mozilla exploit
mozilla has an exploited vulnerability.
but at least theres a fix for it.
ive recently wondered if the reason there are so many exploits to the internet explorer browser was because it is so popular and wide-spread.
with mozilla on the rise, will we see more vulnerabilities be exploited?
[via]
08 JUL
2004
2004
1 Love Notes
We will surely see more vulnerabilities discovered in Mozilla as its popularity rises -- the same could be said for any software, anywhere. But Mozilla will never be as open to attack as IE for the simple reason that it does not implement ActiveX, the chief source of IE security problems.
Microsoft designed ActiveX specifically to allow websites to run executable content in your browser. This would be fine if not for their abysmal neglect of proper security restrictions -- note that Java applets also run executable content in the browser, but you never hear about Java applet worms and virii, because the JVM has a proper security model.
ActiveX is a huge mess that Microsoft *will not fix* for fear of breaking existing sites that depend on it (including Windows Update). They release one patch after another, but the fundamental security weaknesses will remain until they get the balls to force everyone to upgrade to a safer browser (which, ironically, is happening anyway -- it's just not a Microsoft browser).
Also, notice how quickly the bugfix was released after the initial reports. Microsoft has left known security holes unpatched for weeks, sometimes months.
Conclusion: we don't need to worry that Mozilla/Firefox will ever become the security nightmare that IE is.
Leave a comment