If you have nothing else to write about, then perhaps I should become the news editor.

"A vulnerability in defaul installations of the affected software that allows code to be executed with minimal user interaction."

That's like saying 'someone can take control of your PC if you give them the administrator password'

"Operating Systems Affected:"
"Windows (Various versions to be determined)"
So we can guess it probably exploits the fact that Win9x/Me is crap for security.

Tell me that it effects WinXP SP2 default install, and I might get worried about the mindless zombies out there, but even if it allowed a remote code execution WITHOUT user interaction, it wouldn't worry me as an IE / Outlook user.

Be smart about it, and educate people, don't just say Firefox/Thunderbird!! r0x0rs! M$ bites because everyone else says so!

Firefox is slow, Thunderbird is light years behind Outlook.

Buggy

Who would even use IE and OE when we have Firefox and Thunderbird which are more secure, have more features and are developed much faster. They also look a lot better and you can use themes to change the looks if you don't like the default one. And the developers actualy listen to uses when they ask them for some new feature.

FireFox is cool and works well, however, Thunderbird sucks. It's slow and doesn't support http based e-mail.

Get your facts straight. Thunderbird does, in fact, support html mail (and does it well IMO). See http://www.mozilla.org/products/thunderbird/

You are wrong. Thunderbird is mutch faster then Outlook. It's faster to open and to download the email. And you can see HTML Emails if you want.

Have you been reading Firefox has more than it's share of problems, and will continue to have them as it's popularity builds.
I'm not at all impressed with firefox, it is slow has several bugs has little in features. Everybody is trying to make features for it but most suck. If you like it, use it, you deserve a featureless browser.

I said http not html. Look at the time I posted/edited it, it was before you posted.

Before you tell someone else to get the facts straight you might want to be sure in fact that they are wrong and that you aren't. I have searched tb 1.0.2 and still no http e-mail support. I never said it didn't support HTML I SAID HTTP. Learn to read.

Will it never end?

It's getting pretty annoying listening to all the pseudo-nerds argue about the best browser.

As long as humans are writing the code and subhumans are hacking away at it, no browser will ever be declared "secure." I don't care if I'm using Mozilla or Microsoft, either one is going to have its weaknesses at any given time. The best security is preventative security.

Just to add in another classic angle of the argument - Thunderbird is comparable to Outlook Express, not to Outlook.

Statements like "Thunderbird is better than Outlook" is comparing apples and oranges.

I use Outlook 2003 so that I can use an Exchange server and have a shared calendar, task list, and contacts that is used within my business. I also like how an Exchange server provides a web-based interface for accessing the data from a computer without Outlook setup.

Outlook and Thunderbird aren't comparable -- they are very different programs.

(As a sidenote, I use Mozilla Firefox. I use the app that fits. If 'Mozilla Lightning' properly integrates a shared calendar, task list, and e-mail in a similar way to Outlook, then it's comparable).

Just as an aside, The client "Evolution" will connect to an Exchange Server.

Your Email client doesn't share the stuff! Your email server shares your stuff. you can also run on an open exchange server from suse. ist is mutch better then the microsoft one. and you allso have a mutch better webinterface.

I hardly call "IE/Outlook having security flaws" a news. :D

At least we are protected!

I'll get it over with & say
thunderbird/firefox

do you really believe that if firefox/thunderbird were the dominant browser/email client that ie and oe are today, that they would not have some of the same problems with security. i think that it is mainly a numbers game and ie etc.. are the big target solely because of that. it stands to reason that if you have all the main players in the security field looking for flaws in your product that they are going to find them. if all that effort were suddenly diverted to mozilla software how long do you think it would take for a string of security flaws to manifest itself.
how quickly you forget the spoof web site flaw that also affected firefox. if they had to deal with security threats as regularly as redmond i'm pretty certain they would grind to a halt.

I have one word for you: ActiveX.

What pisses me off is that people brag about firefox being so much more secure than IE by "not implementing" ActiveX. (boasting it as a feature)

Wow, great job developers. I bet it took you a while not to implement ActiveX.

Mozilla had tons of security problems, but back then nobody cared, and nobody posted a news report on big sites because a "flaw" was detected.

It's only now, that firefox is famous these things are posted.

So let's not be hyprocrites about this please. Both browsers have security problems...

Its all about choice, Some are free and some are not. IE is the norm cus its there allready on Windows and people are lazy or not experienced or oblivious to the choice. For everyone else we can download what the hell you want and use it. And for those people we have news updates and hack reports to base our decisions on. I use Firefox and IE. Coupled with Seganos Internet anon pro to filter out ActiveX, scripts, browser ident and refer.

I concider Firewall, AV and Antispyware to be essenial and concider myself to by comfortably safe.

Im not stuck to these, if any flaws come I will change should I think i need to, but Firefox is my default browser for now.

The argument that because FF is less popular therefore hackers dont target it is getting old. The key is that FF doesnt impliment ActiveX and is therefore less vulnerable. Do you really believe someone out there is trying to hack FF just becuase it has a smaller market share? What color is the sky on the planet where you live anyway?

I dono how you guys can use Active X as an excuse; they fixed that problem with service pack 2, Now it ask you if you would like to allow Active X.

Oh, yeah. And the Mozilla team didn't take an entire month off in early 2000 to focus solely on security issues after which security problems increased significantly.

No one is saying Mozilla or Firefox or Opera or lynx is perfect, far from it, Firefox has bugs that bug the crap out of me. The difference is that security problems have been far less frequent, fixes are available quickly (as they usually are for IE), and most importantly improvements in Firefox come out relatively quickly and not on a biennial basis, like IE which hadn't changed significantly from a user's point of view from IE 4.0 in 1997 to XP SP 2 last year.

If several Mozilla projects simultaneously develop a laughable reputation for the number of exploits they expose for several years, and claims are repeatedly made that security is being addressed amidst increasing exploit reports, then they will be on par with MS. It's not just IE. Heck IE is one of the better ones... it's Outlook, Outlook Express, WMP, SQL Server, IIS and who know what else? If edlin were written today, it would probably expose kernel functionality through scripting and be a usable vector for rooting a Windows machine over the network.

Firefox isn't better because it was hard work to not implement ActiveX, but rather Microsoft was lazy in creating ActiveX in the first place (at least in their implementing it in the browser, otherwise it's not bad) which is essentially a deliberate security exploit to make up for laziness in developing a true Web application platform. Has Java had anywhere near the security problems compared to ActiveX? Has PHP? Not that I'm aware of. Apache is used far more than IIS, but it has fewer security problems.

The difference is MS never cared about security until the Internet made it an issue whereas in the Unix/Linux world security was considered from Day 1. All software has bugs, but on one side it comes from human error or minor design problems whereas on the other side it is caused by fundamental design flaws caused by shoehorning real security into a system where each process was historically able to control the entire machine, and then exacerbated by human error.

The Internet took MS by surprise, but the Unix/Linux world was ready for it. Networking was far more integral to the evolution of that end, and that mentality and expertise has been utilized in creating new projects which far exceed Microsoft's apps both from learning from the latter's mistakes, and also from not being burdened with remaining compliant with a 20-year legacy of tradeoff, hacks, and bad ideas.

You are kidding, aren't you?

The more a computer asks potentially confusing or meaningless questions, the more likely a user is going to develop a habit of hitting "Yes" to get that damn dialog out of his face. Even a conscientious user must have considerable knowledge and/or experience to discern when it is really safe to do so.

MS has got to quit allowing you to disable a feature and calling that a security fix. My car will never crash if I can't start it up. I'll never die in a plane crash if I never ride in one. But I don't consider those as "improvements" to the safety of driving or flying.

No, they wouldn't have the same problems, because they actually CARE that their clients have a secure, safe browsing experience. To that end, they work constantly on the browser fixing bugs, cleaning up code, and otherwise improving the browser (in such a way that it will run on almost any modern platform, including older versions of Windows).

Microsoft, on the other hand, doesn't give a flying fig about IE users unless they're running Windows XP SP2, and even then - they haven't secured it anywhere near what they'd like you to think they have.

Microsoft CHOSE to have the activeX "feature", integrating the browser into the OS. It doesn't matter what features browsers do and do not have. What matters is the ease of use, and yes, for now it's Firefox. If you can't see that then you're either ignorant or lazy.

If you so bothered about it turn activeX off, a few mouse clicks and its sorted, cant you be bothered to do that ?

God the macho egos!

If you men are so good at criticizing everything then make a browser of your own!

Until then have Securities up best you can, in a layered format, and deal with it!

I'm not bothered by ActiveX because it might harm me, but I am bothered when ActiveX or some other MS flaw^h^h^h^h feature swamps the entire net with worm activity.

Some people don't read properly.

Are you jealous that you don't work for MS?

IE with another sucurity problem. well what else is new.

I've made a browser. I found by not implementing anything, the browser is totally secure and there is no way it has vulnerabilities.

Hehe, Firefox IS the dominant browser today.
IE is old, fat, buggy crap.

IE MANY MANY MANY FIREFOX FEW FEW FEW

AND IF YOU REFUSE TO ALLOW ACTIVE-X TO BE INSTALLED, YOU CAN'T EVEN DOWNLOAD MS SERIVCE PACKS - SOUNDS LIKE A PLAN TO ME!!!!

The domain name 'flaw' as you call it, was more a flaw in the IDN spec than in Mozilla and other affected browsers. The only reason IE didn't have the same flaw was because they were behind the 8-ball and hadn't even implemented IDN yet.

Bit rough criticising them for that.

hey cool can you send me a link to that browser or the browser it self? 5ketcher(at)gmx(dot)net. Thanks in advance.

Grow-up did your mommy not teach you to learn what you are talking about before you speak.

Just how many of these security flaws has affected you personally? Give me a break, someone crys fire and you run even when the fire doesn't affect you get a clue.

Then post it. Maybe you will be the next bill Gates oh wise one, with all the answers.