Haha so many hypocrites.

still better than internet explorer :P

Blah blah blah blah blah....

Call me when there is a "real" problem with the browser that someone actually gets their computer comprimised by.

Blah blah blah blah.....hype....etc...

Here are the key statements:

"Secunia warned on Tuesday that critical vulnerabilities within the Linux and Unix versions of Firefox"

"Mozilla responded on Wednesday by issuing version 1.0.7 of the browser that addresses the flaw."

Where's the problem? Upgrade and forget about it.

its interesting to note this thread is about linux and a flaw within it and everyone is jumping around going "haha you are no superior then the rest we were right you were wrong" the article talks about linux and this whole topic is now a "your browser isnt as superior as you thought" tired of the trolling and REALLY tired of the cute M$ its old

" this thread is about linux and a flaw within it"

Er...no. It's a thread about Firefox for Linux OS, dude...read the title.

Don't want to discuss browsers? Try to stay away from articles covering them, eh?

reread the article. This article isnt about linux, it is about a few select red hat based distributions that have security holes when this or that is done or installed. It has long been a given fact in the linux community that redhat based distributions are among the least secure. I will start to worry when something is posted about a debian based distro...

Well, it seems to me that firefox has its fair share of bugs to.

Definitely NOT the safest browser around!

Fortunately Lynx and Opera are still secure!

Dont go acting like most firefox users, Firefox was believed to be one of the most secure browsers because of its lack of ActiveX functionality, but then people started to use it. The more popular a piece of software gets, in relations to browsers, is in direct proportion to the frequency at which flaws will be discovered. Be aware, this is for the most part, and it not always true. But firefox has proven it, and now that opera is free, I have a feeling we will begin to see more holes in its browser (maybe not as many as others, but we will see them)

While it's true that increased use = increased visibility so that holes that do exist are more likely to be found, it does not necessarily imply that one browser is more or less insecure than any other.

You're using correlation to prove a theoretical connection.

It's like saying the drop in Pirates since the 1800's is a direct cause of Global Warming. Yes, inversely, the two corellate to some degree...but does that prove we need more pirates?

Arrrh. You decide, matey.

Thats why I said its not ALWAYS true and I said for the most part. Your right, popularity doesnt always contribute to insecurity, but it does contribute to the fact that the holes that are there are discovered at a faster rate if the software is more popular

Sorry.

You seem to have a bent against firefox (in regards to other posts of yours I have read) so my interpretation of your post may have leaned in that direction.

Perception, again... tricky stuff.

Of course, I could just cop out and say my reply was in response to the originator of the thread, but... while it would fit, I was, in fact, swayed by your past posts. I apologize for that.

Yeah, understandable. Just for clarification, I am not an anti-firefox zealot. I love firefox, I use it as my primary browser, I was just trying to argue to people why opera is still superior to firefox :) I just dont use it because of certain lacks in functionality I require a browser to have if I am going to make it my primary

I am amused by your logic. Opera is better, yet you use FireFox because Opera doesn't have the features you need....

I confused am.

I require a browser be able to adapt to the way I surf. I have purchased several addon programs that work fine with netscape, firefox, and IE, but since Opera is closed to 3rd parties, I am required to look elsewhere as I dont wish to lose the investment and time I have put into the third party programs I use. Opera is by far the better browser, but it is closed to 3rd parties so until it is no longer, I wont be able to make it my primary. The functionality it does have in the areas I use, is sub par in my opinion (namely the form filling and the wand)

So the usefullness of a brower, in your opinion, is not in the browser itself, but in the 3rd party apps it is capable of running?

This is not a flame, I am simply trying to understand your train of thought here.

Also, you keep saying Opera is better "by far". What is it, specifically, that, in your opinion, makes it so much better?

but did you write it? (Ad Muncher)

Yes, I would like to know too.

"Also, you keep saying Opera is better "by far". What is it, specifically, that, in your opinion, makes it so much better?"

Lynx is the most secure browser in existence, bar none!

Well Firefox and Linux will have a few problems too, I still will use both just as I still us XP.

BTW what is with this xpicleanup.exe crap in version 1.07 of FF? Other versions didn't try and load it at startup.

Just my opinion, but I consider it idiotic to log in as root, in the first place. I consider it equally idiotic to have any personal files on a system that are not encrypted, leaving them open for the taking. If it's personal and on my system, it's encrypted with PGP. If some bored kid out there manages to hack a passphrase, consisting of more than 30 alphanumeric characters, including capitals, punctuation and spaces, perhaps they deserve access to my personal files. If it's personal, then it's going to be protected, whether from remote attacks or physical seizure. If you leave your doors open, you should expect uninvited guests.

As always, there are varying levels of comfort vs. security. On the subect of logging as root, I agree with you, as does just about every major version of Linux; making this security risk somewhat less.....risky.

On the other hand, I don't have any national secrets on my drive, nor do spies frequent my abode, so I may be a little lax in encrypting all of my personal files.

To each his own.

I have no national secrets on my system, either. However, I don't think that things like my banking records, safe combinations and personal correspondence are something I'd like available to just anyone. Therefore, it only takes a matter of a couple of seconds to secure the documents. Just as I use a paper shredder before I dump any hardcopies in the trash. And no, I don't trust government, either. Especially not when laws are passed, allowing "fishing trips." Perhaps having lived in third world countries for about 13 years altered my sense of trust. In any event, anyone who is worried about having personal files on their computer compromised by hacking could take the precaution. If you don't protect yourself, you can't expect someone else to do it for you.

Why I am not surprised? People are always telling others how secure FF is and I keep telling them that NO software can ever be truely secure, or bug free. It does not matter is you are running on Windows, Linux or Macs, someday someone will find a way around the software (bug or security!)

I think they are simply trying to imply that it is inherently *more* secure than previous versions of Internet Explorer.

Both arguments are futile. Comparing FF to IE (pre-SP2) is anachronistic. They existed at different times.

Post SP2 IE is quite secure. FF, without the extensions, seems equally secure, but has the perception of being more secure because it hasn't had the negative history IE has.

People need to look at what's guiding their perceptions here...history is just that.

Simple solution to this "flaw".

Log into a limited account; not as root. Problem solved and this little exploit becomes relatively harmless.

Since most *nix variants follow this rule, most *nix users will not have to worry about this.

But I'd update my FF anyway.

"Log into a limited account; not as root. Problem solved and this little exploit becomes relatively harmless."

Nonsense; that would only stop the attacker from modifying system files. The attacker would still be able to read and modify any of your personal files, which does present a significant security risk. For example, it would be trivial for an attacker to extract saved passwords from your browser or e-mail client. Or, they could simply tar up your entire home directory and send it to some remote server. Harmless, you say?

Depends on your level of use.

If you're using linux, you probably aren;t storing important passwords in you cookies or home directory.

Again, look at the level of user we're talking about here. This isn't Grandma's PC.

The exploit runs at the level of access firefox does. So if firefox can get to your cookies, so can this exploit. The same applies to saved passwords, browser history, etc.

FF's flaws are getting exposed one after the other. I hope this brings some FF worshipers back to reality: FF is just another good browser, not a panacea.

Nevertheless, I applaud Mozilla for releasing the latest patch so quickly. Let's hope they did their QA well this time.

It's a huge contrast to say, MS, which often takes weeks to patch vulnerabilities, sometimes even delaying critical updates...

MS builds FAR more complex software, tightly integrated into the OS. FF devs build, in contrast, standalone apps that have no dependencies anywhere else.

You can take that any way you like it, but it's still a fact of life.

In that light, the more complex an engine is, the longer it takes to fix. Also, the larger an organization is, the longer things take to get done. Tried IBM lately>

To criticize a company without understanding the nature of their products only betrays one's ignorance.

That being said, it doesn't surprize me that flaws exist. Anything built by a human has flaws, never mind the mindless zealotry.

End of discussion.

The reason they oft have to delay their patches is because they have to test them with much more software than firefox does. Would you rather microsoft rush a patch, put it out, and then fix it when it breaks something they should have tested in the first place?

Good point.

But when it comes to the user...do you want your stable patches now (FF), or your stable patches in a month (IE)?

End of Discussion... How short-sighted of you. :P Besides, I'm bored.

"In that light, the more complex an engine is, the longer it takes to fix. Also, the larger an organization is, the longer things take to get done"

So does that make FF a better browser by default? Less complex and therefore easier to fix so that patches get released faster?

How much integration does one really need...it's a browser, right?

Just playing the game, here. It seems to me that response to security threats would be one of the major factors in determining how 'secure' a browser is.

While thats true, I've seen two releases from firefox that have required an additional minor release to fix a problem in the supposed fix. 1.01 to 1.02 to 1.03 was one example and 1.03 to 1.04 to 1.05 is another example. Both of those releases (1.04 and 1.05, 1.02 and 1.03) were released within days of the original fix being released. Firefox can afford to do this as they only have to support that browser, they dont have the additional windows integration to worry about, and they dont have to worry about if their patch will mess up anything that might be used by a third party app which uses IE in its core.

My point still holds. In the time it took FF to release a bad patch...and then patch the patch, IE would have been still testing and another month would yet go by before a patch was seen.

This is all moot. I wouldn't use IE either way simply because I'm hooked on the FF interface, and as a platform for extensions, so...

I guess the main debate here is whether it is more secure to be able torelease patches in a timely manner, or to have tried and tested patches with a longer dev cycle.

Unfortunately, the answer will always be subjective.

"So does that make FF a better browser by default?"

No - just a much simpler effort.

"could allow an attacker to easily execute shell commands on a user's system."

Ouch.

That's pretty nasty.

Not really.

This will have no effect on any of the *nix systems out there running with an account other than root, which I'd hazard to guess would be the great majority of them.

This only affects systems who are running a system logged in as root (or some other super-user account)...which is bad. They deserve everything they get.

Hype. Gotta love it.