Hi peeto
I never really liked Firefox or even the idea of it till version 1.0 came
out. I tried it and quickly realised it is the best browser around. While
it
isn't as feature rich as Mozilla, it's much faster. With the
"document.all"
support and support for real standards, it does IE better that IE and
Mozilla
bettter than Mozilla. Like I said, I don't like Firefox, I just use it
most
of the time because it is better, regardless of mine or anyone else's
opinion.
Just one of thing I absolutely must ask: There are people everywhere
claiming that IE is only getting as hacked as much as it is because it is
the
most popular browser, and if say, Firefox was as popular it would get
hacked
just as much. Interesting. IE is the only browser I am aware of that
really
supports ActiveX and is also the only browser that truely allows dynamic
application installation and execution. So my question is this: How on
earth
would a browser other than IE get "hacked just as much" if it was "just as
popular"? Please take my question seriously and give me a serious answer,
exactly how would Mozilla, Firefox, Opera, whatever, be hacked? What
features
would be comprimised and what would be the consequences? Long before IE
was
getting hacked the way it is (tens of millions of known occurances), it
was
obvious to some that ActiveX support on the web was asking for this sort
of
trouble. I can't see any logical explanation as to how other browsers
could
be hacked as much, please enlighten me.
Here is some factual data that might help answer your questions:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Known Vulnerabilities in Mozilla -
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Known Vulnerabilities in Mozilla - FireFox - Thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.pcworld.com/news/article/0,aid,119187,00.asp
http://pcworld.about.com/news/Jan062005id119187.htm
For an unbiased view of vulnerabilities and how they've been handled by
the vendors, have a look here :
IE
http://secunia.com/product/11/
Mozilla Firefox
http://secunia.com/product/4227/
also....
Courtesy of PA Bear
<paste>
Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet
Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2,
Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x,
Mozilla *Firefox* 0.x,
Mozilla *Firefox* 1.x
The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up window
opened on a trusted website.
Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
Notes:
- The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
*Firefox* 1.0. Other versions may also be affected.
- The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.
- The vulnerability has been confirmed in Safari version 1.2.4. Other
versions may also be affected.
- The vulnerability has been confirmed in Opera version 7.54. Other
versions may also be affected.
- The vulnerability has been confirmed in Konqueror version 3.2.2-6.
Other versions may also be affected.
- The vulnerability has been confirmed in Netscape 7.2. Other versions
may also be affected.
Solution: Do not browse untrusted sites while browsing trusted sites.
Netscape:
http://secunia.com/advisories/13402/
Opera:
http://secunia.com/advisories/13253/
Mozilla/Firefox:
http://secunia.com/advisories/13129/
IE:
http://secunia.com/advisories/13251/
Konqueror:
http://secunia.com/advisories/13254/
Safari:
http://secunia.com/advisories/13252/
/paste>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please keep in mind that these are not *my* facts, these are from the
experts. You can also look up the facts for yourself by doing a Google on
the various browsers and their vulnerabilities.
The group of people who are hacking and creating the garbage out there are
now going after the other browsers, and as you can see, they know how to
take advantage of their weaknesses as well. They are making *very* big
money, and for them the programming is child's play. For any user to think
that any one browser is totally invulnerable is a huge mistake. You should
never let your guard down.
The fact is, *any* browser or source that connects to the internet is
vulnerable. Period. The other browser companies are now finding that out.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm