| |||||||||||||
Firefox buffer overflow and full disclosureFirefox buffer overflow and full disclosurePosted Sep 16, 2005 15:06 UTC (Fri) by cventers (subscriber, #31465)In reply to: Firefox buffer overflow and full disclosure by RobSeace Parent article: Firefox buffer overflow and full disclosure
Look... I don't dislike Firefox, and I hate Internet Explorer. I'd
(Log in to post comments)
Firefox buffer overflow and full disclosure Posted Sep 16, 2005 16:49 UTC (Fri) by RobSeace (subscriber, #4435) [Link] > Better than the competition? Yes. Really secure? The track record makes me> question that.
Ok, that's a perfectly reasonable stance... But, that's a far cry from
Firefox buffer overflow and full disclosure Posted Sep 16, 2005 22:44 UTC (Fri) by cventers (subscriber, #31465) [Link] Actually, there is a vast ocean of difference. And I was wrong. This ison /. today: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. ' I rest my case.
Firefox buffer overflow and full disclosure Posted Sep 17, 2005 15:47 UTC (Sat) by RobSeace (subscriber, #4435) [Link] Oh, please... I do hope you're joking, and aren't actually buying intothat ZDNet FUD... Comparing raw numbers of adviseries is never a good tactic, to start with... Product X may have a higher number of discovered bugs than product Y, but that says absolutely nothing about the relative security of the two... If all of product X's bugs are trivial and cause no serious problems, while all of product Y's are extremely serious and lead to easy exploitation and take-over of the system, then which would you rather be running?? If all of product X's bugs were fixed within a couple days, while all of product Y's remain unfixed to this day, which would you rather be running??
Firefox buffer overflow and full disclosure Posted Sep 17, 2005 19:34 UTC (Sat) by cventers (subscriber, #31465) [Link] Ok, then, how exactly do you quantify the difference in security betweenInternet Explorer and Firefox? So far all you've said is that Firefox is much more secure than Internet Explorer. Do you have any way at all to back up this claim? I got tired of being a Firefox apologist... perhaps you should too.
Firefox buffer overflow and full disclosure Posted Sep 17, 2005 20:11 UTC (Sat) by RobSeace (subscriber, #4435) [Link] How about number of machines/users infected/exploited because of each? Or, how about the idea proposed in the link from the first comment on this story: number of safe/unsafe days? Or, if you want to go with simple counts, how about separating the actual critical/important bugs from the minor/trivial ones, and compare apples to apples and oranges to oranges, at least? Or, how about you actually follow the links in that ZDNet story to Secunia, and read what THEY actually have to say on the matter, rather than some ZDNet mouthpiece with an axe to grind? ("Mozilla Firefox 1.x ... 22 total advisories ... 0% extremely critical, 23% highly critical, 36% moderately critical, 32% less critical, 9% not critical ... leads to system access: 18% ... remains unpatched: 14%" versus "Microsoft Internet Explorer 6.x ... 85 total advisories ... 14% extremely critical, 29% highly critical, 20% moderately critical, 14% less critical, 22% not critical ... leads to system access: 31% ... remains unpatched: 28%"... Does Firefox look great? No, certainly not... But, it's not even on the same universe of insecurity as IE is...)
Firefox buffer overflow and full disclosure Posted Sep 17, 2005 20:18 UTC (Sat) by cventers (subscriber, #31465) [Link] I see no point in continuing to push this debate along - neither one ofus is going to have an impact in either the number of Firefox/IE users or the number of Firefox/IE vulnerabilities. You're probably right on all regards about establishing the security difference (who knows, I don't feel like arguing about it). The bottom line? I guess your definition of universe differs from mine. Firefox looks incredibly insecure to me. So does Internet Explorer. If you could define some magic security number and rank all of the Internet Browsers, Internet Explorer would probably be the worst, followed by Firefox, followed by the rest of the browsers. I made this basic claim a number of posts back, and you felt determined to point out this universe of difference between the two. Frankly, the gap doesn't seem *that* wide to me. At the end of the day, though, what have we won? I've wasted a cumulative half an hour arguing over it, and so have you.
Firefox buffer overflow and full disclosure Posted Sep 17, 2005 21:29 UTC (Sat) by RobSeace (subscriber, #4435) [Link] Arguing online never accomplishes much... But, it's sometimes fun... ;-)
As for other browsers besides IE and FF, I don't know... But, so few people
Now, maybe you could argue that other browsers are more deserving of the
But, anyway... Like you say, I think we've pretty much said as much as we
|
|||||||||||||