Author Topic: 'critical' Supermegapatch For Firefox  (Read 2127 times)

Offline tong2x

  • Member
  • **
  • Posts: 698
    • http://www.onghocgan.net
'critical' Supermegapatch For Firefox
« on: April 22, 2006, 10:56:31 AM »
'Critical' Supermegapatch sews up 21 holes in Firefox/Mozilla

If you're one of the poor souls who have switched to Firefox or some other mozilla based alternative browser then you might want to check out this article from C|Net News and BBC UK


Quote
Computer users are being urged to update the Firefox web browser to close serious security holes in it.

Some of the security lapses in Mozilla software, which Firefox is based on, could allow malicious hackers to hijack computers.

There have been a total of 21 security flaws in various versions of Firefox, according to security firm Secunia.

Users are urged to download the latest versions of all Mozilla programs to protect their computers from attack.

The US Computer Emergency Readiness Team (Cert) warn that other Mozilla products including e-mail client, Thunderbird, and the internet application, Seamonkey, may also be affected.

More secure

The Mozilla Foundations have released a new version of Firefox and Thunderbird which contain fixes to some of the security flaws.

Programs like Firefox have been thought to be more secure than other browsers such as Microsoft's Internet Explorer because of its links to the open-source software community.
Signature currently disabled

Offline tong2x

  • Member
  • **
  • Posts: 698
    • http://www.onghocgan.net
'critical' Supermegapatch For Firefox
« Reply #1 on: April 22, 2006, 11:06:13 AM »
hehehe, sorry, just couldn't resist. I'm an IE fanboy.
Signature currently disabled

Offline ken_dp

  • Member
  • **
  • Posts: 308
'critical' Supermegapatch For Firefox
« Reply #2 on: April 22, 2006, 11:10:24 AM »
hehe tnx, I just downloaded 1.5.0.2 and using it now, lolz

Online calvin

  • Member
  • **
  • Posts: 6298
'critical' Supermegapatch For Firefox
« Reply #3 on: April 22, 2006, 12:17:09 PM »
and these firefox fanboys recently posted a similar thread... he he he

just goes to show that these programmers are basically sharing similar or the same code base.... he he he

Offline skamfroj

  • Semi-Newbie
  • *
  • Posts: 3
'critical' Supermegapatch For Firefox
« Reply #4 on: April 22, 2006, 12:19:33 PM »
firefox still rocks!!!

Offline dta

  • Member
  • **
  • Posts: 3273
'critical' Supermegapatch For Firefox
« Reply #5 on: April 22, 2006, 05:01:44 PM »
Hmm. I had posted some of the fixes in Firefox 1.5.0.2 listed in the Burning Edge in this post last Holy Week:

http://www.pinoypc.net/modules/ipboard/ind...showtopic=39915

Offline ris

  • Member
  • **
  • Posts: 3872
'critical' Supermegapatch For Firefox
« Reply #6 on: April 22, 2006, 05:39:03 PM »
tae ka!  hehe! joke lang po!

im still sticking to firefox just because of the extensions, themes and best of all "tabbed browsing!!"  which is being adapted to IE7 already (gaya gaya talaga!)  hehehe!

ang ganda na talaga sobra ng IE7!  parang sarap mag switch! hehe!  im basing this on the beta.  meron na mga cool stuff.  kulang nalang siguro ung lagyan ng extensions na kahit sino pwede gumawa at themes which should all be free...  

im not a fanboy of any of these browsers btw. i only use what is better for me.  kaya kung naging mas maganda IE7 baka talaga lumipat ako.  but as of now firefox parin.  i literally dont have any spyware in my pc since i used firefox.  nung ie6 ako kahit anong website meron na nadetect ang ad-aware at spybot e!

isnt it usually and IE+firefox security flaw?  di naman sya "firefox only" flaw diba?  kasi syempre dapat may similarities din ang firefox with IE kung hindi baka la na tyo website na mapuntahan.  hehe
To steal ideas from one person is plagiarism
To steal from many is research

'critical' Supermegapatch For Firefox
« Reply #7 on: April 22, 2006, 05:59:06 PM »
Hindi naman firefox ang naunang nagkaroon ng tabbed browsing, diba? So as good as firefox is, it can't lay claim to that feat.

what versions are affected by the problem mentioned above?

Offline ris

  • Member
  • **
  • Posts: 3872
'critical' Supermegapatch For Firefox
« Reply #8 on: April 22, 2006, 09:30:17 PM »
as far as i know they dont claim to be the first. but they claim to have tabbed browsing which helps your overall internet experience.  and now microsoft is going to adapt it too. next thing youll know is that microsoft would allow extensions and themes for their browsers which would be offered in their site with both free and free to try items  :angry:  
To steal ideas from one person is plagiarism
To steal from many is research

Offline Louie

  • Administrator
  • Member
  • *
  • Posts: 8868
  • Every end is a new beginning
    • PinoyPC
'critical' Supermegapatch For Firefox
« Reply #9 on: April 23, 2006, 12:27:33 PM »
that's the good thing about competition. it improves the quality of the products. now IE will have tabbed browsing. better for everyone.

Offline tong2x

  • Member
  • **
  • Posts: 698
    • http://www.onghocgan.net
'critical' Supermegapatch For Firefox
« Reply #10 on: April 23, 2006, 02:50:35 PM »
merong extension ang IE pero ang tawag ay ActiveX. yan din gamit nung addon sa IE para mag karoon nang tab.

@dta
sorry hindi ko napansin
Signature currently disabled

Offline jpidro

  • Member
  • **
  • Posts: 2604
    • Twitter
'critical' Supermegapatch For Firefox
« Reply #11 on: April 23, 2006, 04:25:25 PM »
Pero pag-enabled ang ActiveX, di na secure ang system mo. IE sucks, ang tagal bago lumabas ng mga patch.

Hehe... Sorry, I'm a Firefox and open-source fanboy.

Offline tong2x

  • Member
  • **
  • Posts: 698
    • http://www.onghocgan.net
'critical' Supermegapatch For Firefox
« Reply #12 on: April 23, 2006, 05:02:35 PM »
Quote
Pero pag-enabled ang ActiveX, di na secure ang system mo
that is a common misconception. Enabling Activex will not make your system insecure. of course, visiting sites with specific script/code for certain "known" vulnerabilities may it be IE or firefox will definitely open up your system.

Quote
IE sucks, ang tagal bago lumabas ng mga patch.
actually, this is another misconception (probably second to the "secure" argument of open source). if you stricly follow the rules of open source. commercial software (any for that matter, not just MS) will have a "faster" release of patches or security updates. why? in open source, codes must be check by other authors and the main developer before a build is created. of course, third party patches can be release the next day and if your willing to take the risk and patch your system. have you notice why firefox is release as a new executable update rather than a patch? that is how open source works.
Signature currently disabled

Offline qiqo

  • Semi-Newbie
  • *
  • Posts: 3
'critical' Supermegapatch For Firefox
« Reply #13 on: May 13, 2006, 11:34:21 AM »
opera parin

Offline fWeYd

  • Member
  • **
  • Posts: 178
'critical' Supermegapatch For Firefox
« Reply #14 on: May 13, 2006, 04:28:42 PM »
Netscape ? :D

Offline fdtalla

  • Member
  • **
  • Posts: 126
'critical' Supermegapatch For Firefox
« Reply #15 on: May 13, 2006, 05:46:06 PM »
Safari
Toyota Prado 4.0 Litre VX

Offline jpidro

  • Member
  • **
  • Posts: 2604
    • Twitter
'critical' Supermegapatch For Firefox
« Reply #16 on: May 13, 2006, 06:26:04 PM »
Quote
Quote
Pero pag-enabled ang ActiveX, di na secure ang system mo
that is a common misconception. Enabling Activex will not make your system insecure. of course, visiting sites with specific script/code for certain "known" vulnerabilities may it be IE or firefox will definitely open up your system.

Quote
IE sucks, ang tagal bago lumabas ng mga patch.
actually, this is another misconception (probably second to the "secure" argument of open source). if you stricly follow the rules of open source. commercial software (any for that matter, not just MS) will have a "faster" release of patches or security updates. why? in open source, codes must be check by other authors and the main developer before a build is created. of course, third party patches can be release the next day and if your willing to take the risk and patch your system. have you notice why firefox is release as a new executable update rather than a patch? that is how open source works.
Let me throw one stone to hit two birds.

Kaya nga na-eexploit yung vulnerabilities kasi ang tagal lumabas ng patch. What's wrong with a complete executable release? It fixes the problem, no less than what a patch does (this is even preferred since patches tend to mess up installations).

By the way, open source software could still be commercial software (shed some light on your reasoning). Proprietary software is the problem because the development is limited to the company's resources and like they said, "ang kumpanya pwede magsara kahit kailan pero ang community hinde, pwede pa siguro kung patayin mo lahat ng members ng community". If you've read the last patch announcements for IE, they always held up the release. Unlike in FF where a fix for a critical vulnerability is usually released just days/hours after.

I'm a developer and I know how it goes. It's your choice though, you can sleep with some money-hogging corporation or join in the community with real people.

Offline tong2x

  • Member
  • **
  • Posts: 698
    • http://www.onghocgan.net
'critical' Supermegapatch For Firefox
« Reply #17 on: May 13, 2006, 10:34:23 PM »
there is nothing wrong with an executable release, my point was it would take longer, "codes must be check by other authors and the main developer", of course if the main developer is the one that fixes the problem that should speed things up.

when I wrote "commercial software" in my above post, I meant "Proprietary software" (thanks). still the process would be faster for proprietary software but I have to admit this will be hard to determine since the speed will vary depending on the project itself. but it does not make proprietary software any slower in releasing updates than opensource software.

Microsoft also releases "critical" bugs immediately. of course, the question there is what is the definition of "critical". the monthly release was due to a new policy of Microsoft (never heard of it?), many consumers complained that Microsoft is releasing patches iregularly, some even days apart that "confuses" consumers (you could view it as their software having a lot of bugs). anyway becuase of that they set a monthly cycle for releasing patches that are "non critical".

I know Firefox does have great features compared to other browser and browser addons. but they (developer and community) should just continue making firefox better rather than thrashing IE and any other browser for that matter and saying crap like Firefox is the most secure browser. Firefox is better, is secure, is extesible but you need to know that it is not invincible (firefox is as vulnerable as IE).
Signature currently disabled