comment on journal entry: the fundamental security flaw in Mozilla browsers
:-
Misinformation
I think it's very important for people to draw attention to security flaws that might compromise Firefox (so do they--they're offering a cash bounty to people who find new security related bugs).
But I'm afraid that "Chris Beach", deliberately or not, has misrepresented the facts. I get an XUL error on the test page--not a spoof at all. You can see what the error looks like at the bottom of "Chris Beach"'s page--mine's in English. I'm using today's very latest branch build, the new release candidate. So, sorry, I can't "try a more up-to-date version of Firefox".
"Chris Beach" is wise to worry about security problems with his browser, but perhaps if he worried about new ones that need fixing, rather than old ones that have already been fixed, he'd appear less loony and uptight. He'd be richer too--he could claim the Mozilla bounty. [Tom] [reply] -
"misinformation" and firefox releases
Tom, is there any need to surround my name in quotes? Perhaps you're suggesting that even my identity is "misinformation!"
Firefox's nightly "band-aid" bug fixing is bound to break other features as there is little time for testing. Microsoft, on the other hand, invest a great deal of time and money into ensuring their patches don't compromise other features and maintain backward-compatibility.
The XUL error you get is hardly proof that the issue is resolved. It's more likely that either the XUL parser has been broken by recent changes to Firefox, or the spoof page breaks a new version of the parser. In either case, the flaw would still be present, it would just require the spoof to be rewritten.
When I first put the bug in my journal, someone responded to say the spoof page gave an XML error. He downloaded the latest release of Firefox and wouldn't you know it - the flaw was back again. [Chris Beach] [reply]
[view more replies on journal entry the fundamental security flaw in mozilla browsers]