Firefox 3.0.9 released
Firefox 3.0.9 released
Posted Apr 24, 2009 0:55 UTC (Fri) by pr1268 (guest, #24648)In reply to: Firefox 3.0.9 released by sbergman27
Parent article: Firefox 3.0.9 released
How soon we forget. Remember when Mike Zalewski demonstrated that the Firefox devs weren't bothering to do basic input validation on html
Wow, this is a sobering revelation of the quality of code (or lack thereof) in Firefox. But, my earlier post wasn't meant merely to defend Firefox, but rather the open-source nature of its development and the (assumed) security benefits proposed by Eric Raymond.
But, I agree with the tone of your post in that this level of coding sloppiness is unacceptable. If not only for the security and reliability of the running program, then for the perceived FUD that the proprietary software companies could theoretically use against open-source development in general.
Posted Apr 24, 2009 3:50 UTC (Fri)
by jordanb (guest, #45668)
[Link]
Open Source *can* be a source of greater assurances about system security due to greater access for legitimate auditors but the assumption that there are many people looking isn't always valid. Plus, crap code can be produced large quantities in either side of this industry. I've seen nothing about the Mozilla Corporation or Firefox that suggests that it's anything other than a code-churning organization and a horribly written product.
"Open Source" isn't magic pixie dust that turns offal into prime cuts.
Firefox 3.0.9 released