hmm some incorrect facts in the article already hightlighted by the others..

security in an app online is not only determined by how secure your application is, and because 100% security is not achievable for various reasons, it is also determined by how fast the vendor fixes its security flaws ( provided it knows about them) ..

So far firefox has been updated and fixed quickly.. so no complaints for me so far.. and for that extension issue.. it's teh extension creator fault.. (but not anymore since the flaw has already been fixed)

In IE6, I'd go Tools, Options, Advanced, and UNcheck "Enable third-party browser enhancements" as a generic way to kill all BHOs, toolbars, and such intrusions/integrations that web sites might try to foist on IE.

What's the equivalent in FireFox? It'sobvious that there needs to be one; I'm already killing "allow software installs", but that attempts to stop the wrong end of the problem - it's worth doing, but we need to kill anything that has already made it into FireFox somehow.

It's called uninstall all of your extensions. Firefox provides a nice dialog box with access to all of the extensions (yes, all, always) and a happy little button to uninstall them. If you really want a totally fresh start, you can also create a new profile. Profiles are where all of your browser settings, extensions, bookmarks, etc. are stored, so creating and using a new profile will give you a fresh start with no muss and fuss.

Here's the big difference I see: Although ActiveX content now requires approval by default (at least in Windows XP SP2), the Web site gets to initiate the process of installation. It gets to trigger the security bar pop up that asks you if you want to install the ActiveX component. No Web site gets to ask you whether or not you want to install a Firefox plug-in, other than providing an "Install Now" button or something. You must diliberately go to the plug-in page, choose the plug-in, and install it. Most home users will likely never install a Firefox plug-in. Many would probably never even realize they exist. But I'm confident that many of those same home users install ActiveX controls without thinking twice about it. "Apparently, I must have this to use this Web site. I guess I better install it." The difference is that the plug-in architecture makes installing plug-ins more like downloading and installing software -- something that you must deliberately choose to do. If someone doesn't go around Web pages randomly hitting "Install Now" buttons, it's not likley they would ever install a plug-in without evaluating their need for it. They would have to first seek it out. With IE and ActiveX, the Web page gets to prompt you to install the ActiveX component. That's a different ball game in my mind. If I'm going to release a moderately informed person onto the Internet, I think I know which of these provides the better chance of offering a problem-free experience.

And none of this takes into consideration users of Windows 2000, ME, or 98. They still exist, you know. As far as I know, the "Welcome" mat is still out in the most up-to-date version of IE in each of these operating systems. Windows XP SP2 may close the gap and give us something to debate when choosing between IE and Firefox, but the older versions of Windows make the choice a no brainer.

I'd personally like to see the ability to install plug-ins turned off by default in Firefox. Since most inexperienced users will likely use the default setting, this eliminates some of the risk involved with plug-ins. I wouldn't even mind if this was something you had to control in about:config. That makes it that much more difficult for inexperienced users to get in trouble.

And don't forget that Greasemonkey isn't just an ordinary extension, it's a pretty obscure one. I would guess that 100% of the Firefox users who have installed Greasemonkey are very very knowledgeable. There isn't a single naive computer user who is vulnerable here.

FireFox got it's pretty face messed up a little bit. It will be alright, but now you can't boast about security so much anymore hopefully. More than likley things will not change.

Firefox is unchanged, idiot. It was an extension's security flaw, not the browsers.

RTFA.

an extension shouldn't be able to have a "security flaw" ...

An extension is basically a separate application. The only difference is that it happens to work hand-in-hand with Firefox. If you go to a website and install a program that modifies a multiplayer game on your computer so that your game starts sending out a bunch of spam, is that the game's fault? No, it's the fault of that program you downloaded, and it's your fault for downloading it.

Effectively, Firefox extensions are just regular programs. Firefox was just developed to have a way for these programs to be developed easily to work with the browser. But they're still separate applications, with much of the power of real programs, and you should treat them as such.

"Now, it appears that Firefox -- vaunted for its security -- may be affected by similar problems."

Apparently by simillar, they mean not. ActiveX is completely and totally different from FF plugin support.

ActiveX runs code directly from web-pages that can not-only affect the browser, but execute behind the scenes without user intervention. FireFox plugins must be manually approved by the user. This is default behavior for both browsers which can be changed by a user who knows how.

If you get screwed by ActiveX, blame MS for enabling it by default. If you get screwed by a plug-in in FireFox, blame yourself, you stupid twit, for installing it.

For the third time--ActiveX is not "Behind the Scenes" people, IE warns users before installing anything, and displays an extra warning when the publisher of the content is not recognized.

...when patched.

For the third time (not really) - I'm talking default configurations, unpatched, in all their pristine glory.

"This is default behavior for both browsers which can be changed by a user who knows how. "

Okay, perhaps I should have stated "default, unpatched"

Default is patched!!! If you buy Windows XP it comes with SP2! Even without it (say with 98SE or Windows 2000 SP4) Windows still gives a warning by default. Yes Windows 98SE and Windows 2000 will have to be fully patched to completely prevent exploits...and yes XP with no service packs needs patched too BUT IT'S 4 YEARS OLD. FF is brand new, wait 4 years and FF 1.0 will have to be "fully patched" to be secure too.

wtf, FF is insecure in it's current state, should they be held accountable for that after they update it? In either browser the insecurities fully come from user interaction. Anything that is run arbitrarily is quickly fixed. Yeah, IE 3.0 is much more insecure than current FF, but what does that have to do with the very latest IE? FF users are stuck in the past, comparing current FF security to past IE flaws. How about getting up to date and then compare. If people have security problems with IE, it is the users fault, same as the current FF problem.

Well, obviously, I don't have access to your time-machine, so I did not see the flaws in FF 4 years from now.

If I did have one though, I'd probably find that FF had released a few new versions in that 4 years, so 1.0 would be irrelevant. (kinda like IE3 is irrelevant)

But...no time machine. All I got is what I see happening right now, and that is users running windows/IE6 on a system they bought 4 years ago, unpatched, with ActiveX code being executed without permission. Still don't think it happens? Look at the MS patch databse. How many of those patches are to prevent code from being run arbitrarily on your PC? I also see folks running FF Pre1.0 without having to worry about code being executed without permission.

Usually, I agree with you. We're generally on the same page, but here we are at odds. No biggie, but this is getting no-one anywhere fast. We're way the hell off-topic now.

Main point: This artice does not concern FireFox. It Concerns a plugin that must be manually installed. This is not an issue. Please move along, nothing to see here...

>FF is insecure in it's current state

No, it isn't. The plugin in question is, but not the browser. Get your facts right.

>should they be held accountable for that after they update it

They don't write the plugins, they have no responsibility regarding them.

>Anything that is run arbitrarily is quickly fixed.

Considering this has yet to happen in FireFox, this statement is void. The browser does not allow code to be run arbitrarily, a plugin could if coded badly...hence the current issue being a plugin issue,not a browser issue.

>Yeah, IE 3.0 is much more insecure than current FF, but what does that have to do with the very latest IE

Absolutely nothing.

>FF users are stuck in the past, comparing current FF security to past IE flaws. How about getting up to date and then compare.

Sure, lets. Visit any site running ActiveX web-apps and look at the 'warnings'. Then go and install a few extensions in FireFox. Let me know which is more likely to be abused and which one the average user is more likely to let slide.

> If people have security problems with IE, it is the users fault, same as the current FF problem.

You'd be right if IE wasn't part of the OS itself. Someone blows up FF? Reinstall the browser. Someone blows up IE? Format/reinstall Windows. Same? Hardly.

Good twisting there kid.

Care to elaborate, or are you just letting that statement hang because you can't come up with anything better?

I am ending now because you are just going to keep coming back with some fanatic twist on every comment until you have the final say. I have been in many of these debates with your type, and by viewing the rest of your comments this will not end unless you finish it, I have learned to step away from such close minded debates.

The fact is, if you are up to date with either browser they are secure. In any other case, it is the users fault if they have problems either by not having the latest updates, or by someone installing some insecure FF plugin or IE ActiveX control by choice. You can spin that how you like, but that is the facts.

IE: http://secunia.com/product/11/
Firefox: http://secunia.com/product/4227/

Pie Charts:
http://secunia.com/graph...;period=all&prod=11
http://secunia.com/graph...eriod=all&prod=4227

If by "fact", you mean in a full-patched state that 30% == 14%(at the current time), then yes, the world is flat and 2+2 = 5.

http://nanobox.chipx86.com/security_summary.php

I'm not convinced.

You can uninstall Firefox plugins. Besides this plugin was patched within 48 hours.

If I read the posts here it is abvious that I'm not talking to normal consumers with just a little knowhow, how to browse pages on the internet, how to use a mouse, to turn on and off a PC and that's it. No matter what, Firefox made it possible to install plugs, Firefox made it possible that not all pages are rendered the right way on the screen and so on. It is Firefox who made it so easy and with a wide open door inviting people to write plugs and to use them. Sure they wont come up with certificates or anything like that. Imagine what it requires to keep track of all plugs and the costs involved in this.
Same as IE or any other software, OS and so on.... In the end nothing will be 100% safe so people don't pretend and think before you start to be loud and trying to protect Firefox. It is a great browser to use and I can also come up with lot's of positive talks still it isn't the perfect thing yet.

"Firefox made it possible that not all pages are rendered the right way on the screen and so on."
This isn't really something Mozilla has done on purpose. This is simply because they don't use the same rendering engine as MSIE, and the majority of pages were built to display on MSIE. That isn't the fault of Mozilla in the least

"It is Firefox who made it so easy and with a wide open door inviting people to write plugs and to use them."
All I can say is I hope you keep your distance from open-source projects. This is their very nature. This is the reason why projects such as Mozilla make it as far and with such progress as they do.

By your explanation, someone who discoveres a hole in any software and exploits it is not to blame for the problems it causes... it's the problem of the developers of the software for leaving a hole.

-next part not aimed at you in particular-

I know, as well as most computer savvy people know, that Firefox isn't 100% safe (which you agree with). But blaming it's open-ended nature for the problems a deviant's extension caused is completely ignoring the successes that exact nature has created. I, for one, will continue to use Firefox, as I receive less problems with it (based on experience not "articles") than MSIE. Simply put, for myself, I find it a much better, and customizable (hurray!) browser.

If I read your post correctly it is obvious that you know nothing of the history of the internet. Firefox did not make it posible for pages to rendered improperly Microspud did when they insisted that web pages be written to conform to MSIE standard instead of an Industry Standard that virtually all other web site designers agreed to.

Ha ha now this is the big joke with Firefox, plug in and create the same IE problems. I'm a Firefox and IE user myself and was wondering for how long I will go on using Firefox as still I have to switch from Firefox to IE all the time to get a page in the right way on my screen. Or the page is not supported by an ActiveX script. So I did install the ActiveX indeed in Firefox. And sure with me hundreds of other people who get sick and tired of the industrie setting their own standards.
I would say to all people get a good virus scanner, a couple of spyware apps and your safe. Antvir Guard (http://www.free-av.com/)is for free so is MS Anti Spyware. I like the way Firefox is working with tabs but sure not heaven as many try to tell me. It just is not heaven and they are not compatible with many web pages. I said it before, I don't care if web designers design in the right or wrong way, I just want to see the page rendering on my screen in the right way without switching all the time between the one or the other browser. And Firefox is one of those trends where all people scream about but a 10% on the market is not that much and I doubt if they come any further.
If I ask simple consumers (not the tech guys or internet junkies) they all using IE and they probl. will do so with the new IE 7. To bad for Firefox they made there software an open door for the problems which come up now, as it was so easy to predict people loading plugs to get the same functianality as IE. Now who's grazy here IE or Firefox? Firefox not to blame for this? They made an open door by allowing a plug in door. What a terrible mistake they made!

"I said it before, I don't care if web designers design in the right or wrong way, I just want to see the page rendering on my screen in the right way without switching all the time between the one or the other browser."

Firefox is different in that it sets out to be rigidly and exclusively standards compliant. Therefore if you are 'Firefox Compliant' you are by definition compliant with all other browsers that obey the standards. You are not writing a site for 10% of the audience, but 100%. I would prefer to have my site viewable by 100% of my customers than a mere 90% (and still falling).

"And Firefox is one of those trends where all people scream about but a 10% on the market is not that much and I doubt if they come any further."

If you ask a shop owner if they would be happy for someone to stand at their shop door and throw out every tenth person who was going to come in, they would be horrified. Bear in mind that it is only the last few customers who make the profit. The rest are covering costs. If 10% of your customers didn't like your product, that's one thing. If 10%, 1 in 10, of your customers can't even *see* you product, that's something else.

At least the extensions can be removed when necessary.

You're all misleading. IE asks the user twice before installing ActiveX scripts. Once with the security bar, and then again with a prompt with CLEAR information.

well lad,

I would recommend you to install a good spyware detection program and deny all plugins, and then after one month you scan your system. You'll be surprised how many items are found under the category 'programs'.

Firefox does much better job at this.

Mozilla could cure this growing problem by simply creating a "Certification" of extensions that are safe to run, and also simply building in the most popular extensions into FF. Until then, use it at your own risk and don't pretend that idiots aren't out to exploit either the weaknesses of FF or any given extension.

yeah have "certification" in a sense that you can only add extensions that are posted on addons.mozilla.org withtout actively having to "open" access to get extensions from other sites.

But the article is misleading. The problem lies not in the extensionsarchitecture but in the extension itself. And the way it has been created you would have to go OUT OF YOUR WAY to install a malicious extension

What a misleading story,its a dam 3rd party addon (which is being fixed) that has the issue.. pfft.

Will you guys please stop the knee-jerk reaction to this and give sensible responses? It was only a matter of time before an exploitable extension was released, these things happen.

That said, the article does questionably compare Firefox extensions to the MSIE security situation. This is a false comparison, since most of MSIE's security problems stemmed from executing arbitrary code, from remote, using default MSIE settings. As-is, you'd have to install this Firefox extension to be vulnerable to the problem. That is a definite step down in terms of severity from simply using the default settings.

On to the issue at hand...

Just as you can use Firefox to download completely random freeware applications to your computer, you can install completely random Firefox extensions if you so choose.

The net result is the same in both cases, you're running untrusted code on your computer that isn't necessarily of assured quality, and this was done manually (not automatically) at your discretion.

Some view this as the fault of Mozilla.org and Firefox. I disagree. These are the same people who blame Microsoft when they get infected with spyware because they installed an untrusted application without question.

The important thing to remember here is that Firefox is a browser, not a all-seeing-eye that alerts you to every possible problem.

If you'd download and run an application which modifies Firefox to spawn popups, is Firefox at fault? Of course not, only operating-system level settings can prevent that kind of issue.

I agree with all that...

Exactly. Blaming FF for an extension vulnerability is like blaming IE for a Shockwave Flash bug.

The two are wholly un-related. If the extension/plug-in hoses your system, blame the extension/plug-in, not the browser.

DUDE OMG MY ETHERNET CARD LET A VIRUS IN!!1!

WTH, WHY DID IT SEND ME A VIRUS!???

It's not the ethernet card's fault it sent a virus - it just sends data, just like it's not FF's fault an extension writer has a major vulnerability in _his_ extension - FF just uses the extension, if _you_ choose to install it.

Most of you are missing the point. I don't care if it is Mozilla's, Microsoft's, Hackers, or whomever's fault it is. The point is home users will not be secure with FireFox (or Opera or IE or any other browser). It takes more than that, hence the "FireFox blocks spyware for good" theory is out the window. This story, although very misleading, has some valid points.

Er....

They will be secure with FireFox unless they install 3rd party plug-ins/extensions that are vulnerable.

Yeah, they may get the occaisional pop-under ad, but it won't harm the PC unless they hit the 'install' button.

Who ever wrote this article is scaremongering and missleading everyone into thinking FF has a security problem, even though its to do with a plugin.

One could say the same about the betanews site with the fake information at the very bottom of this page missleading people into thinking there computer is in need of updates.

Its all very missleading.

no ... you need to read the full article:

""Isn't this a huge hole in Firefox as a whole? What is to stop extensions from being added to my browser that open it up to malicious content? Isn't this the same as the problems that IE has? IE is fine until you start allowing plug-ins, add-ons and scripts," one user wrote on the Slashdot technology Web log."

If an extension can be installed that can compromise firefox and the entire pc what is the difference between an extension and activex?

The difference is that they're entirely different technologies. ActiveX is designed to integrate the web with your browser. Thanks to nobody thinking about this in advance, it was full of holes and allowed websites to install random content to your computer (mostly malware) without your consent.

Directly comparing this to something which you voluntarily installed is completely wrong. A better comparison would be saying that Firefox's Download Manager is fundamentally flawed because you can use it to download an arbitrary application that's full of malware. Obviously, nobody is going to say that since it's utterly ridiculous.

uh.... *you* have to install the extension. *You* must explicitly giveit permission to install. If it hoses your system, *you* are responsible, not the browser.

ActiveX is enabled by default. You doon't have to give it permission to hose your system, it will gladly do it for you.

MS takes you out of the loop in an effort to enhance the 'user-experience'. FireFox forces you to take on this responsibility. This alone, IMO, makes it far more secure than IE in their default configurations.

The post you quote is BS. Which is normal, for /., of course. IE is *not* fine until you start allowing plug-ins, add-ons, and scripts. ActiveX, enabled OOB, is more than enough to allow malicious content to be executed on your machine.

This is just dumb. Of course plugins can cause security problems. I mean, Firefox plugins are intended to be able to do 'virtually' anything. Theoretically you could write a Firefox extension that accesses your entire hard drive.

The entire structure of Firefox plugins would have to be reconsidered/rewritten to prevent any security problems. Franky, I don't think this is Firefox's problem at all.

too right.

how is that firefox's problem its the guy who wrote the plugin

Hah, hypocrites.

hehe

It was hacked by a competitor to shake the public's faith in Firefox's security..

Okay, this story is quite misleading. The issues with Internet Explorer certainly don't begin with plugins, and even so, the plugin issue is totally different. Firefox always requires user confirmation before installing any kind of plugin or running any kind of program that could possibly have access to your system. Internet Explorer, on the other hand, is regularly exploited to install things without any user interaction at all.

You really can't consider security vulnerabilities in plugins as a fault of the web browser any more than you can consider vulnerabilities in programs you download as a fault of the web browser you used to download them. Any web browser can download and install malicious software if the users chooses to install it. I think it's a major stretch, at best, to claim that the web browser is responsible for these kinds of vulnerabilities.

Putting plugins completely aside, Internet Explorer still has heaps of vulnerabilities. According to Secunia, a major security tracking company, Internet Explorer still has a highly critical vulnerability from 2003 unfixed, and highly critical and extremely critical vulnerabilities from 2004 still unfixed, among many others. Firefox's most serious vulnerability still open was marked as only moderately critical, and it only has 5 vulnerabilities in total. That's quite a difference.

The biggest problem with IE is that extensions and components can be installed without user intervention - while there is certainly the potential to install similarily dangerous components with Firefox, the user has to agree to the install - there's no such item as an automatic behind the scenes install in Firefox.

Oddly enough though - seems to me if extensions (once installed) are going to be as potentially dangerous as ActiveX components can be, why not add support for ActiveX... the only obvious reason being they're not cross platform, but having them would allow Firefox on Windows to do everything IE can do, only better ;)

CORRECT!!!!

Automatic behind the scenes install--not with MS either if you are using a fully patched version of IE. Many ActiveX components can only work maliciously through extensions, and who's to say FF won't have a security hole discovered allowing installation without intervention? It might be possible...if it happens FF will quickly fix it I'm sure, but all of the IE problems have been patched as well, so NO, IE CANNOT INSTALL ANYTHING WITHOUT YOUR KNOWLEDGE unless it is not fully patched.

you should know better than that.

IE, with all the latest patches installed, in it's default configuration can still install software without a user prompt. If you said it prompts the user about most software, you'd be 100% correct, however, it's still not 100% secure in that respect.

I'm sure everyone's impressed that your system is virus and spyware impervious using IE, except maybe the software tech who inspects your system and finds all the garbage you have no clue is there.

Keywords...with the latest patches.

I cannot count on two hands the number of systems I have seen this week alone that are not patched, and worse, still in OOB configurations. In such cases, ActiveX can, and will, allow malicious code to execute. This is the main problem.

Many windows users rarely update, if at all. In it's default state, this leaves IE wide open to attack, wheras FF, in it's default state, requires you explicitly allow malicious code to execute.

Unfortunately, most of these same users wouldn't think twice about allowing malicious code to run in *any* browser so long as it was cleverly disgused as an advert for "P3n15 3nL4G3M3N7"...

Or not...

The problem is with the 0.4 alpha builds and buils prior to 0.3.5. In other words ... there's a fix already out there.

Also, this is an extension, not a plug-in. And it's not part of Firefox itself, it's something you can add on. When doing so, you need to evaluate the security risks yourself and install only extensions that you trust.

This isn't Mozilla's fault.

EDIT: Forgot to mention that this is NOT like IE which can do "drive-by downloads." YOU volunarily install this, and, in fact, you really have to know what you're doing to get GreaseMonkey installed because it's not on the default whitelist. Also ... what's with the trend recently of BetaNews simply mirroring Slashdot artlcles and then *using comments in them as part of the story*?!

Wow, this article sure makes this sound like a huge problem with FireFox, when it has absolutely nothing to do with the browsers' security, but is a flaw in a third party extension. A plugin, that I doubt is used by more than one or two percent of FireFox users. I'm a pretty hardcore computer user, and I just found out about this extension a few weeks ago. The kind of people who would use this extension probably keep up on news anyway and will most likely update this before there is any chance of getting attacked.

I agree with you. This has nothing to do with the browser.

They are saying it is a problem with Firefox--but that this is the first problematic extension to show up. They are saying it a problem with Firefox making it easy to install enhancements... it just wont be heavily exploited until Firefox is popular and an appealing target. Maybe spyware vendors should start packaging their stuff as extensions....

I have been noticing this is a trend with betanews, especially Nate Mook's articles about Firefox. He headlines his articles with what I see as yellow journalism about the browser to get people to read them, but when you get into the meat of the post you find that the problem is not with the browser itself, the problem is with third party extensions. Perhaps Mr Mook should hide his antithesis about FireFox a bit better. As for the assertion that this is a huge hole in Firefox, the hole is in the extension not the browser.....dont download extensions that make the browser vulnerable, as it comes off Mozilla's web site Firefox is the most secure thing out there.

Well, first off, why is Firefox giving plugins free reign to access any file on the computer??? Shouldn't Firefox put in some type of security there?

I'm sure some feature rich plugins might need file level access (can't think of one off the top of my head), but this is definitely not one of them. Why didn't they add in levels of security, where the user can define which plugins have access to what.

This IS a problem with Firefox. There ISN'T ANY SECURITY around their plugin model.

Eventually companies like Gator will start making Spy/Adware plugins for Firefox and people will be stupid enough to install them so that they can get (insert nifty feature here). And these companies will have free reign on the users computer because Firefox isn't restricting them.

No, FF shouldn't add security to the plug-ins, it's the plug-in author's job and would defeat the purpose behind them.

Look, Policing plug-ins is *not* the browser's job. These are intended for power-users who want additional features or who require more control over the sites they visit, either passive, or active.

People will always be stupid. At least in FF, you have to be explicitly stupid in allowing a plug-in to install (you pulled the trigger, pal, deal with it). With IE, it's a drive-by; You don't know it hit ya until you're lying, bleeding, on the ground.

One of the main benefits of FireFox's plugin architecture is that virtually anything is possible. Do you have to take responsibity and use a little caution when installing them? Yes. If you're an idiot who installs every plugin that flys by, you're getting what you deserve.

This i what happens when you allow anyone and everybody that decides they want to make some thing for your browser do it. These things should be tested for crap like this before they are ever released.

testing = time, money. Firefox Certified (tm) fees much like Windows Hardware Quality Labs (WHQL), which we know means nothing in the real world. Would bog everything down all for the sake of a few rotten apples that can be had from installing Extensions (which can and will happen with certification anyway), and would delay useful and great extensions (and extension updates) into the bureacracy. No thanks, I'd rather have my Extensions unfiltered and uncertified, but certainly informed of any breach in security if it has been found.

roflmao!!!

Seriously? You want Mozilla devs to critique EVERY plugin released by any joe-blow wanna-be coder? Get real!

If a plugin is faulty, it is quickly weeded out by natural selection. Even if you do dig for it, the comments will generally tell you it's state.

I can make any ActiveX script I want for IE. If I do a good enough job, I can get it to execute without the user even knowing I did it. Any plugin I make for FireFox must be explicity allowed by the user. They *cannot* be installed or executed passively.

If you shoot yourself in the head, don't whine about the blood in your eyes.

And don't forget that Greasemonkey isn't just an ordinary extension, it's a pretty obscure one. I would guess that 100% of the Firefox users who have installed Greasemonkey are very very knowledgeable. There isn't a single naive computer user who is vulnerable here.

you said it glib. i'd rather have my extensions also.

internet exploder has been usless for a while now. the only reason they won vs netscape was b/c they would crash netscape each new windows version. they did the same to lotus vs ms word.

anyways, Firefox gets updated waaaaaay faster then IE. This will be patched before it becomes a problem.

also agree that it's a SMALL FEATURE exploit here. most don't even use greasemonkey.

Firefox w/o any extensions is safer. Who's got yer back? I like knowing that open code is viewed by the masses. Firefox is protected by people who care about the code. It might not be you or me but the first person to find the hole gets their recognition and it's always a race for finding any holes if they are there.

Microsh|t products tend to be flakey. Combining the Internet Exploder with Windows was very bad. You view the wrong page and yer system goes down. Combine that with having to go to their website for the latest patch and needing a valid windows cd key. That means pirates won't be as safe with IE as they can't get the needed updates. It just makes sense to switch. There is even an extension for those who need certain pages to work with craptive X features.

The best thing to do when a site wants more then a simple login is to just view another site. Anything that won't load in Firefox isin't going to be viewed here. The page is broke? so what? It's not like there aren't a million other pages to look at. Reeeeealy now.

Even when Windows comes out with their new version of IE with tabs I won't go back.

In Firfox updates and security patches are ready when you get a little red icon at the top right. Click it, it'll check their site for the updates needed and you can carry on. Fast and easy updates.

oh ya, the weather bar extension doesn't infest my computer either (as with anything on their website. firefox made a site specifically FOR trusted extensions with feedback from real people). Microsoft has had time to get all this done, it's just not profitable for them. Slowly all my programs are going free and open source. Thank God they make open source code for Windows newbs like myself...lol. sourceforge.net people. Amazing things from that place (and it allows you to build photon cannons for defence! lol)