Microsoft Not Worried about FireFox 674
didde writes "It seems like our friends in Redmond are quite happy about IE. According to this article, they won't be updating it until Longhorn. My favorite quote would be [We have a very, very innovative set of capabilities that we're putting in the next version. And in the meantime it's an extensible platform, and there will be a set of extensions that Microsoft does as well as others.] Oh boy, are they actually working side by side with the virusmakers and phishers?" That just gives the MozBoys a year head start.
browser security check (Score:5, Informative)
At your own risk, of course. Firefox 1.0PR passed with flying colors.
Re:browser security check (Score:3, Informative)
Firefox 1.0 has 1 high risk vulnerability.
High Risk Vulnerabilities
Sun Java Plugin Arbitrary Package Access Vulnerability (idef20041123)
Description
Java Plugin allows web browsers to run Java applets. Java plugin may be used by Internet Explorer, Mozilla (and Mozilla-base browsers, such as Firefox), Opera and other browsers.
When a browser opens a web page that contains a Java applet the browser automatically downloads the applet and runs it locally. To protect the user from malicious applets all the applets run in so called "sandbox". The sandbox restricts what an applet can do. For example, the sandbox will not allow an applet to open local files or start programs.
This bug in Sun Java Plugin allows a web site to bypass the sandbox and execute Java code that the sandbox will normally not allow and possibly gain control over the client computer.
Technical Details
Sun Java Virtual Machine contains sun.* packages that are only supposed to be used internally, by the virtual machine itself. Some private classes allow direct access to memory or modifying private fields of Java objects. If an applet attempts to load one of those packages a security exception is thrown. If an applet could load those classes it could turn off Java Security Manager and break out of Java sandbox.
JavaScript can access properties and methods of Java applets embedded on the page. It is possible to load a private package from JavaScript as shown in the code below:
var c=document.applets[0].getClass().forName('sun.tex
alert('got Class object: '+c)
Java Reflection API allows objects to examine their own structure (for example, find out the class of the object or the available methods). Reflection API defines getClass() function that returns the object's class. forName method of Class object loads the named class. The same operation done from the Java applet instead of JavaScript would fail.
Recommendations
Upgrade Java Environment to version 1.4.2_06 or later. It can be downloaded from http://java.sun.com/j2se/1.4.2/download.html
Sure, it's a Java vulnerability, but a vulnerability nonetheless.
Why hasnt FireFox automatically updated Java for me?
At the end of the day, every time one of you sticks FireFox on some clueless' machine, and tell them they're "safe", you're lying (or just ignorant).
Re:What would they Add? (Score:2, Informative)
Choose your poison:
apt-get update
up2date
emerge sync && emerge -u world
(apologies to any I missed)
Opera 7 passed. (Score:3, Informative)
Opera 7.54u1 build 3918 passed.
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0
Re:'Innovations' (Score:3, Informative)
Meanwhile Pepsi says (Score:2, Informative)
Seriously, this isn't news, this is basic marketing. No company is ever going to admit that the competition is superior, which is what they'd be doing if they said they were worried.
No athlete is going to say he's worried on game day, either. "Gee we suck! I sure hope the Bears don't hurt us!". It doesn't happen.
But anything to bash MSFT, I suppose.
Re:browser security check (Score:2, Informative)
http://www.computerworld.com/securitytopics/secur
Re:We're heard this line before (Score:5, Informative)
Of course I may be wrong.
Re:browser security check (Score:3, Informative)
I had less success with FF 1.0 release for OS X. I tried the test a couple of times, and FF crashed both time midway through the tests.
Re:MS has no reason to fear loss of market share. (Score:3, Informative)
Browser based apps (Score:2, Informative)
At my workplace, I've implemented new browser based apps, and love them.
Everything is centralized, so I don't have to worry about maintaining software on 50 different machines.
There are no OS specific requirements. Any company computer can now run ANY os that has a browser, and still be able to do ALL of the core company work.
That means, I can give people a bare bones box, with no hard drive, and a knoppix cd, and they can do everything required for work.
Unless MS does somethign which makes me really want to use IE, then there is no reason to even be using MS.
Firefox browsing speeds (Score:2, Informative)
Re:We're heard this line before (Score:5, Informative)
Here are some articles I wrote related to this topic:
Re:Some other famous quotes... (Score:2, Informative)
Re:We're heard this line before (Score:4, Informative)
They will. Every single market that Microsoft currently dominates has solid gaining competitors, because the technology is becoming commoditized more and more. Office suites are something people should not have to pay a lot of money for, any longer, as are operating systems. That could be a big one-two punch for Microsoft.
When in history has there been such a broad line of software products with a common base? Sun JDS, Xandros, Linspire, Red Hat, SuSE, etc. all have the same overall source base plus their value added goodies for their target markets. This should be making Microsoft very very nervous about the future of Windows. No one can really take Windows, customize it, call it their own, and sell it, like people can with open source systems.
Go-faster tweak for Firefox (Score:5, Informative)
[ from boingboing.net ]
Here's a great go-faster tip for Firefox, the free, rock-solid, secure browser from the Mozilla Foundation:
1.Type "about:config" into the address bar and hit return. Scroll down
and look for the following entries:
network.http.pipelining network.http.proxy.pipelining
network.http.pipel
Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.
2. Alter the entries as follows:
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to some number like 30. This
means it will make 30 requests at once.
3. Lastly right-click anywhere and select New-> Integer. Name it
"nglayout.initialpaint.delay" and set its value to "0". This value is the
amount of time the browser waits before it acts on information it receives.
If you're using a broadband connection you'll load pages MUCH faster now!
Enjoy!
Re:If they have to say they aren't worried... (Score:3, Informative)
Use something like Perl or PHP instead. This even gives you portability to other platforms later on.
Re:I am worried about Firefox. Still needs work. (Score:2, Informative)
I've watched Mozilla development for a few years now, and I can tell you that this is actually a good thing... By listening to everyone you end up with (among a million other things) a kitchen sink.
Ahem. [mozilla.org]
Re:We're heard this line before (Score:3, Informative)
Re:We're heard this line before (Score:2, Informative)
Re:Mozilla, Viruses and Exploits (Score:4, Informative)
> it.
Without access to the IE source code, it's hard to be sure, but there have been a number of bugs related to string buffer overflows in different parts of IE.
> In SP2, they recompiled all system libraries,
> including IE, using the VS2005 compiler with
> overflow detection.
That approach is not perfect, and would have been less necessary if they were using a safe string library. Still, it probably would be a good idea for Mozilla.org to build Firefox with the same options if they don't already.
> Has Mozilla done a code audit?
Mozilla.org has not done a systematic code audit, as far as I know, other than the regular code reviews that happen before checkin. I do know that people have studied the code, some using automated tools, others by hand, but we only know if people choose to tell us. (Which they often do to claim money under the bugs bounty program.)
Re:We're heard this line before (Score:3, Informative)
I had zero Win98 users within a month, and zero Windows XP users within 3 months. That's a 400+ user environment.
Excellent!
I have managed the same thing, even with users who were very familiar with Windows. After many complaints that extensive training would be needed for a new platform, they just got on and used the Linux desktop, with no productivity loss.