is this news? or just the weekly list of flaws? :P

Important System Message ==> Browser used to view and enter this message = FIREFOX :P

Microsoft Sam is repairing your internet code deficiencies nowwwwwww.

Is two greater than five?

http://yahoolian.dyndns..../firefox-vs-ie-security

What Else Is New.

edit: repeat of someone elses quote

*sigh*...MS will fix it, but will this ever end? It's the same bloody thing over and over again; remote code execution. Of course, there's some sniveling, overweight, snot-nose punkass loser ready to exploit it at the drop of a hat. For all you crackers out there, @#&% you! You ought to be disgusted with yourselves. Where in Sam hell is your consience!? Anyways, I digress and must keep my emotions in check. After all, it's to be expected; we've been in the midst of a downward, spiralling out of control regression of humankind since around the late 80's. It's appropriately known as Devolution.

Not a surprise.

In other news, smoking is bad for you.

Patch for IE flaw:
http://www.mozilla.org/products/firefox/

didnt firefox just fix a flaw, ya they did

Ahh, but it's a minor one, and FF isn't tightly tied into your OS.

Well apparently "Extreemely Critical" meens "a minor one" when refering to FF...

lol. I was about to reply with the same comment.

Have fun rebooting your entire infrastructure when MS releases it's next browser patch. There goes your uptime!

That's what clusters and load balancers are for. ;-)

Yes, Firefox fixed a IDN flaw a few days after it was reported.......the key word is fixed, and in a timely manner.......Microspud will fix this some time around X-mas probably

Actually, it's just a work-around that disables the feature alogether for now. They're still working on a "fix."

That being said, they were quick to provide at least a temporary solution.

They issued a new version of Firefox (1.0.7) that fixes the flaw.

Yup. MS, you need to fix your existing patches and get one ready for this issue too...it would be very unwise at this point for MS to wait until next patch Tuesday, regardless of original plans, as yet another flaw is revealed.

Note to Ed Oswald: Based on the first two sentences in your last paragraph (which is irrelevant at this time BTW), it's safe to say you still have issues with MS. But with SP2 being over a year old now--get over it!!!

"it would be very unwise at this point for MS to wait until next patch Tuesday"
after every patch tuesday, there is a hacks wednesday

Maybe you guys would be interested in reading this article I found on Slashdot.org.

prostoalex writes "With Firefox market share reaching a substantial level, is the popular Internet browser becoming a security nightmare for IT administrators? George Ou takes a look at the hard numbers. From the article: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. Conclusion? As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005.'"

Maybe you should stop bashing MS, and understand your browser is not perfect.... and nor is IE, thats life nobody's perfect, and none will every be so move on and stop whining.

With the only difference that there is usually a fix for crititcal flaws available within 48Hours while MS sometimes takes up to 6 months to poorely avoid a flaw by simply removing a functionality (D&D exploit anyone?!) With the upcoming autoupdating capabilities of FF1.5 hotfixes _can_ be done in background without any user action. Oh and by the way, do you realy think that one could compare the numbers of NEWLY discoverd flaws of a AGED product to the ones of a totaly NEW one. Try adding all IE bugs since 6.0 (actually since 5.0 since there are some minor flaws that are still not fixed) and all FF bugs since 1.0, imho those numbers would be way more conclusive.

Thats not realistic either, 5.0/6.0 have been out wayy longer than FF 1.0. There is really no equivelent comparison as when IE 5.0 released, security was not the biggest concern and less vulnerabilities were found/fixed.

And actually FF has removed features as bugfixes or put advisories to do so a lot more often than MS has. The only time I can remember MS doing this is with the login in url issue (http://user:pass@host).

Maybe a fair way to do this would be compare all the critical bugs released only.

Oh and btw, fairness does not actually matter now that I think about it. Once FF got to 1.0, it was advertised for usage and as more secure, that means it should be. The question at hand is whether it is currently more secure, not whether after they have as much time as IE in the market they are secure.

I agree.
Firefox and it's supporters claim to fame is "Security". I hold it to a higher standard for that reason and because, as the fans are prone to say, it is not tied to the OS, so fixes only need address the browser.
Still, slow or temp patches/workarounds are the case many times.

But, just where do I need to go to have all the 'problems' others find/report? I live in China, visit 'dangerous' sites, download and install lots of things.

I've yet to be hijacked, compromised. etc.

BTW- I use FF 1.06, didn't like I.E. 7 because of the lack of Adblock. Otherwise, I'd stick to IE.

Considering that Microspud has cancelled "Patch Tuesdays" I dont think this is going to happen

ahh, but thats what Google toolbar, Maxathon and Avant are for.

I am getting really tired of both of these arguments. FireFox users keep saying "fixes are quick" or "fixes come withing 48 hours" or "with it being open source the users fix it rapidly". The hassle is the same for users who have to constantly go out and get FF or IE fixes and install them. IE vs FF is like American politics; each side reads the same things and interprets them completely differently, and each side thinks the other is moronic. Use what you want to use and I'll use what I want to use.

I think it has already been shown that the higher the market share there is a sharp increase reported bugs and flaws, simply because the number of users is greater and more flaws are located. When FireFox first came out security flaws were unheard of, and everyone thought it was the IE killer because it was more secure. I'm sure with every release of FireFox there will be new flaws discovered and even more flaws that existed in older versions. This is what happens when you add new features and functionality.

Unless you are a programmer, and I mean a real programmer, not just a programmer at home, you really should not judge. It is extremely difficult to create bug free software when there are real deadlines and a budget. Couple those things, with the complexities and intricacies of coding an operating system or completely secure internet browser, and no one would be perfect.

As one previous poster pointed out, the problem is all of these idiots that sit in their parents basements drinking Mt. Dew, eating Ramen, chatting to their internet girlfriends (or boyfriends, since I don't want to be sexist haha) and hammering at software to find security flaws.