Hi Jason Thats abit Harsh but funny,Im suprised its
picking it up as a threat but Mozilla has just as many
flaws as IE except they tend to be swept under the carpet
abit to prevent most users knowing about them here's a
couple of them just so we can even things out abit
)
A vulnerability has been reported in Mozilla and Mozilla
Firefox, allowing malicious websites to spoof the user
interface.
The problem is that Mozilla and Mozilla Firefox don't
restrict websites from including arbitrary, remote XUL
(XML User Interface Language) files. This can be
exploited to "hijack" most of the user interface
(including tool bars, SSL certificate dialogs, address
bar and more), thereby controlling almost anything the
user sees.
The Mozilla user interface is built using XUL files.
A PoC (Proof of Concept) exploit for Mozilla Firefox has
been published. The PoC spoofs a SSL secured PayPal
website.
2 more annoying Firefox bugs
1. memory leak... the memory usage is insane... and it
increases over time even if you close all the tabs after
using the browser for hours.
2. flash & firefox uses a much higher CPU usage than IE.
Sometimes when you go to dictionary.com, a single flash
ad makes your cpu steadily above 90% even though you can
have a 1ghz CPU.
Fewer exploits exist for Firefox and Mozilla, partly
because the browsers are far less widely used than IE.
Worst Flaws Yet
Other highly critical bug in Firefox was a flaw in the
browser's libpng component,that may have allowed an
attacker to take over a system via a malicious graphic.
The worst of the bugs are problems displaying vCards and
bitmap image files, and an error involving malformed
links. An attacker could cause a buffer overflow by
sending an e-mail containing a specially crafted vCard
and then potentially execute code, but only if the e-mail
were displayed in the preview pane of Mozilla Mail or
Thunderbird.
An attacker could trigger an integer overflow in the
browsers or e-mail readers via an overly wide bitmap
image in a Web site or an email, also allowing the
execution of code. A link using non-ASCII characters in
the hostname could be exploited via a Web site or an e-
mail to trigger a buffer overflow and execute code.
And Things Like These:
Unsafe /tmp/plugtmp directory exploitable to erase user's
files
Plugins can be used to load privileged content
Image drag and drop executable spoofing
HTTP auth prompt tab spoofing
Download dialog source spoofing
Download dialog spoofing using Content-Disposition header
XSLT can include stylesheets from arbitrary hosts
Autocomplete data leak
Memory overwrite in string library
Spoofing download and security dialogs with overlapping
windows
SSL "secure site" indicator spoofing
I dont work for Microsoft and Dont represent them in any
way but this is just to show you the grass is never
greener on the other side,Both IE and Mozilla have
problems which im sure each are addressing and releasing
patches to repair,
The easiest solution for you it to choose to ignore the
High Threat alert and carry on with Mozilla but
personally id rather use IE because any security issues
are usually dealt with within a few weeks and all holes
are being filled one by one so it will be safer to use in
the long run in my opinion.
Have a nice day
Andy
