Comments on: Talking to co-workers about browser security http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/ Random musings from the radical feminist Christian antiracist left - some having to do with Ubuntu Sat, 11 Feb 2012 06:53:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Rillip http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-334 Rillip Mon, 23 Jul 2007 08:37:50 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-334 I use Opera myself, but I'm not worried about security overmuch, to be honest. I don't htink I've ever seen a security/bugfix for Opera. It hasa more regular release cycle than IE, but not as updated as FF I think. Personally I feel I.E. is less safe. Even patched, in Windows XP and before, it is too integrated into the system; an I.E. exploied == OS Exploit. I use Opera myself, but I’m not worried about security overmuch, to be honest. I don’t htink I’ve ever seen a security/bugfix for Opera. It hasa more regular release cycle than IE, but not as updated as FF I think.

Personally I feel I.E. is less safe. Even patched, in Windows XP and before, it is too integrated into the system; an I.E. exploied == OS Exploit.

]]> By: ubuntucat http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-343 ubuntucat Wed, 18 Jul 2007 17:22:00 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-343 Just as an update, it's a week later, and Firefox has finally been patched for this flaw: Fixed in Firefox 2.0.0.5 MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to wyciwyg:// documents MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer MFSA 2007-22 File type confusion due to %00 in name MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document MFSA 2007-20 Frame spoofing while window is loading MFSA 2007-19 XSS using addEventListener and setTimeout MFSA 2007-18 Crashes with evidence of memory corruption Not sure how long the Internet Explorer patch will take, though. Just as an update, it’s a week later, and Firefox has finally been patched for this flaw:

Fixed in Firefox 2.0.0.5
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption

Not sure how long the Internet Explorer patch will take, though.

]]> By: Frak http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-342 Frak Mon, 16 Jul 2007 23:35:17 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-342 Patched or no, switch to linux, such as Ubuntu, because the Linux kernel restricts remote code execution. Windows doesn't care as long as it ends with a .cab or .exe. Patched or no, switch to linux, such as Ubuntu, because the Linux kernel restricts remote code execution. Windows doesn’t care as long as it ends with a .cab or .exe.

]]> By: Edmund http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-336 Edmund Thu, 12 Jul 2007 18:55:28 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-336 Patched or no, there is no accounting for stupidity. Firefox is inherently more secure, inherently more well-made than IE. Given a dumb user, FF makes for a better choice. Patched or no, there is no accounting for stupidity. Firefox is inherently more secure, inherently more well-made than IE. Given a dumb user, FF makes for a better choice.

]]> By: Alejandro http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-335 Alejandro Wed, 11 Jul 2007 21:41:15 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-335 It's not just the browser. It's the spirit. I find it rude and technically sloppy for a site to require a browser. Thus, I'll penalize them by depriving them of my traffic. They'll probably get an email from me, too. It’s not just the browser. It’s the spirit. I find it rude and technically sloppy for a site to require a browser. Thus, I’ll penalize them by depriving them of my traffic. They’ll probably get an email from me, too.

]]> By: ubuntucat http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-339 ubuntucat Wed, 11 Jul 2007 20:20:20 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-339 Certainly I'd recommend Firefox if someone asked for a browser recommendation, but I think if you run IE7 with a fully patched Windows and a fully patched IE, it shouldn't be too terrible. Certainly I’d recommend Firefox if someone asked for a browser recommendation, but I think if you run IE7 with a fully patched Windows and a fully patched IE, it shouldn’t be too terrible.

]]> By: Alejandro http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-338 Alejandro Wed, 11 Jul 2007 19:58:18 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-338 Edmundo: If it were up to me, I'd visit another site before using IE... Edmundo: If it were up to me, I’d visit another site before using IE…

]]> By: Alejandro http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-337 Alejandro Wed, 11 Jul 2007 19:48:23 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-337 Firefox is the more secure browser of the two, by far. However, its security might have been oversold: Firefox (like Linux) acquired a reputation for being invulnerable, and no software is invulnerable. That's probably part of the reason why Firefox bugs make the headlines more often. Again, part of the reason. Firefox is the more secure browser of the two, by far. However, its security might have been oversold: Firefox (like Linux) acquired a reputation for being invulnerable, and no software is invulnerable. That’s probably part of the reason why Firefox bugs make the headlines more often.

Again, part of the reason.

]]> By: Edmundo http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-340 Edmundo Wed, 11 Jul 2007 19:48:19 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-340 Don't use IE! There are many, many more security "flaws" and vulnerabilities in IE than Firefox, and it is a security risk to use IE (regardless of platform). Unless a site absolutely, positively require it (like your mother's MLS issue), never ever use IE. Ever. Don’t use IE! There are many, many more security “flaws” and vulnerabilities in IE than Firefox, and it is a security risk to use IE (regardless of platform). Unless a site absolutely, positively require it (like your mother’s MLS issue), never ever use IE. Ever.

]]> By: Anurag Panda http://www.psychocats.net/ubuntucat/talking-to-co-workers-about-browser-security/comment-page-1/#comment-341 Anurag Panda Wed, 11 Jul 2007 17:09:17 +0000 http://ubuntucat.wordpress.com/2007/07/11/talking-to-co-workers-about-browser-security/#comment-341 Are not most Firefox as well as Opera vulnerabilities related to the Windows platform? I am not bashing Windows in this way but this is fact. Are not most Firefox as well as Opera vulnerabilities related to the Windows platform? I am not bashing Windows in this way but this is fact.

]]>