check out IE!!
http://secunia.com/product/11/
now... what is in your computer?

I understand that all programs have there issues, especially web browsers, as html / xml etc has many intresting ways of use. However i would rather use FireFox then IE or an IE based browser anyday.

this
http://secunia.com/graph...;period=all&prod=11
says it all.. doesn't it?

I do not really know what the deal is here, fact is that I use Internet for a lot of things Credit card payments, Banking etc. and Firefox mess that up, Firefox seem to deny my entrance to ALL these systems so to me firefox is a piece of low dirt crap.

Security my buttocks also, how do we know FF is secure? I have seen NO proof whatsoever, for that matter of sake the people behind Mizilla could be harvesting creditcard numbers as we speak, I am not saying they are doing that but for all we know they COULD!

What do ANY of you know about how secure your browser is? you just read Forums and unless you are actually a VICTIM you wont even know if you are safe or not.

FireFox got a long way to go before it gets even half as good as IE.

Just remember people no matter how much you patch a hole, the Internet is 2 way communication, and where there is a way out there will always be a way in also.

With v1.0PR you can immediately tell if you are on a secure server by looking at the address bar because it will be highlighted in yellow.

I do all my online banking, credit card payments, school loan payments, and bill payments using Firefox with no problems. I use Firefox 99% of the time and only use IE when a website insists on IE.

I am the Technology Coordinator for a private high school. I recommend Firefox to all teachers, students, and parents. I used to drink from the IE Koolaid pitcher but no more.

"Firefox seem to deny my entrance to ALL these systems so to me firefox is a piece of low dirt crap."

I am not sure what bank you are using but all of the companies I do business with seem to work fine with Mozilla. Heck I can even get some of them to work fine on Opera without any fiddling.(although Opera tends to have more problems.) In fact I am writing this post in Opera. Truth of the matters is that Firefox supports all the major standards necessary to connect to a secure page. Chances are it's a problem with your bank refusing to design their sites properly for a browser other than Internet Explorer. It's your bank's webmaster that is a piece of crap not the browser. Perhaps you should consider looking for another bank. Anybody who is willing to annoy ~10 percent of their potential customers for no good reason is somebody who doesn't really care about providing
good customer service.

"Security my buttocks also, how do we know FF is secure? I have seen NO proof whatsoever, for that matter of sake the people behind Mizilla could be harvesting creditcard numbers as we speak, I am not saying they are doing that but for all we know they COULD!"

And Microsoft couldn't? More seriously though. I think you are overly paranoid. Given that the source code is readily available for the masses any programmer with the requisite skills can peruse the code and tell the masses if they found a secret backdoor. Unless they have added this backdoor recently or have hidden this stuff pretty well I am inclined to think your fears are unfounded. I have used Mozilla and Firefox for the last 3 years and no mysterious charges have shown up on my credit card statements yet. If the Mozilla Foundation has collected my cc# they seem to be pretty patient thiefs. I am doubtful you will ever see them programming in such a backdoor either. If people ever became aware of such a backdoor the bad pr would destroy Mozilla and the careers of many people involved with the project.

"What do ANY of you know about how secure your browser is? you just read Forums and unless you are actually a VICTIM you wont even know if you are safe or not."

In the 3 years I have used Mozilla based browsers I haven't gotten a virus, a worm, a dialer, spyware, or any other malicious software. My personal experience with Mozilla and it's derivatives has been very good. My experience doesn't reflect all users but to go that long without anything seems to suggest they couldn't have done too poorly.

"FireFox got a long way to go before it gets even half as good as IE."

Tell that to the PC World, PC Magazine, Walt Mossberg of the Wall Street Journal and the millions of users that seem to prefer Firefox over Internet Explorer. To convince so many people and various technical publications that this is a good browser would seem to suggest that it isn't as bad as you seem to saying.

"Just remember people no matter how much you patch a hole, the Internet is 2 way communication, and where there is a way out there will always be a way in also."

No dispute there. You have to always vigilant against attacks your machines. No matter how good the setup you have there will be problems if you become complacent.

"...I use Internet for a lot of things Credit card payments, Banking etc. and Firefox mess that up, Firefox seem to deny my entrance to ALL these systems so to me firefox is a piece of low dirt crap."

It's not Firefox that's denying your entrance, it's the lazy, uneducated webmasters.

"How do we know FF is secure? I have seen NO proof whatsoever, for that matter of sake the people behind Mizilla could be harvesting creditcard numbers as we speak, I am not saying they are doing that but for all we know they COULD!"

Um, no. Firefox is open-souce, so anyone (=programmer) can see the source code and know *exactly* what the browser is doing. You could even compile it yourself if you wanted. Firefox is the only major browser that is open-source--not Opera (this isn't necessarily a bad thing, I'm just saying...) and *certainly* not IE.

Plus ... the flaws are corrected in the latest versions. What's the problem? It's not like we're waiting on fixes like we would be with a certain other company. Mozilla has a much better track record. (For those who would argue that Windows can automatically update itself and that Mozilla can't, that functionality will soon be present in Firefox, as well--in fact, 1.0 PR might already have it. I'm not sure. If not, it's coming soon.)

It is dishonest to have a headline like "flaws in mozilla" when they were found in the OLD VERSIONS. An honest headline whould be "Flaws found in old version of Mozilla" and if you posted that as exciting or shocking news you'd be laughed out of the park.

You would be right except for a terribly unfortunate oversight on your part...

You assume that everyone maintains current, supported, working versions installed at all times. If everyone kept their software fully up-to-date, then even the Internet Explorer bugs wouldn't bite nearly as bad as they do.

the version is recent enough, we arent talking about a 3 years old version, its was the previous last released version

security bug are always important and people that forget this will find out by thenself sooner or later

"Firefox seem to deny my entrance to ALL these systems so to me firefox is a piece of low dirt crap."

no, your banks and sites are the ones that are a low dirt crap... pick then up and go check then in the validator.w3c.org and you will see the crapy code they have
most of that sites cant even work in IE for Mac, so that tells you a in big letters: "THIS SITE SUCKS, we dont care about our customers to even fix the bad code"
you can only do 2 things: complain hard and if they ignore you, change banks, stop using that site, complain even more

in all sites that i use nome have problem with mozilla's, i have complain alot and all the sites that had problems now work fine

try to explain that they might have lower mozilla scores compared with IE, because as the site dont work, people will go away, and show up the statistcs from another site with alot more mozilla likes browsers, or even beter, some news about it

on good tip to help the complain is to put that site in the homepage, and load it as much as you can... this way they will see the mozilla stats going up slowly and think twice before making crap html

"Security my buttocks also, how do we know FF is secure? I have seen NO proof whatsoever, for that matter of sake the people behind Mizilla could be harvesting creditcard numbers as we speak,"

you have the source code, you can check
actually this is what this security companies have done, they open the source code, check for possible holes and then go test then

also, in IE you cant do this, how do you know that MS isnt harvesting creditcard numbers? they cant? what stop then to hire some chinese and give then the code to do it, and then the chinese buy MS lots of software...

when security is at risk, we must be paranoid

"What do ANY of you know about how secure your browser is?"

more than IE, it dont have a direct connection to the system internal commands, so even everything is equal, this will help alot

also, i use linux, so its another layer of security, the more layers you have, the better the security is, because if one fails (and will fail some day), you have another to protect you, and another, and another...

"FireFox got a long way to go before it gets even half as good as IE."

IE is a long way before it gets even hald as good and secure as firefox

Just to let y'all know, me and my friends have successfully used firefox with no fewer than three well-reputed banks in our place(we're in India) at the same time using netbanking, and all three worked! not once but for the past 1 year and three months.

So much for the comment that it doesn't work with banking sites- of course one has to be careful with the browser settings - setting the popup killer to kill all popups will for eg. choke 2 out of three of the banks we use regularly - because they open new windows in the browser, etc.

I only wish some people would put more thought into using alternates - I for one have mozilla firefox, opera, deepnet explorer, and offbyone in windows, and konqueror, netscape and opera in linux.

All of them work, some have their gripes, yes but one way or the other they have *some* advantages over IE, *and some disadvantages* too. It's about time everyone woke up to this fact.

Quote: "FireFox got a long way to go before it gets even half as good as IE."

Thanks, Mr. Gates, but there are some very good alternatives.

This is my first comment to BetaNews. Usually, none of the comments are useful, but are just dumb argueing. However, this time I'd like to comment on the 'browser war' just to try and help some of you out.

First off, Mozilla browsers are safer mainly due to the lack of ActiveX programs. Most people that mess up their computers with loads of spyware and trojans get it by clicking on popup windows (which Mozilla has been able to block for years, and Microsoft just started doing with Windows Service Pack 2) that subsequently install malicious ActiveX programs.

But the practical aspects aside, this "news" post was about internal security vulnerabilities.

From the same security company that reported on the Mozilla bugs:

Security Adivsories for Internet Explorer:
http://secunia.com/product/11/

"Microsoft Internet Explorer 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical ... Currently, 18 out of 59 Secunia advisories, is marked as "Unpatched" in the Secunia database."

Versus...

Security Adivsories for Mozilla Firefox:
http://secunia.com/product/3256/

"Mozilla Firefox 0.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical ... Currently, 2 out of 12 Secunia advisories, is marked as "Unpatched" in the Secunia database."

... So there you have it. Besides IE being the most dangerous browser because of ActiveX programs. and besides its 18 unpatched internal security flaws (some extremely critical), Mozilla is still the browser of choice for its lack of depedency on the operating system (mess up the 60MB+ Internet Explorer and you reinstall Windows; mess up the 5MB Firefox and you reinstall it only).

Switching to Mozilla is still safe, and a better alternative to using Microsoft's Internet Explorer.

Sigh. Please ignore this comment if you religiously disagree, I won't argue. I just wanted to share some of those numbers from Secunia with you.

IE can still be a pretty competent browser if you use ActiveX stopping apps such as SpywareBlaster (which, marks the identified, bad activex controls, and is updated frequently with a definitions file).

I use both browsers at home. I know that IE is the one to blame here because of not being W3C, but Firefox still fails to render plenty of sites I visit incorrectly.

It's still a solid browser, though. It will be interesting to see if Microsoft did actually bring back the full IE development team back to the office, but logically it would seem like a wise move so I believe they did. It would be a nice thing to see these guys churn out a fully fledged version of IE (based on new code, perhaps?) - for the release of Longhorn.

First of all, I do not religiously disagree. Second, you are absolutely correct about the numbers. THAT being said...

"Besides IE being the most dangerous browser because of ActiveX programs. and besides its 18 unpatched internal security flaws (some extremely critical), Mozilla is still the browser of choice for its lack of depedency on the operating system (mess up the 60MB+ Internet Explorer and you reinstall Windows; mess up the 5MB Firefox and you reinstall it only)."

First statement is a general assumption based on ActiveX which I agree with. Second statement assumes that Secunia is either smarter than Microsoft (which may be true) or its "flaws" are mostly theoretical. Based on the fact that there have not been any malicious programs that use those security exploits, they are probably theoritical--time will tell. As far as the size/reinstalling, you could reinstall windows--but I would recommend re-installing IE from your source directory (assuming you downloaded the full version to disk rather than the windows update), and resetting winsocks (see Microsoft Knowledge Base Article 811259). Yes, IE is big. Just to let you know I heard a rumor that IE 7 Beta is much smaller (in fact less than 5 MB), so MS might be addressing this issue (if someone can confirm this please do so)...

"IE can still be a pretty competent browser if you use ActiveX stopping apps such as SpywareBlaster (which, marks the identified, bad activex controls, and is updated frequently with a definitions file)."

Interesting. I am not familiar with the software so I can't really don't know how exhaustive their list is. Maybe I am a bit on the paranoid side but I would be afraid that such a list might become extremely time consuming to maintain and would be outdated quickly. An malicious ActiveX blocker would be like anti-virus software that you would need to update frequently to keep effective. Although it might be effective it certainly is going to be more time consuming then not running the applets in the first place. That is probably less than ideal for some people.

"...but Firefox still fails to render plenty of sites I visit incorrectly."

This is unfortunately true but as it has become more popular the number of sites that have such problems are becoming less common. If Firefox continues the strong growth that it has had the last few months I would expect to see some webmasters to redesign their sites to work better with Firefox as it becomes more common.

"It would be a nice thing to see these guys churn out a fully fledged version of IE (based on new code, perhaps?) - for the release of Longhorn."

I have heard about this. The possibility of an overhaul of Internet Explorer(IE 7?) sounds promising. The folks at Microsoft weren't always so bad at maintaining Internet Explorer. In the late 90's Internet Explorer improved dramatically. Once they started dominating though they started to rest on their laurels. Unfortunately the last I heard Longhorn won't be available until sometime in early 2006. This isn't much consolation to people who would don't have access to an early beta of Longhorn.

"its "flaws" are mostly theoretical."

quoting l0pht:

'"That vulnerability is completely theoretical."
-- Microsoft
L0pht, Making the theoretical practical since 1992.'

http://web.archive.org/w...13/http://www.l0pht.com/

a bug is always a bug, trying to ignore it will backfire sooner or later

"Based on the fact that there have not been any malicious programs that use those security exploits, they are probably theoritical"

yes, lets wait for the bomb to explode before we try to defuse it, after all, it might be a fake one...

"Just to let you know I heard a rumor that IE 7 Beta is much smaller (in fact less than 5 MB),"

IE7 can have just 5Mb, the html core is inside the OS, so the browser just need to update few files directly connected to the interface... the rest will come inside normal "updates" for the html rendering engine

the IE folder right now uses only about 10Mb, but the main engine is inside the windows and you cant remove it

"a bug is always a bug, trying to ignore it will backfire sooner or later."

Yes, you're absolutely right! However, these are not "bugs"--I mean, have you read the technical details of these "flaws"? The famous "drag and drop" flaw assumes that someone would drag an image from a web site TO THEIR STARTUP FOLDER. Who in the world would open their startup folder, drag a .gif (or whatever) image and drop it in that folder? That's like saying "Format C:" is a vulnerability in cmd.exe. As for the others, some have this said at the end of the article:

"NOTE: Currently known attack vectors do not work on Windows XP systems with SP2 applied."

Unpatched, eh Secunia?

"the IE folder right now uses only about 10Mb, but the main engine is inside the windows and you cant remove it"

Shows how much you know about IE--Internet Explorer is part of Windows, yes, but even FireFox uses registered .dll files that IE uses. In fact, that's why FireFox is so small (notice that the mac/linux builds of firefox are 3-4MB larger). IE 6.0 SP1, technically speaking, is about 60 MB in size. However, the redistributables for a beta of IE 7 are less than 5 MB.

"The famous "drag and drop" flaw assumes that someone would drag an image from a web site TO THEIR STARTUP FOLDER."

you never hear about scripts? could be hard? yes, impossible? no...

yes, there are bugs that are hard to exploit, but check the openBSD mailing list and you will see that none are left behind and this already save then several times

check the l0pth archives, they used several "impossible to exploit holes" to exploit windows machines

the bug of crossing securities zones in IE existed for years, with little usefullness, until someone found a way to use it successful

"that folder? That's like saying "Format C:" is a vulnerability in cmd.exe."

yes if it allowed a normal user to do it, instead of just the administrator

"NOTE: Currently known attack vectors do not work on Windows XP systems with SP2 applied."

at least 2 security bug already have been discovered in XP sp2 and bypass the "run internet file?" warning and MS already said that it will not fix then... i'm waiting to this backfire very soon

also, not everyone use XP, much less SP2, so its still a BIG problem
(and dont say people should upgrade, i cant upgrade servers and its expensive to upgrade
hundred of machines... are you willing to pay the upgrade?)

"Shows how much you know about IE--Internet Explorer is part of Windows, yes,"

that was what i said, but firefox use the system dlls for helper for interaction with windows, IE use the system for everything...
the 10Mb of internet explorer are useless, you can erase it, the IE will still exist inside the system

"redistributables for a beta of IE 7 are less than 5 MB."

so, in a 60Mb package they will update 5Mb...
this show that they will not fix their browser, they will only update some thing in the interface, update some libraries and i'm almost sure, it will not suport win9x/winME because MS want's to kill then

so the IE7 will be another marketing release, nothing will really change, probably XP sp2 have changed more that IE7 will change

Thanks god we have mozilla and opera, linux, *bsd and mac, thanks god we have alternatives

This may sound like I am cowering away from your comments, but I simply don't have time to argue over this issue. I am not trying to make you think IE is better than FireFox--I am only defending IE.

"IE use the system for everything...
the 10Mb of internet explorer are useless, you can erase it, the IE will still exist inside the system"

Did you read my description? The 10MB of files in the "program files\internet explorer" folder have little to do with IE's size as you said. However, the redistributable files for IE 6.0 SP1 that you download from the web are about 60 megs of cab files, etc. that IE uses, and this includes outlook express, MDAC updates, and will install on Windows 98/Me/2000/XP.

"you never hear about scripts? could be hard? yes, impossible? no..."

A malicious script can only run if a user chooses to ignore the warnings or if it utilizes a vulnerability!!! Why work to exploit one vulnerability to use another one? Why not write the malicious script to do the dirty work to begin with? You are really stretching, or perhaps I define a security hole differently than you. But based on your definition, why could I not write a script (or batch file) to run a command prompt and do an unconditional format? Truth is you can (though this does not usually happen...viruses can't spread if the infected computer is unable to send it places), but this does not make format a vulnerability. A vulnerability, in my opinion, is executing arbitrary code without any warning and without allowing the user a choice. If a virus pops up and asks if you want to install it and the person has a choice, it did not exploit a vulnerability.

"check the l0pth archives, they used several "impossible to exploit holes" to exploit windows machines"

Know what? I don't have to. Those were impossible security holes as you said, but they are still holes. 90% of what's listed on secunia is either patched or isn't really a security hole.

"at least 2 security bug already have been discovered in XP sp2 and bypass the "run internet file?" warning and MS already said that it will not fix then... i'm waiting to this backfire very soon"

We shall see...

"Shows how much you know about IE--Internet Explorer is part of Windows, yes..."

The "yes" was in agreement with what you said earlier, not an argument.

"so the IE7 will be another marketing release, nothing will really change, probably XP sp2 have changed more that IE7 will change

Thanks god we have mozilla and opera, linux, *bsd and mac, thanks god we have alternatives"

Finally!!! Two consecutive facts that me and you agree on! I am not trying to bash other browsers-- if IE were the only one then microsoft would have zero need to fix any problems with it. If IE were not around, Mozilla may not have learned from Microsoft's mistakes. I am leaving this forum--we will not change each other's minds on this so no use continueing to argue. Feel free to reply and defend, of course, but don't expect another reply here--I have better things to do right now...

I am so sick and tired of you bas****s always complaining about Microsoft Internet Explorer this and Microsoft Internet Explorer that. Its all bulls***. I am bookmarking this page, and saving the contents, the next time someone says Mozilla doesn't have problems, first I will openly berate them for being a fool, then I will promptly post this advisory. Everyone needs to understand programmers are the same I don't give a s*** WHAT platform you run, EVERYONE makes mistakes, even mighty Mozilla/FireFox. Its not the company that is the problem, its the people. Period. the quicker everyone is reminded of that, quicker we an accept there will be problems with *EVERY* software, not just certain ones. the more people that use, the more like problems are going to occur.. You want perfection, software is not the place to look for it.

If you're tired of it, then don't read it. That way you won't get yourself so worked up. :)

I'm with you on this one,...anyone with a half a brain can configure IE to be just as secure as any 'other' browser.
People are just too lazy to take the time to learn!
I don't think Mozilla will ever be as complete as IE,/loading ALL content, therfore I don't like it..............to each his own, I guess!!

Firefox is better a better browser than IE. Also Firefox will have security updates available in a few days whereas Microsoft drags their feet with releasing security updates for IE.

No comment

anyone with a half a brain can configure IE to be just as secure as any 'other' browser.

then start writing manuals... IE6 before the XP SP2 had several security bug that you could only protect ourself by disable almost all IE capabilites... so you would get a html only browser that would NOT WORK in most of the internet sites

with XP sp2 things are better, but there were already found new bugs, like opening a "simple" jpg, so your "configure it" talk is impossible do do (or you would disable jpegs by default before knowing this bug?!)

I don't think Mozilla will ever be as complete as IE,/loading ALL content,

thanks god!!
activeX and other crap, we dont need it

bad html pages that breaks all the w3c standards might work in IE6, but change the IE version and you might not have the same page, might not work... even in IE Macintosh this bad pages work as badly as in mozilla

this is the a webmaster problem, they pages suck and that they seen to work in IE is because they only test on it and "workaround" only some parts of the bad html

try parsing these pages by the w3c validator and you see that crappy pages they are (validator.w3c.org)

mozilla, firefox, opera, konqueror, all try to respect the w3c standards and will load any standard html page
IE have some standards support, have many nom standard html code, is configured to guess html tags here they are missing, but this is impossible to do it always right, this will break other pages also

the standards exist so everything works as they should, everywere

you can dislike mozilla/firefox, but today everyone agrees that firefox is better in almost all ways that IE6

i agree that the worst security problem is the human factor, people cant just say "software X is and will always be more secure than Y", it will shot in their foot sonner or later

but one software can be safer than other, and mozilla package is safer than IE

-IE is connected to the system, any problem is a direct way to the system accounts
-MS didnt care for a long time about many small bugs, and now, after several of then were use to exploit remote machines they remember that a bug is always a bug... but after SP2 they went the same way, there are already small bugs discovered that might be used in the future to bypass the browser security checks
-mozilla were build thinking what is and isnt secure to do, the way it works is safer than IE, the code still might have bugs, but the internal way to transmit information is safer and isolate from the operative system
-firefox is still a beta program... very stable but can still have more bug than a stable one...
its hard to track security bugs when the internal code is always changing, the more the code stays the same, the more people will manage to find the security problems
in any software developement, the RC and PRE versions are version to correct bugs, search and find security problems, etc because people that spend 2 weeks searching for a problems will not spend this time studying a "moving" code

that is why mozilla only now is paying for security bugs findings, too early they would go without money, now is the time to seach for then, just before preparing the stable release

We debated these issues a few months ago. So far as I can tell you seem to be more concerned about trying to annoy other people rather than anything else. Just two days ago you posted a rather positive review about Firefox and then went on to flame other people for commenting that they like Firefox but liked Opera. You need to relax and cut back on the ad hominem attacks.

"anyone with a half a brain can configure IE to be just as secure as any 'other' browser."

It is possible to improve the security of IE but you are going to reduce it's usability greatly. When the Download.Ject issue was a problem 3 months ago the workaround was to turn off most of the scripting. Once you turn off much of the scripting a lot of pages won't work anymore.

As another user pointed out turning off images to avoid the jpeg vulnerability isn't a very good option. The problem is that once you eliminate many of the common avenues of attack you are going to be left with a browser that is largely crippled.

Try out WebSpeedReader. It uses multiple windows like a tabbed browser, but its document navigation and window management make it more efficient for reading news and search results. It takes a little time to get used to it, but well worth it, IMHO.

Secure = speed

Non secure = fast...

that simple

With the new updates......and constant updates at that, Mozilla's browsers are king. Firefox 1.0 preview release is the fastest browser I have ever touched.

You really can count on being secure by keeping your browsers up to date......hard to do that with Explorer though :(

You are wrong. Internet explorer sp2 is the most secure browser actually, it is better that mozilla firefox.

Actually, you need to download *another* patch to fix a global exploit -- affects IE? Outlook, Office, Windows, ... The fault lies in the JPEG decoder.

Thus, with IE's track record, Mozilla is still the more secure browser.

Microsoft has issued a critical security bulletin regarding a buffer overrun vulnerability that exists when Windows processes JPEG image files. The flaw could allow code to be remotely executed and give an attacker full control over an affected system.

Windows XP and Windows Server 2003 are vulnerable, as well as older versions of Windows running any of a long list of Microsoft software titles. Windows XP Service Pack 2 already contains a fix for JPEG processing, but may still be affected if Office is installed.
This article do not say nothing about Internet Explorer

then go check the security report... MS states that IE 6.x HAVE this security flaw...

win2k dont have it, as IE 5.x dont have this problem, but if you update to IE6, you will turn a nom-vulnerable system to a vulnerable one

dont belive that XP sp2 is more secure just because you get a warning when downloading apps, there are already 2 way of bypassing this warnings when executing this "internet" files
the fundamental problem is the link between IE and the system, IE have acess internally to too much system only things

Wow, I'm surprised :S

you shouldn't be. security is an illusion. there are plenty of holes in plenty of other browsers ... no one looks for them (hackers included) until the browser gets relatively popular though.

... and that's why Opera is the best choice at the moment. :)

All of these problems were fixed in the latest versions of Mozilla, Firefox and Thunderbird......and in fact were fixed in Mozilla 1.7.2, Firefox 0.9.3 and Thunderbird 0.7.3.

You seem to be forgetting that most users don't bother keeping their software up to date. Consider that the Blaster worm exploited a security hole that was fixed by MS a month prior, yet millions were still affected.

"All of these problems were fixed in the latest versions of Mozilla, Firefox and Thunderbird......and in fact were fixed in Mozilla 1.7.2, Firefox 0.9.3 and Thunderbird 0.7.3."

I don't mean to burst your bubble but that's not true. Mozilla 1.7.3 was released to fix these issues. They were also fixed in Thunderbird .8 and the Firefox 1.0 preview.

See http://www.mozilla.org/p...ities.html#mozilla1.7.3 for details.

Unless you are using Mozilla 1.7.3, the firefox preview release or a nightly build less than about a week old you are vulnerable to some or perhaps all of these vulnerabilities.

What's even worse about this is that some people who were converted over to Mozilla products will have an even less chance of updating their software. At least Windows Updates are indicated by an annoying popup bubble/icon in the corner.

Important Windows XP Service Pack 2 (SP2) is not affected by this issue. Windows XP SP2 users only need to update Office (if installed).

i use firefox and it is a great browser it is very fast and user friendly a++ for me.

there is a option in firefox to tell u if there is a new version available. it will popup a thing saying there is.

they all have flaws......all of them
but for me its Opera....no one bothers
with it.....and thats great

I use Firefox on my Linux box, and yes it is the best option for non-MS OS's, but IMO it is completely featureless when compared to programs like Maxthon, which uses the IE rendering engine. I'm not going to bash Firefox or any other browser/non-MS program, as it is programs like these that force MS to stay ahead. But, I'm not going to use these programs until they offer as much to me as MS products do.

There are no "safe" browsers out there anyhow, it's just a fact of life. Will continue to use Mozilla regardless.

I think chopper7's point was that Opera is secure by obscurity. Opera's market share is in the low single digits and unlikely to grow too significantly since you either have to pay or put up with ads. I think he is hoping that their aren't likely to be too many trojans to take advantage of bugs in Opera since the folks that write these things would prefer to go after larger targets.