Mozilla Hits Back at Browser Security Claim 295
UltimaGuy writes "Mozilla has reacted to the Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's 'ability to react, find a solution and put it into the user's hands is better than Microsoft.'"
Original Symantec Article (Score:5, Informative)
https://ses.symantec.com/Content/displaypdf.cfm?S
But to save you some trouble, here's the excerpts about Mozilla:
Re:mozilla vs M$ or (Score:2, Informative)
Misleading numbers (Score:5, Informative)
Re:Allegory (Score:4, Informative)
1.0.7 is out (Score:3, Informative)
Symantec has no credibility on software issues (Score:5, Informative)
Earlier this evening I was cleaning up a friend's Windows 2000 machine. After removing a collection of obsolete software, TCP/IP no longer worked. The culprit: Symantec Antivirus. It had left invalid service dependencies in the registry. I had to remove them by hand.
Symantec can't even understand their own software, much less someone else's. Even ignoring the obvious corporate bias, I have no faith that they can begin to understand the actual severity of defects in either IE or Firefox. It would be far better to ask "how many machines have been compromised by this fault?" than to present simple defect counts.
Re:Open source wins again (Score:5, Informative)
In 2004, there was only ONE WEEK during which there were no known remote code execution exploits for fully-patched MSIE. There were 30 days for Firefox if you don't count Mac OS (which would be fair if we're only interested in browsers for Windows users).
Re:Symantec forgot one critical detail... (Score:3, Informative)
They've been building 1.5 (Deer Park) for at least one or two months. I'm assuming they finished working on 1.0.7 before they began work on 1.5, so 1.7 isn't exactly new.
Re:the comparison is simple (Score:3, Informative)
Your questions are addressed on pages 3 and 4.
Re:Mozilla is a disaster waiting to happen (Score:4, Informative)
Re:maybe IE has more (Score:3, Informative)
Re:Symantec isint biased! (Score:4, Informative)
(but a good antivirus/antispam/antiinternet/antiusingyourcomp
Re:Symantec isint biased! (Score:5, Informative)
While firefox may have more exploits popping up these days, fixes for it are issued in a much more timely manner than for IE.
Re:Mozilla is a disaster waiting to happen (Score:2, Informative)
Re:Mozilla is a disaster waiting to happen (Score:5, Informative)
As of Firefox 1.03 [mozilla.org], what you say is no longer correct. The Firefox team has separated the content document object model from the chrome, so that chrome functions are no longer vulnerable to being overriden by content.
In addition, they've encapsulated chrome code even further in Firefox 1.5 [mozilla.org]
Admittedly the original design was a bit insecure, but the risks going forward have been eliminated, and the real risks are mostly the usual browser vulnerabilities in parsing, buffers, etc., all of which are present in Konqueror, Safari, and Opera, all of which have received far less security scrutiny.
Re:Responsiveness is irrelevant (Score:3, Informative)
Server statistics are telling (Score:3, Informative)
Browser/version: ---- Hits
MSIE 6.0 ---- 1699
Total: 1699
Firefox 1.6 ---- 1
Firefox 1.4 ---- 233
Firefox 1.0.6 ---- 3218
Firefox 1.0.4 ---- 1123
Firefox 1.0.3 ---- 4
Firefox 1.0.2 ---- 2437
Firefox 1.0.1 ---- 130
Firefox 1.0 ---- 31
Firefox 0.10.1 ---- 4
Total: 7181
Netscape 4.04 ---- 1
Unknown ---- 155
Safari ---- 111
Mozilla ---- 98
Opera ---- 16
Dillo ---- 12
FF = 7181 hits
..out of 9273 total hits*. Hmm. Interesting.
*data via awstats 6.4
Re:Server statistics are telling (Score:3, Informative)
Comment removed (Score:4, Informative)
Re:first post (Score:4, Informative)
Care to back up that claim with specifics URL to the relevant bug reports? I checked their database, and couldn't find any bugs that qualified. The great majority of bugs are either minor and non-security related, or less than a month old.
Non Commercial Licences for 'Freeware' (Score:2, Informative)
I'm assuming you are using the 'free' versions of this software, otherwise igore the rest of this message!
Bearing in mind you are a non-commercial organization - and a worthy one - I would double check the licenses for these as far as educational and non-commercial organizational use is concerned. And perhaps a complimentary email to vendors for clarification where necessary?
SpywareBlaster [javacoolsoftware.com] looks OK for teachers.
Spybot [safer-networking.org] I would confirm with author. They seem 'edu' friendly, from their tone.
AVG License [grisoft.com] is perhaps slightly ambiguous in this case. Schools are non-commercial but they are 'Organizations'.
Ad-Aware [lavasoftusa.com] not free for educational use.
You may have omitted your firewall of choice but most of them have similar organizational clauses. I think Outpost Free [agnitum.com] may be OK.
Re:fp (Score:1, Informative)
Wrong (Score:2, Informative)
Re:first post (Score:3, Informative)
Ok, let's see... searching the bugzilla database for product Firefox, bugs filed more than a year ago, with severity being either "blocker" or "critical", and a status any other than "resolved", "verified" and "closed", for all OS, sort by importance. What do we get?
7 bugs found. Ooohhh... 7, big number. Let's look at them now.
Year old bugs that go unfixed in Firefox are either not clear enough to work with (crashes randomly), or are simply still open because nobody took the time to check with the next version to close the bug. None of those bugs are security issues.
I like Firefox as much as the next man (check out my sig) but let's not make extravagent claims.
Yep... I agree... how about you stop pulling stuff from your ass too?