Looks like things are getting ugly for Firefox now. Maybe the chinks are showing more not that the armour is taking a bashing more often, or maybe they're just the inevitable teething problems of a new product. What do you lot think?

http://www.internetnews.com/security/article.php/3550511

Interesting article. It may actually change a lot of minds. I did see the new version and it did say, as the article pointed out, that 1.0.7 was only for security updates. This means I might have to do a little bit of research on this to see if the allegations are true.......if it is, i am quiting firefox and going for safari or netscape or something....

Well considering the alternatives, I don't think I'll be ditching Firefox any time soon, but raise cause for concern. I'm hoping it's just the usual heap of bugs most software suffers from once it hits a certain level of popularity and that this will encourage the developers of Firefox to be more wary, but things do look pretty serious.

Yeah. I mean, more security bugs in the first six months of 2005 than all other browsers? INCLUDING MSIE???? .....what the heck is going on?

Yeah. I mean, more security bugs in the first six months of 2005 than all other browsers? INCLUDING MSIE???? .....what the heck is going on?

Good thing is the flaws are patched pretty fast. Some of MSIE's flaws have been known for a long time and MS does nothing.

Aye. There is a balance to it. There may be this "scandalous" number of problems, but Firefox doesn't suffer from scandalously long patch/update times. I just wonder if greater care can be taken to avoid issues occourring in the first place. It does seem a strangely large amount. Especially given its main "selling" point.

Yeah. Security is supposed to be what people are looking for in Firefox that they don't have in IE right? I think that it used to be safer because it wasn't considered to be a good hacking place before when it just started. But now, since it has gotten more attention, more hackers are looking to hack firefox, and since firefox is open source, they can find the flaws pretty quickly....

Of course, statistics can be rather misleading. The article compares the number of security bugs over the same 6-month period, with FF having roughly twice as many as IE. But, IE has been deployed for a lot longer than FF, so is such a comparison fair? I mean, they're comparing IE-6 to FF-1. And the article does not tell us how the bugs in FF break down: how many are security problems on all platforms, how many just on Windows or Mac or Unix or Linux? Certainly IE doesn't have the same problems with cross-platform compatibility that FF does?

I'm not saying there might not be some problems with FF security, possibly even serious ones. I'm just saying that the article doesn't really give me enough data to draw an educated conclusion.

What you say may be true, but think about it: even if the bugs are smaller and it may be FF1 compared with IE6, security is still it's main marketing point and if it turns out that that is even worse than MSIE......

Interesting article. Unfortunately, it doesn't give me enough information to make any decisions -- it cites the report, the comparison with IE, and uses 'alleges' a few times.

While the article is neutral in tone, 'alleges' says to me that there may or may not be evidence to support the allegations. And while Firefox has released 1.0.7 (which I will be picking up -- safe & sorry and all that), there are those who are always willing to take down something that has become popular and may be viewed as a threat to themselves.

I'm skeptical as to the article's facts. There's truth in there, but the article's writing has been slanted to fit its market.

Looks like it's a "wait and see" period right now.

(^_^)

Given that IE has almost 1000 security holes from several YEARS ago that are still awaiting patches Firefox would need to not apply any patches for quite a few years before the browser would be as unsecure as IE. Of course since Firefox is patching all of the security holes while IE is not, determining which browser is more secure is a no brainer.

Then there is also the matter of IE6 not supporting many of the web standards propeerly (only to be expected from a browser that old - converting from web years to human years IE6 is older than Methusalah).

Of course now that Opera have made their browser free there is a third alternative.

Well I don't thinhk there's any doubt about if FF is more secure than IE, but I think this will definitely have an impact om market share growth. There's still no way I'd be without my Firefox though. After seeing all the stupid crap that different versions of Opera get up to, I'd have a hard time choosing between Opera and IE. I'd just screw 'em all and fall back on Konqueror.

Hopefully when FF 1.5 goes final it'll cause a bit of a rally in Firefox and revitalise interest and growth.

IE is only keeping popularity because it comes with windows pre-installed, if not for that reason and Gate's support, the browser would be deprecated along with all of it's non-standard gibberish. Their CSS is so messed up too. Doesn't support even close to half of the pseudoclasses. Doesn't understand the hover pseudoclass on anything but A tags. Doesn't support the before and after pseudoclasses along with the content property. Doesn't understand fixed positioning with layers so we need to resort to javascript to handle IE. Heck, IE doesn't even support half of CSS. IE is in their own dream-realm purposely ignoring standards and the glitches they need to fix and instead developing, worthless, non-standard things that they are the only browser that supports 'em. For example HTA applications, VBScript, and encoded javascript (which the algorithm has been easily broken :p ). The world doesn't need Windows and Gates.

I just don't understand why Microsoft doesn't just update IE..... it doesn't make sense, they have the largest software company with some of the smartest people in the world, and they cannot make their standards compliant? It would be amazingly easy, at least in my mind, for a company with that many resources to finish the job. I'm guessing that the big M is involved, $money. Obviously, there is some external forces that are making Microsoft not update their browser in the ways mentioned above.

Wow, I love how the media can manipulate anything. okay...

vendor confirmed vulnerabilities - There are actually a large number of IE vulnerabilities that Microsoft hasn't released, and hasn't confirmed. They like to keep them quiet until they release patches (And they only release patches on a regular schedule, which is markedly different from the Mozilla Foundation, who release updates as vulnerabilites pop up). In addition, Internet Explorer was released in August of 2001. Mozilla Firefox 1.0 was released in November of 2004. I would certainly hope that after 3.25 years of being released that IE would begin to have fewer vulnerabilities.

Now, I don't mean to Microsoft bash specifically, just putting it in perspective. And does Firefox have vulnerabilities? Of course! All software does, and as Firefox grows, so does the amount of attention it recieves and the amount of security minded testers. So there naturally will be more bugs found, but as a consumer we shouldn't be looking for the elusive holy grail of 'bug free software'. But rather, look for a vendor who promptly responds to security concernes, which mozilla has shown very capable of.

For now updates are a pain, but of course Firefox 1.5 to be released at the end of this year will allow for actual updates, so security patches will be much smaller and faster and not just a new version of firefox. (Also, keep in mind that it takes Mozilla but a year to release a new version of their software, whereas IE has been sitting for years).

And it seems to me that Firefox has been getting an unwarranted amount of media criticizms from the media lately. If they were to track Internet Explorer as closely, people would be horrified. Really, it's not that bad. And of the reported vulnerabilities, have any of these resulted in real, live malicious attacks? Contrast that to the vast amount of live attacks for IE out there right now. Browse online with IE and within a week you're nearly guaranteed to get infected with some sort of malicous software.

So Microsoft, which has had years head start and only develops for one platform, can not keep up with nearly the same pace as Mozilla which have been at it a shorter time, with less resources, and develop their product for three platforms.

Well they're working on IE7, just how good/bad it will be I don't know. I guess we'll have to wait and see.

Look at it from Microsoft's point of view though, they have a massive share of users and they've hardly updated it since 2001. There are big security holes and CSS support is sketchy at best, but still they have an 85% share (http://www.thecounter.com/stats/2005/September/browser.php). Why bother to update something that is so popular already if you're not gonna make any money of it.

If they update their browser and make it all nice and standards complient, they'll certainly make a few webdevelopers happy but who cares when 85% of the people on the internet are already happy with it as it is.

They are only working on IE7 because of the pressure to plug some of the major security holes in IE.

With most of the browser market, Microsoft has no reason to want to upgrade IE in any way since that would mean paying staff to work on it and there is no income to be made from IE unless they change to a pay for use model. Since Firefox and Opera are both free making IE pay for use would just reduce its market share to under 1% and not make any money either. So Microsoft wishes that people would stop finding security holes in their browser so that their staff can go back to ignoring IE.

Prediction: In a couple of years time we will have Opera 10, Firefox 3, and possibly IE7. A couple of years after that we will have Opera 12, Firefox 5 and probably IE7. A few more years and we will have Opera 15, Firefox 8, and almost certainly IE7.

Browse online with IE and within a week you're nearly guaranteed to get infected with some sort of malicous software.

8 seconds was the time recorded by the BBC's "Click Online" program.

I can't wait to see what CSS 15 is like... :p

I can't wait to see what CSS 15 is like... :p

Dunno, but IE should be wrapping up CSS 2.1 support by then, right?

Dunno, but IE should be wrapping up CSS 2.1 support by then, right?LOL!