Slashdot Log In
Mozilla: The Good And The Bad
Posted by
timothy
on Wed Nov 06, 2002 01:13 PM
from the 10-dollar-fine-if-you-said-ugly dept.
from the 10-dollar-fine-if-you-said-ugly dept.
Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!).
Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ).
Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."
This discussion has been archived.
No new comments can be posted.
Mozilla: The Good And The Bad
|
Log In/Create an Account
| Top
| 582 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
Re:Bug reporting? (Score:5, Insightful)
Yeah, imagine that, the Evil MS notifies customers that an update is avaliable, but the wonderful Mozilla organisation has people visiting the site looking for an updated version or patch. I know that my family at least finds that much easier because they have a deep interest in what web browser they use to browse the interweb...
If you're gonna complain about MS, at least use a valid argument, god knows there's a lot of them, but the kneejerk whining about MS being evil doesn't really do any good for anyone.
Re:Bug reporting? (Score:4, Insightful)
Microsoft notifes us *when a patch is available*.
The Mozilla community notifies us *when a security flaw is found*.
Do you want to know about a problem when it is discovered, or after someone has already engineered a fix?
If your car was discovered to be prone to stopping dead on the highway and blowing up, you'd want to know before the manufacturer figured out how to make it stop doing that. You'd want to have the option of choosing to risk it, or parking the car and driving something else for a little while.
Now you know what activies are prone to security dangers, and can either avoid those activities or use another browser for a while.
Open enough? (Score:4, Interesting)
The main reasoning seems to be that vendors should be able to protect their customers.
But what happened with the privacy leak [slashdot.org] recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.
Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"
This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.
6 bug more !? (Score:5, Funny)
Most are already fixed (Score:5, Insightful)
Re:Most are already fixed (Score:5, Informative)
Seriously, this isn't as big a deal as it looks, folks.
Re:Most are already fixed (Score:4, Insightful)
Why users "should" switch (Score:5, Insightful)
"...resource for convincing stubborn Internet Explorer users why they should switch..."
Should be:
- Provides a better subjective browsing experience
If that's not true, you'll never win.Re:Why users "should" switch (Score:5, Funny)
Well, damn, your computer is so fast it can finish an infinite loop in ten minutes.
Re:Why users "should" switch (Score:5, Insightful)
To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.
Read the entire article.... (Score:5, Informative)
Re:Read the entire article.... (Score:4, Informative)
I saw this mentioned on The Screensavers last night and IMO the Register article is greatly overstating the magnitude of the vulnerabilities. These are all known, patched bugs. Good to motivate people to stay up to date, but this is a lousy way to evaluate a product's security.
Let's talk about the known, unpatched bugs in MSIE instead.
31 security vulnerabilities in IE (Score:5, Informative)
Here's a link. On November 6, 2002, there were 31 security vulnerabilities in Microsoft Internet Explorer [pivx.com]
The link is taken from: Windows XP Shows the Direction Microsoft is Going. [hevanet.com]. If Spanish is your native language: Windows XP muestra la dirección que Microsoft está tomando. [hevanet.com]
Re:Read the entire article.... (Score:5, Insightful)
Newsflash: Old buggy release has bugs (Score:4, Informative)
NTLM auth (Score:5, Informative)
Re:NTLM auth (Score:5, Insightful)
Re:A Word on Mozilla (Score:5, Informative)
That's strange because I've found that Mozilla is more stable and faster in Windows vs. its Linux couterpart.
These are already fixed (Score:5, Informative)
10 Things... (Score:5, Insightful)
Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat? Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.
Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE.
Re:10 Things... (Score:5, Insightful)
Frankly, I didn't think the '101 things you can do with Mozilla' was that interesting. Most of the stuff there I'd only care about if I were doing web development today. In that case, yes it'd be really cool. But they're trying to oversell features that most people don't use. I just wanna browse the web, I don't care about color coded source viewing. I do care about the browser opening fast without hogging all the RAM. (Fortunately I'm an Opera user.)
Re:Here's two (Score:4, Informative)
File --> Edit Page
Bug Confirmation (Score:3, Insightful)
Take the time to compare Mozilla's submitted bug report and their official bug list versus Microsoft's (that is if you can find a copy of it).
Re:The one thing it doesn't do (Score:5, Insightful)
It's a shame that these Fortune 500 companies choose inferior products with inferior support on the basis that they're able to hear a human voice when there's some sort of problem; regardless of whether or not that human voice has the slightest understanding of the problem, the solution, or even the product.
Re:The one thing it doesn't do (Score:5, Insightful)
I dread calling them. It costs money, immense amounts of time, and I would sit on hold just knowing I'd end up with a moron who would suggest that I try rebooting.
This notion that a software company must be responsible for it's software, so that someone can be held liable and can be counted on to help, is really just dependency and lack of personal responsiblity, and ultimately a crutch. MCSE means Must Consult Someone Else.
Perhaps Fortune 500 companies ARE Fortune 500 companies because they pass the task of software support and maintanence off to the companies that make the software, and focus on their core business.
But they're also the ones spending obscene amounts of money and time trying to understand Microsofts insane licensing policies.
They're spending time and money evaluating Microsoft's DRM moves, preparing to deal with the inevitable (some would say immediate) consequences of Microsoft's negative, condescending attitude toward it's customers.
They're the ones who woke up one day and realized they were renting software, not buying it, and that they have an evil landlord and can't do anything about it. They're just happy their investors also like Microsoft so that they percieve this dependency as a "strategic relationship". They're the ones subject to the whip hand.
I've never walked into a Fortune 500 company and seen Mozilla. I've also never let the public see me having sex. Neither of those means that it doesn't happen.
It's about the browser (Score:5, Insightful)
How my favourite bug [mozilla.org] was turned into a feature is the best example I have of how easy it is to get off the track with big projects like this.
The bug got lost in several threads, flames and arguments about what IE does or does not do, until it was finally marked WONTFIX by a Mozilla demi-god. IMHO, they missed the point. There is a constant refrain in Bugzilla about whether something is "standard" or not.
From my experience, the argument about web standards is used to either fix or not fix something, depending on how someone feels about a problem.
Don't think it's a problem? don't fix it and say "it's not standard, so we won;t" or "it's not standard, but we break the standard everywhere where it makes sense". Some behaviour need changing? The same arguments apply.
I may be just whining here, but sometime I think the fact that Mozilla is a web browser is lost in the arguments. I still love Moz, but the fact that the right-margin jumps around on my otherwise fine HTML 4.x and CSS pages will always bother me.
Misinformation (Score:5, Interesting)
Just some great investigative reporting on The Register's part. My friend's half-brother's cousin says...
Mozilla has had a lot more security bugs then six, anyway. So if they were trying to be silly and sensational, they could have done better. Most "security bugs", in Mozilla and other applications, and very minor and require very special sets of circumstances. Every app has them.
The only difference is they're fixed in Mozilla in days. MSIE still has unpatched holes. (There's a page somewhere that lists them with example code, maybe someone could post that URL, it's rather interesting... lists when the hole was discovered, and when [if] a patch was made available).
Re:Misinformation (Score:5, Informative)