Full Disclosure mailing list archives
Re: Firefox Remote Compromise Leaked
From: "Eric Paynter" <eric () arcticbears com>
Date: Mon, 9 May 2005 17:24:26 -0700 (PDT)
On Mon, May 9, 2005 4:46 pm, Mary Landesman said:
Well, that's one way to crunch the numbers. Of course, IE 6 has been out since 2001, Firefox 1.x was released three years later. Looking at the advisories on a timeframe basis for 2005, Firefox 1.x has had 12 Secunia advisories compared to 6 for IE 6. In other words, the odds you're banking on shift quite a bit depending on how you look at it.
Ah, but new releases always have more bugs, which are supposed to get ironed out over time. I guess for a more accurate look at the overall quality of the release, compare IE in its first six months to Firefox in it's first six months... I get 12 advisories (2 highly critical) for Firefox and 18 advisories (7 highly critical) for IE in that time period. It still looks to me like the future is safer with Firefox. OK, so next you'll say "but Firefox didn't have the same market share when it first came out. Now that people are using it, the numbers of found vulnerabilities will go up..." Well, I guess it's just a game of numbers at this point. But the fact is, I feel more secure with Firefox because they actively work with the community to fix the problems. The team seems to really care and take pride in the quality of their work. I somehow don't think we'll ever see something like "Microsoft MCIWNDX.OCX ActiveX Plugin Buffer Overflow" rated highly critical and still not patched almost two years after the announcement, or "Windows Explorer / Internet Explorer Long Share Name Buffer Overflow", also rated highly critical and over a year old with no patch available. If we did have things like that start happening, I'd bail off of Firefox pretty quickly. But for now, they've been very responsive, and that makes me feel more secure. To each his or her own... -Eric _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox Remote Compromise Leaked tuytumadre (May 07)
- Re: Firefox Remote Compromise Leaked Jason Coombs (May 08)
- Re: Firefox Remote Compromise Leaked Vincent van Scherpenseel (May 08)
- Re: Firefox Remote Compromise Leaked Bipin Gautam (May 08)
- Re: Firefox Remote Compromise Leaked Eric Paynter (May 09)
- Re: Firefox Remote Compromise Leaked Mary Landesman (May 09)
- Re: Firefox Remote Compromise Leaked Eric Paynter (May 09)
- Re: Firefox Remote Compromise Leaked Mary Landesman (May 09)
- Re: Firefox Remote Compromise Leaked bkfsec (May 10)
- Re: Firefox Remote Compromise Leaked Vincent van Scherpenseel (May 08)
- Re: Firefox Remote Compromise Leaked Jason Coombs (May 08)
- Re: Firefox Remote Compromise Leaked Georgi Guninski (May 10)
- <Possible follow-ups>
- Re: Firefox Remote Compromise Leaked mattmurphy () kc rr com (May 08)