Attack code out for old Firefox bug

TalkBack 23 of 33:

Next »

« Previous

• Thread View
• Flat View

You're wrong

"On the other hand, IE is hard-coded into Windows, so whatever flaws the OS has, IE picks up, and vice versa."

Wrong.

"


TalkBack: Reply to message


Thank you for participating in the ZDNet Community. Please don't post advertisements, profanity or personal attacks. Offending messages will be removed. Click here to review our Terms of Use.


Attack code out for old Firefox bug


TalkBack 20 of 23:



Successful Exploits
Hi, NonZealot.

You said:

If Firefox has critical vulnerabilities and IE has critical vulnerabilities, the only possible explanation for the proliferation of successful IE exploits has nothing to do with the code and everything to do with the users.

I think you're not thinking about this the right way. You also have to think about the security models of Firefox and IE. When FireFox runs, it runs as a separate application, agnostic in terms of the OS. (i.e., it runs the same way in Linux as it does in Windows as it does on the Mac). On the other hand, IE is hard-coded into Windows, so whatever flaws the OS has, IE picks up, and vice versa.

Then, there's the issue of corporate accountability. In the open source model that Firefox follows, there's no real reason to hold back on releasing a fix. As soon as it's developed, it goes out the door (whether the door in question belongs to one of the developers or one of the many contributors). On the other hand, when IE has a bug, there's lots of money and corporate reputation at stake, so the fixes are much slower in coming, and Microsoft isn't very eager to let people know about it until there is one."

If this is true, they why do the mozilla developers continually downplay vulnerabilities? The [url=http://www.mozilla.org/security/announce/mfsa2005-50.html]vulnerability [/url] this exploit taps was rated as "moderate" by the Mozilla team. Would you call remote code executuion "moderate"? In Microsoft's case, it's "corporate image" and in Mozilla's case it's "ego", but the result seems to be the same to me.

"Finally, you have to realize that some of IE's exploits are self-proliferating, in the sense that you can get attacked through IE and have your Outlook slam other users. That doesn't happen in Firefox, because Firefox doesn't have the same hooks into Windows."

Wrong again. A remote code execution vulnerability in Firefox can do anything it can do in IE.

Posted by: toadlife   Posted on: 12/14/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
• Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now