fl0blog

Is Firefox as insecure as IE? Not really.

Firefox versions pre 1.04 have a bug that allows remote code to be executed. This is one of the worst kind of security holes that you can have, and it was therefore rated as extremely critical.

But, in all the news about it, people ignored that hardly anyone was ever vulnerable to this attack. That’s so because it was a bug in the code to install extensions. Not only do only a minority of users ever install extensions — such installation are even disabled by default. You have to add sites manually to a whitelist, which for most users will be empty or will contain one or two highly trusted sites.

It speaks for Mozilla that they released Firefox 1.04 so quickly, but so far, I still see Firefox as a very secure browser. In my view, this error was only ‘extremely critical’ for users ‘who install a lot of extenstions from sites that cannot be trusted’. Which is to say, all three of them.

This entry was posted on Thursday, May 26th, 2005 at 15:15 and is filed under English, Software. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site. Your comments will appear immediately, but I reserve the right to delete innapropriate comments.