Is The Firefox Honeymoon Over?

prostoalex writes "With Firefox market share reaching a substantial level, is the popular Internet browser becoming a security nightmare for IT administrators? George Ou takes a look at the hard numbers. From the article: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. Conclusion? As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005.'"

Hey!

[Brandon K]

This is Slashdot! You're not allowed to talk about Mozilla like that!!!

Karma Whoring

[metternich]

Is still more fun than coming up with relevant comments.

The honeymoon IS over

[uberdave]

Yes, the honeymoon is over, and now the more enjoyable adventure of building a life together begins.

Re:FUD

[Danse]

It's still more secure than IE.

You make a powerful argument. I'm daunted at the prospect of countering it. I think I'll back down in the face of your intellectual prowess.

Re:haha Bitches

[The Angry Mick]

Thanks, Steve [microsoft.com]. It's nice to see you're still paying attention to things over here.

Re:Quality not Quantity

[Anonymous Coward]

Remember 99% of people that have cancer have eaten pickles. That doesn't tell you squat about the relationship of pickles and cancer.

Great, another apologist for the pickle manufacturers...

Re:misleading

[Anonymous Coward]

Anybody who wants to inspect the source code for security holes can do so.

Don't rush people, please get in line, there's enough source code for everyone.

Seriously. Is that anywhere on the priority list of anyone? No better way to spend the afternoon?

Re:No Software is Perfect

[theskipper]

"I set MSN Search as my default search engine on Firefox"

I set my Firefox home page to open MSN search with the default search strings "openoffice.org google 'how do I replace microsoft windows with linux?'".

It's the little things that make life enjoyable.

Re:What happens when IE Vista goes mainstream?

[jerw134]

I wouldn't count on that. You obviously don't know about the numerous security measures going into Vista and IE7.

Re:Quality not Quantity

[wo1verin3]

>> ActiveX is not a vulnerability. Stop trolling.

It's a significant point of weakness...

ActiveX is the screen door on the Internet Explorer Submarine.

FoxNews called, they want your resume

[spoonyfork]

Firefox ... is the popular Internet browser becoming a security nightmare for IT administrators

Not a statement of fact but by asking it as a question you give the meme credibility. Get those ad servers warmed up.

As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading.

Really, need some straw?

[statistics of vulnerabilities provided without context] ... It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits.

Oh, I see you are already building your straw man [wikipedia.org]. What was your point again... FF is no better than IE so don't bother trying to use it? Nice. Not sure which is worse, the the zdnet Microsoft shill or this poseur inciting a flame war to embiggen ad server revenues. Bravo, your internship at FoxNews is waiting.

Re:Quality not Quantity

[halltk1983]

Yeah! Remember kiddo's "that's not a bug! It's a feature!"

Re: Is the Firefox Honemoon Over?

[Bloggins]

Dam, I can't argue with that. I guess I'm switching back to IE, where can I find the source for 2.6.12 i386

Re: Is the Firefox Honemoon Over?

[kevlar]

There are flaws in IE that have been known for better than 6-8 months and still there is no fix.

Ok, sure... I'll bite. I don't buy it. Name ONE risky security flaw that has been known for 6 months without being patched by Microsoft.

Re: Is the Firefox Honemoon Over?

[Anonymous Coward]

...but I'll go over what has impressed me with what Microsoft is doing for Vista...

Has the DRM impressed you?

Re: Is the Firefox Honemoon Over?

[jalefkowit]

Name ONE risky security flaw that has been known for 6 months without being patched by Microsoft.

ActiveX?

Re:rebuttal

[Terrasque]

Blackadder : Crisis Baldrick, Crisis! No marriage, no money, more bills! For the first time in my life I've decided to follow a suggestion of yours. Saddle Prince George's horse.
Baldrick : Oh sir, you're not going to become a highwayman, are you?
Blackadder : No I'm auditioning for the part of Arnold the bat in Sheridon's new comedy.
Baldrick : Oh that's alright then.
Blackadder : Baldrick, have you no idea what irony is?
Baldrick : Yeah! It's like goldy and bronzy, only it's made of iron.

Re: Is the Firefox Honemoon Over?

[jiushao]

Has someone restated Godwin's law with DRM instead of nazis? If not I would like to call it "Jiushao's law" please.

Re: Is the Firefox Honemoon Over?

[smbarbour]

Disclaimer: This post is meant to be funny.

I'm sorry, but that example does not count. The parent asked for an example of a flaw that has been unpatched for 6-8 months. This flaw has been unpatched for over 24 months. This is clearly outside the query specifications.

We do commend you for your efforts in identifying flaws in the software.

I give up

[thetelepath]

What is it with people continuing to compare number of exploit fixes per month and whatnot to determine how secure something is? Surely we know by now that it's not a good idea. Didn't we just have an article a few days ago explaining the top 10 worst security practices? Anyway, this could mean that using firefox will net you lots of spyware or make it easier for someone to hack you. Or it could mean that the people working on firefox are better at finding and patching security holes (either because firefox has more of them or because it's coded better). In one article, we complain about bosses always being persuaded by hype, and in the next we overreact to the same hype. What hype-ocrisy.

Re: Is the Firefox Honemoon Over?

[fabioaquotte]

Name ONE risky security flaw that has been known for 6 months without being patched by Microsoft.

The ability to boot MS Windows?