I enjoy my Fire Fox, really.
Chris said something to me a few weeks ago. He says that the reason that FireFox is deemed to be so secure, over and above IE, is because it hasn’t gained the popularity and user base as IE has. He says that as soon as FireFox’s user base gets larger and larger and you start to see a bigger percentage of internet browsers using it as their browser of choice - - all those fun little hackers will begin to pay more attention and start to find more and more ways to exploit security holes in Fire Fox. They’ll spend more and more time on the product, as they currently do the browser that 90% of the surfing population uses, IE.
Simply put - - the hackers didn’t see FireFox’s user base to be broad enough to bother exploiting. Things appear to be changing.
He sent me an article today. He just had one thing to say: “And So It Begins” :
All Browsers But IE At Risk To New Spoofing Scheme
A newly uncovered vulnerability in most browsers can allow hackers to spoof the URL displayed in the address bar and the SSL certificate, a security firm warned Monday. The one exception? Microsoft’s Internet Explorer.
Danish security company Secunia posted an alert describing the vulnerability — which affects Mozilla, Firefox, Safari, Opera, and Konqueror — as a “moderately critical” problem.The vulnerability impacts every browser built atop the open-source Geko browser kernel — nearly all except IE — because of a flaw in handling International Domain Names (IDN). Hackers can register domain names with certain international characters that resemble other commonly-used characters, said Secunia, to spoof the address and trick the user into thinking they’re at a legitimate site and/or it’s secured by SSL.
Such spoofing vulnerabilities are typically exploited by phishers who try to dupe users into divulging financial information at bogus Web sites that resemble real-life banking, credit card, or retail sites.
The vulnerability has been confirmed in the latest version of Firefox, v. 1.0, as well as in Mozilla 1.7.5, Opera 7.54u1, Opera 7.54u2, Safari 1.2.4, Konqueror 3.2.2, and Netscape 7.2. Other editions of these browsers, however, may also be at risk, said Secunia, which posted an online test on its Web site.
Currently, none of the vendors have provided fixes for the flaw.
And so it begins, indeed.
I think we’ll start to see more and more exploit vulnerability as these browsers gain more and more popularity. It will be interesting to see if FireFox is the tight browser choice that some die hard FF’ers have always claimed it to be.
–Update–
You can disable IDN support in mozilla products by setting ‘network.enableIDN’ to false. There is no workaround known for Opera or Safari.
via schmoo.com - Thanks for the tip, Vin. 
4:43 pm on February 7th, 2005
I agree with both you and Chris. FireFox blows IE away, but as more people learn about it more people will attack it. For now, though, I’ll enjoy how well FireFox works, continue to consider replacing Outlook Express with Thunderbird (or whatever it’s called), and have a little more Hot Corn Dip with tortilla chips and a glass of Diet Sprite Zero.
4:44 pm on February 7th, 2005
Crap!! I love Mozilla … (sigh)
Astro, you men are so lucky you don’t have bloating after soda/chip consumption.
5:26 pm on February 7th, 2005
Hmm thats interesting and probably true
8:23 pm on February 7th, 2005
As a previous Moz and current FF user I agree - with the exception about why it is safer. To over-simplify the reason that IE is not safe goes to the fact that IE is based on longtime OLD MS code - a new version was never built from scratch as FF was. Microsoft developers are not the brighest and lack the imagination of what might be possible from an outsider (hacker). FF was made with current and future knowledge of vulnerabilities and thus has a big edge.
Another plus is FF does not send back url info to the Microsoft people as IE does. Yeah - if you’re still using IE Billie boy knows where you’ve been!
8:36 pm on February 7th, 2005
Jeanette - sure we do! It’s some of what makes my ass look so good in these jeans! :twisted::razz:
10:48 pm on February 7th, 2005
Can not wait for firefox 2.0 !!
I wonder why firefox choose google as the home page. Why cant they set up http://www.firefox.com as a portal and use the ad revenue from that portal.
10:49 pm on February 7th, 2005
Can not wait for firefox 2.0 !!
I wonder why firefox choose google as the home page. Why cant they set up http://www.firefox.com as a portal and use the ad revenue from that portal.
11:39 pm on February 7th, 2005
“Hackers can register domain names with certain international characters that resemble other commonly-used characters, said Secunia, to spoof the address and trick the user into thinking they’re at a legitimate site and/or it’s secured by SSL.”
Sounds to me that this is less a “browser vulnerability” than a “user needs to be more aware of the sites she goes to” issue. (Using “she” as an all-purpose pronoun, of course. :smile
1:46 am on February 8th, 2005
Microsoft stated once, “There’s a lot of Virus under our platform because we’re famous. Linux users don’t create Virus because there’s just not much users under them”. With the recent exploits on other browsers and IE being safe, it really seems like IE’s just losing popularity. It’s good news I believe
2:38 am on February 8th, 2005
Oh, I totally agree and think that the fact that the recent exploits are a testimony to the gaining popularity of these ‘alternate to IE’ platforms. Definately good news.
The difference here is going to be - how long will it take the developers of these products to respond and provide patches?
We all know Microsoft’s track record.
3:53 am on February 8th, 2005
TOTALLY off-topic (!) but I had to tell you I love the new skin!
6:43 am on February 8th, 2005
… FWIW, I read somewhere that disabling IDN didn’t fully resolve/avoid the issue … and wouldn’t you know that is one page I didn’t link to, dangit.
/TJ
7:55 am on February 8th, 2005
Well Google is working on some deal with Firefox for the person who asked that.
Still Firefox is teh way to go.
9:28 am on February 8th, 2005
Just to update, the original fix from the Shmoo guys doesn’t work, but this one absolutely does 100%.
12:22 pm on February 8th, 2005
See here for http://justagirlintheworld.com/
And so it begins, indeed.
I think we’ll start to see more and more exploit vulnerability as these browsers gain more and more popularity. It will be interesting to see if FireFox is the tight brows…
1:47 pm on February 8th, 2005
Excellent information Lisa.:smile:
2:45 pm on February 8th, 2005
I am looking forward to the new release of Safari with Tiger.
9:23 pm on February 8th, 2005
I still don’t know what the big deal about FireFox is. I downloaded it and used it, it IS a nice browser, but it doesn’t improve upon IE so much that I feel that it’s necessary to switch over. In fact, ASP forms don’t show up as well in FireFox as they do in IE. So that’s already one strike against it, for me.
12:10 am on February 9th, 2005
on: Feb/22/04 and its been viewed 395 timesI made the switch. I’ve been going back and forth for about a month over it - and I finally made the switch over to exclusive use of Mozilla’s FireFox browser.
I started having funky issues with IE - - nothing major. For example, over on my other blog, I have some of the entries have 85+ comments in them. The individual entry page for those loads really really slow - - in addition, when you go to type your comments in on that page - the text renders excruciatingly slow! I tried everything I could try to think of with the coding - but nothing seems to help. Then, I loaded it in Firefox - and the problem was gone. The page rendered smoothly and quickly. I think it’s an IE issue with some of the javascripting that MT uses.
At first, I didn’t like FireFox because it renders CSS differently than IE. Some of my templates looked really bizzare in it - - but I’m learning how to code my CSS so that it’s cross-browser compliant, for the most part. Netscape, IE, Mozilla - - Opera users can kiss my butt because I’m not gonna worry about Opera because it renders everything oddly.
Anyways - time for coffee . . . haven’ t had any yet, believe it or not!
Posts Related to this one:
»FireFox 1.5 Release»XOXO - Love, Microsoft
»Poor Bill
»FireFox Exploit
»Baby It’s COLD Outside!
»Ready for ie7 ?
»Mac IE - CSS
Posted on: February 22, 2004 |
Posted in: Geeky Things
/*--- 2 Responses to “FireFox” ---*/
6:20 pm on February 22nd, 2004
I use Firefox and Thunderbird as default now. I couldn’t imagine going back to IE. I’m dependent on the extensions now anyway.
9:40 pm on February 22nd, 2004
Actually, it was your site where I got the suggestion and the link to download it! So I guess I should be thanking you, G.
Leave a Reply