Category: 3rd Party Software
Link: Security Holes Bite Firefox
Posted on MacBytes.com
Approved by Mudbug
Looks like it's mainly a Windows problem...A bug in installing search plug-ins can allow malicious code execution, but requires tricking the user to install a specially crafted search plug-in. Input validation errors in InstallTrigger and other XPInstall-related JavaScript objects could allow malicious code execution.
mcarvin said:2. If you're going to get nitpicky about 8 vulnerabilities, please try to be fair and mention the hundreds of vulnerabilities in IE/Win. Bringing Outlook Express and Office into the mix is purely optional.
mad jew said:Fair enough on your other points but I really don't think it's necessary to bring up Microsoft's problems every time another piece of software has a fault. People should be able to criticise applications without having to automatically mention Microsoft.
Otherwise I agree with you though. Especially the "which platforms are affected" issue.
mcarvin said:Good enough, but I suppose that bit came from reading too many writers who tried to trash open source as insecure/lacking/etc while ignoring the elephant standing in the room next to them. I wouldn't go so far as to say "Firefox has X, IE has Y" all the time, but it's really fair to just mention that Firefox's list of vulnerabilities is significantly shorter than IE's.