, hence comparing the first six
months of a browser three years later becomes a moot point. But, of course,
if one were to make that argument, one would expect Firefox to have done
better in the previous six months, which it clearly has not.
Of course, you could also make the argument that Microsoft could have
learned from Netscape and Mosaic when it bought the mess which became IE
So that door swings both ways.
Not to mention that you're not talking about the same kinds of mistakes
in firefox versus those in IE in all instances. Many of the flaws in IE
come from its poorly planned position within MS Windows as an Operating
System component. (Before people jump on me - I'm referring to its
place in the interface. I'm well aware that it is not part of the
Windows Kernel and that you can, if you intend to break a large number
of programs, remove IE completely with enough work.) What kind of
lessons would Firefox learn from IE's zoning issues? It wouldn't... and
any argument that it would is specious at best.
Listen, there are no perfect programs. All programs will have bugs. If
you track the statistics, you can play games with the numbers until
you're blue in the face. However, what we can say is this:
- Firefox has, at this moment, only 1 quasi-functional unpatched
hole while IE has 3 completely unpatched holes.
- Firefox is not part of the OS interface and, as such, does not
implement poorly concieved zoning interfaces.
Mozilla/Firefox are designed the way that browsers should ideally be
designed. Some of the holes found in Firefox rely on external programs
(like Java) to do their dirty work and some of them are in the web
standards and equally apply to IE.
Those are the facts, statistics be damned and firefox still wins.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Firefox Remote Compromise Leaked Steve Friedl (May 08)