firefox facts

[bob3160]

 Get the Firefox Facts!
There are many different aspects to Mozilla's Firefox, do you know about them all?
Firefox Facts is the definitive guide when it comes to using the world's most famous alternative browser.
Inside the pages of this eBook you will get tips and tweaks to make your browsing experience better.
You will also get reviews of some of the best known and the less known extensions as well.
Download Now!

[YLAP]

Thanks Bob, really good link 

[Jarmo P]

Best is though that firefox does not need to be really tweaked that much.
One needs only a few extensions, like all in one mouse gestures or like.

Noscript extension is good though. I have surfed on some sites without it and got an avast webshield alert.

And another good thing to know. Now it is reminded though in latest release. How to kill firefox.exe through Task Manager.
In the past people did have many problems, making new profiles and thus loosing their bookmarks. Not knowing how to do but to make a new profile. So it was bad for them.
Still everyone should know how to export their bookmarks!

Not to me, have been a firefox user since early FireBird.
I think it was FireBird 0.6 or 0.7 when I ditched my IE for a secondary browser, still usable for some usefull things, but not for a day to day surfing

[bob3160]

Thanks Bob, really good link 

I may not be home, I may not be able to update my server but, I still have eyes and still get my e-mail......

[Spiritsongs]

   Just be aware of its "vulnerabilities" :

     
Firefox is anything but Secure with multiple unpatched vulnerabilities allowing exposure of sensitive data to local users. You only need one vulnerability to be insecure. Since Firefox v1.x was released, users have been exposed to 72 security vulnerabilities and counting, 39 of which are rated as Highly Critical and 1 Extremely Critical. -  http://secunia.com/product/4227/ 

The Mozilla Foundation lists 64 "known" security vulnerabilities, 18 of which are rated as Critical and 13 High. -  http://www.mozilla.org/projects/security/k...ml#Firefox 

"In the excitement that surrounded its launch last year, Firefox was unreasonably portrayed by some as having unbreakable security, but the vulnerabilities that have been detected in recent months are injecting a dose of reality into this myth, analysts say." -  http://www.infoworld.com/article/05/09/20/HNfirefoxmatures_1.html 

Notes - The number of Secunia advisories (27) does not equal the actual amount of vulnerabilities (72). Over ten advisories have multiple vulnerabilities, look carefully.

 

[bob3160]

Just be aware of its "vulnerabilities"

Do you know of any browser that doesn't have at least a few vulnerabilities.?

[Jarmo P]

We all know that Spiritsongs.
Memory leaks and loosing bookmarks (not me but others).
Profiles getting corrupted etc.

So it never was perfect, but good enough for me
Hard for someone who expects FF work as smooth as IE.
It will not do that, still needs some geek attention, hehe.

Edit: But has been a safer browser?

[FreewheelinFrank]

Spiritsongs, you're quoting statistics from a rather biased source.

Firefox does not have multiple unpatched vulnerabilities. Currently it has 2 vulnerabilities rated less critical. (Check your own Secunia link.)

The 64 known vulnerabilities mentioned in the Mozilla link are fixed in current versions. (Again, check you own link.)

The extremely critical vulnerability mentioned did not affect Windows users and was patched after one day.

The number of historical vulnerabilities is far less important than the seriousness of the vulnerabilities and the speed with which they were patched.

Quoting the number of vulnerabilities for one browser out of context does not reveal the true security picture. Indeed, that is probably why the source you quote from does just that. It is intended to scare users away from Firefox.

A summary of web browser statistics is available here:

http://www.webdevout.net/security_summary.php

As any Firefox user will tell you, Firefox has a good record for patching vulnerabilities before exploits emerge. This is confirmed by recent reports:

Security Fixes Come Faster With Mozilla:

http://www.washingtonpost.com/wp-dyn/content/article/2006/02/11/AR2006021100217.html

A Crawler-based Study of Spyware on the Web

http://www.cs.washington.edu/homes/gribble/papers/spycrawler.pdf

(Firefox was found not to be vulnerable to drive-by downloads except where the user clicked 'yes' to allow installation.)

Firefox was criticised justly for the lack of automatic updates which left users who didn't manually update vulnerable to exploits. This is now fixed in 1.5.1, which has automatic updates.

It is possible to argue that Opera is more secure going on the vulnerability statistics.

Certainly neither Opera or Firefox have been vulnerable to malware exploiting known and unpatched vulnerabilities like certain other browsers that shall remain nameless:

http://www.theregister.co.uk/2005/12/01/ie_exploit_trojan/

[polonus]

Hi Spiritsongs,

A priori browsers are not safe. This is a fact for any browser. That is because computers are not safe, and operational systems are not safe. The main vector to make it very unsafe is sitting in front of the keyboard. You may comment: "Ha, ha, very funny", but these are basic truths. What I like about a browser, a safer one or a less safer one, is that I know all discovered vulnerabilities, holes and risks beforehand. What I like less about a browser is where coders are hoping a hole is not found up and the exploit published before there is a patch out. It is placing the ball where it should not be placed.

Browsers can be made a lot safer through taking some measurements. Use the right add-ons to prevent malware vectors to land: NoScript, AdblockPlus, in-browser pre-hyperlink scanning with DrWeb, and siteadvisor, using rights and settings that prevent automatic installs, blocking lists, in-browser scanning with the Avast Webshield to start with, checking files against the data at fileadvisor. When I started browsing with security in mind, I did not experience any problem. Then I browse from inside a memstick with a ported FF or Flock browser, that is cleared after every session. I can save whatever I want to, and if I load something onto the harddrive, I can clear the remains with CCleaner. Secure browsing is not such an effort. Also the three anti-adware and spyware proggies protect my browser like Ad-Aware, Spybot S&D and SpywareBlaster.


polonus

[Mastertech]

Firefox does not have multiple unpatched vulnerabilities. Currently it has 2 vulnerabilities rated less critical. (Check your own Secunia link.)

No it has two Advisories. There are actually four unpatched vulnerabilities because ones it only partially patched. Multiple means more than one, so that is true.

The 64 known vulnerabilities mentioned in the Mozilla link are fixed in current versions. (Again, check you own link.)

Keyword here is current version.

The number of historical vulnerabilities is far less important than the seriousness of the vulnerabilities and the speed with which they were patched.

It is very important for a browser touted as "secure". In just over one year Firefox is on track to surpass IE's vulnerability count. Not everyone updates to the latest version of a web browser, which is why this information is important.

Quoting the number of vulnerabilities for one browser out of context does not reveal the true security picture. Indeed, that is probably why the source you quote from does just that. It is intended to scare users away from Firefox.

Out of context? So Firefox does not have 72 vulnerabilities?

It is possible to argue that Opera is more secure going on the vulnerability statistics.

It is not just possible it is! Opera as 0 unpatched vulnerbilities out of 19, making it MUCH more secure than Firefox.

[neal62]

Thanks for the links Bob. Good read. 

[FreewheelinFrank]

Yes, my mistake. There are in fact three advisories containing four vulnerabilities.

However, the use of the term "multiple" seems intended to lead the reader to believe that the "72" vulnerabilities mentioned are still present, as does the use of the present tense in "...are rated as highly critical."

"Current version" is indeed the keyword, and it is a word that the author Spiritsongs quotes neglects to use, again inviting the reader to believe that Firefox is currently affected by a large number of vulnerabilities.

The vulnerability count itself is not a complete picture of browser security: the type of vulnerability and speed of patch issue are also a factor. The relative vulnerability count in Firefox and IE is also influenced by the nature of vulnerability reporting, which differs between the two programs, something Symantec has recently acknowledged in the way it reports vulnerabilities:

http://www.informationweek.com/internet/showArticle.jhtml?articleID=181501752&subSection=Browsers

Both Firefox and Opera have had security vulnerabilities in the past. Currently Firefox has some very minor vulnerabilities. Claiming that these make Opera "MUCH" more secure is of course a subjective interpretation, as is the claim that Opera *is* more secure: nobody can possibly know what security vulnerabilities will emerge in any browser in the future.

[Mastertech]

However, the use of the term "multiple" seems intended to lead the reader to believe that the "72" vulnerabilities mentioned are still present, as does the use of the present tense in "...are rated as highly critical."

See here you are again reading into things and making assumptions. Anyone can look at the source and see that is obviously not true.

"Current version" is indeed the keyword, and it is a word that the author Spiritsongs quotes neglects to use, again inviting the reader to believe that Firefox is currently affected by a large number of vulnerabilities.

It is affected by a large number of vulnerabilities that requires the absolute latest version 1.5.0.1 to not be affected by the most recent eight Highly critical Vulnerabilities: Firefox Multiple Vulnerabilities

These vulnerabilities have the following impact:

Security Bypass
Cross Site Scripting
Exposure of system information
Exposure of sensitive information
System access

The vulnerability count itself is not a complete picture of browser security: the type of vulnerability and speed of patch issue are also a factor. The relative vulnerability count in Firefox and IE is also influenced by the nature of vulnerability reporting, which differs between the two programs, something Symantec has recently acknowledged in the way it reports vulnerabilities:

Exactly just like the latest Highly Critical Firefox Vulnerability above from 2-2-06. However Secunia is an independant security company that is not influenced by a product's reporting procedures or another companies.

Both Firefox and Opera have had security vulnerabilities in the past. Currently Firefox has some very minor vulnerabilities. Claiming that these make Opera "MUCH" more secure is of course a subjective interpretation, as is the claim that Opera *is* more secure: nobody can possibly know what security vulnerabilities will emerge in any browser in the future.

Tell me another one. You will blast the hell out of IE for any vulnerability when comparing it to Firefox but give it a free ride when comparing it to the blatantly obvious more secure Opera. Anyone can compare the security history and current vulnerability state of Firefox and Opera and clearly see which one has the better security record. 0 unpatched vulnerabilities is better than 4 unpatched. 19 overall is less than 72. This isn't complicated. It just boggles my mind how people so concerned about security just ignore the obvious evidence because they want Firefox to be something it is not = a secure web browser.

[Jarmo P]

You have lost credibility in this forum mastertech.
It just is so.
You can make web pages telling your biased opinions, but people here won't listen you. They sure will make comments when you try you posts, what ever reasons they are originating. This hate campaign against one free browser.

[Mastertech]

Really, I've lost all credibility here? Why because you and a few other fanboys declare it!? Please. Anyone can look at the sources themselves and make up their own minds, I simply state facts NOT opinions. The problem here is with people who don't want to hear it. They prefer to stick their fingers in their ears and go on believing the misinformation they were fed because it makes them feel comfortable.

I find it funny that you have now become the spokes person for "everyone" here. I think the far majority of people here can speak for themselves.

As for a so called "Hate campaign against one free browser". That is another baseless lie. I am simply against misinformation and fanboy propaganda not the browser itself.