|
|
Bug mars Firefox 3.0 launch
Author: Gareth HalfacreePublished: 20th June 2008
Fans of Firefox will be disappointed to hear of a bug shared by both 3.0 and 2.0.x that can leave your system open to attack.
According to CNet News, the bug was discovered by a contributor to TippingPoint's controversial bugs-for-cash programme Zero-Day Initiative. Reported to Mozilla approximately five hours after Firefox 3.0 enjoyed its official launch, the bug is described by TippingPoint as allowing an attacker “to execute arbitrary code” providing there is some user interaction “such as clicking on a link in an email or visiting a malicious web page.”
When pressed for further details, TippingPoint clammed up and merely stated that it wouldn't be handing out details on the flaw until after the Mozilla Foundation has had a chance to get a patch out.
Fans of the browser will be disappointed that this next-generation release – which contains many changes designed to improve user security – has fallen so quickly. Although at first glance having a bug from the previous generation of Firefox make its way into this newest release is at the very least embarrasing, what TippingPoint hasn't yet made clear is whether the bug is one known to the Mozilla team before the release of Firefox 3.0. Although TippingPoint does describe the flaw as “affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x” it doesn't make clear whether this was something the Mozilla team could have reasonably prevented.
Either way, it's an inauspicious start to the browser's career. I suggest keeping an eye on the Mozilla Security Center for a patch, which hopefully will be available pretty darn soon.
This bug aside, which hopefully isn't in the wild yet, how are people getting on with Firefox 3.0? Share your experiences with the new browser over in the forums.
Related articles on bit-tech.net
Comments (33)
They really should have caught that.
Until then, I've had to use Foxmarks to automaticly sync up my bookmarks between computers which is fine for now, and a manual password exporting utility to deal with my extensive list of passwords.
Enjoying Firefox 3 though, despite the bug!
at least mircosoft do fix there bugs, this has been a flaw with firefox since v2.0.
i dont have a fav browser i just use the one comes with the OS and i know if this was apple or microsoft there would of been i much more strict testing policy which probably would of eliminated this flaw.
dont get me wrong i love open source stuff as much as the next guy, but your code is only as good as your testing..... and mozilla's aint to good lately
Are you kidding? Do you think that bugs just magicly appear? No, they are there from the start. MS is still fixing bugs in IE6 (which was released like 7 years ago) and IE7. They usually have at least 1or 3 critical updates every month. I think Mozilla is doing a far better job. Once a flaw becomes known they usually fix it in just days. Not to mention that FF doesn't have ActiveX, that is one big security flaw gone right there. You go ahead and keep using your bloated and flawed browser though.
Several friends have reported BSODs as well, so I really have no clue whats going on with it...
Thats odd. FF should never cause a BSOD. Something else has to be wrong. I have been using FF3 since beta 1. It was rock solid for me since beta 4.
im not too bothered about the bug, i was using version2 before and it was in there so its not like the security has got worse.
I think it is great though, I already like the improved address bar finding the exact web page I want, just typing bit tech in the address bar brings up this lovely website in a much more efficient way than the previous version did.
I also like the dragging and dropping feature on version 3 too on web content, very handy to copy stuff from 1 window to another.
And the software actually fits with my xp and vista themes alot better.
FF3, on the microsoft Windoze eXPeriment had a hiccup or two after it erased all my profile data and bookmarks to when i had the FF3beta installed.
Also the fact that i can't use "unsecured" add-ons pisses me off
I don't think I'll be using it at home. I'll stick to IE7.
It does everything I need, so why clog my PC up with another bit of software?
When I installed the final one and connected to a site with lots of Flash going on (Escapistmagazine) the memory use went to ~110 MB!!That hadn't happened to me with FF 2 and I wasn't using a lot of tabs either.Right now I have iGoogle and bit-tech opened and it uses ~65 megs,WTF!?Very disappointed...:(
what bug? as long as there's code, there will be bugs. nothing new.
(no offence bittech)
http://fragsoc.co.uk/forums/viewtopic.php?t=970
I don't know if it's directly the new firefox version as it hasn't hapened to me, just (twice now) it has stopped responding. Release candidate was running for much longer without issues. Maybe I should have uninstalled then reinstalled? I just installed over the top...
Last time I checked, Firefox was free for download. If that's still the case, then bug fixes are pure charity work by some dedicated people. Firefox users need to stop whining unless they are willing to work for free to help fix the bugs.
I believe this would actually make an interesting anthropology research topic. Understanding why people tend to bond together in technology wars and fight it out as if you are only allowed to use one technology. For example, if you like Firefox you must endorse it and you are not allowed use any other browser! In a more personal example, I use three internet browsers, IE, Firefox, and Opera. I use IE and Opera at home, while I use Firefox at my University. I don't feel any need to tell everyone I know that one browser is better than the other or visa versa, they all work well enough for me. What intrigues me is when people say "browser A" has a bloated memory footprint when all the browsers seem to consume the same amount of RAM anyway... which in this day and age where 500 GB hard drives are the norm and 2 GB of RAM costs $40, is quite insignificant.
HA!
You have obviously not used internet explorer very much, let alone try and build a website for the thing.
Fixed it. Should make more sense now.
Annoying... ANNOYING? Try, the lowest circle of hell. Torture given only to the most evil people on the planet. A tedium unmatched by anything satan could invent, so tedious in fact, that it's used by hell as a research tool. IE6 is quite possibly the worst piece of technology ever released.
thing is for me at least none of the bugs were in the release candidate, it doesn't seem to make sense. I'm very grateful for the work they do of course, but just because it's free doesn't mean it's not open to constructive criticism :)
no, im not bill gates.
no, im not satan either.
I have used them side by side (including IE) for quite a while, but I think now just because of the FF current issues opera will become my browser of choice. It's much harder to customise though :( it took me several hours last night just to set up bookmarks whereas firefox is just drag and drop. Also no extensive download manager support!
You do not understand how some people work then. I am a fast paced browser user. When I am forced (because I forget my memory stick with portableFF on) to use IE on University computers I get physically frustrated. Lack of my search plugins, i can't right click a selected word and instantly google, i press ctrl-t and start typing... but no! I was supposed to wait a few seconds before I started because IE is too slow to keep up. Lack of my bookmarks & settings, too much screen estate taken up... these are all genuine annoyances. You could skin up IE and disguise it to be FF, but when my features were missing, id still show the same frustration!
Just because some people DO endorse a camp to death, doesn't mean there aren't solid reasons why it is worth endorsing something through a minor difficulty.