4 edits | Fast!! Temporary, but quick!! Have to give the folks at mozilla credit for that!! 
Way to go!! 
And MS has cancelled next Tuesdays patch day to fix an issue that has been know for awhile now! Go figure. | |
|
 |  shrtckt1Fried RicePremium
join:2005-05-18
Athens, GA
1 edit | Re: Fast!! They have to be. This is part of their QOS strategy to sink IE for good. I think they are doing a great job (they got my business). | |
|
| |  Syan48306nom nom nomPremium
join:2003-07-23
Rochester, MI | Re: Fast!! After seeing how mozilla does things...you start to wonder if IE is a live program and if they have people wokring on it...lol go firefox | |
|
| | | said by cork1958:Temporary, but quick!! Have to give the folks at mozilla credit for that!! Way to go!! Did you even read the story?
You praise a company for sweeping the problem under the rug. This is like disabling pictures because their is a jpeg flaw. Its sad when a company can't actually fix anything. They need to be more like microsoft and actually fix flaws. | |
|
| |  KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK
 ·AT&T DSL Service
| Re: Fast!! said by insomniac84:Did you even read the story? You praise a company for sweeping the problem under the rug. This is like disabling pictures because their is a jpeg flaw. Its sad when a company can't actually fix anything. They need to be more like microsoft and actually fix flaws. Oh, COME ON! Sweeping it under the rug? Hardly. It's called acting responsible. Given a vulnerability has been made public, and based on past history someone could release an exploit in under a week... Let me ask you which you'd prefer...
1) Realizing it might be take some time to reprogram, test for compatibility, and release a new version or patch, a company moves swiftly now to shut down or disable the flaw, until such time it is fixed. (This is what Mozilla just did)
or
2) Take as long as a few months to release a fix or version update, meanwhile leaving your users exposed, and just hoping nobody takes advantage of it.... Oh and if a big exploit then does appear, then you put out a patch AFTERWARDS shutting down or disabling the problem until you get it fixed. (This is the route MS usually has taken.)
Me, I'll take #1. You FireFox Haters will of course take #2.... and you'll praise MS for shafting you.
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) | |
|
| | | Matt9
join:2004-01-29
New Bedford, MA | Re: Fast!! Can I take option 3? 3 being:
Realizing you have such a huge flaw in the first place, and not releasing your software until it's fixed.
Or is that too professional of an option for the Mozilla foundation? | |
|
| | | | RayWPremium
join:2001-09-01
Layton, UT
kudos:1 | Re: Fast!! said by Matt9:Can I take option 3? 3 being: Realizing you have such a huge flaw in the first place, and not releasing your software until it's fixed. Or is that too professional of an option for the Mozilla foundation? Ummm, and you pay for many option three's with Microsoft and bash one in the free Mozilla/Firefox? I guess it is people like you that makes Bill Gates so rich that my entire worth is less than the lint in his pocket.
Yeah I know, Microsoft is so big compared to Mozilla they have an 'excuse' because of size.
--
I am not lost, I find myself every time. | |
|
| | | | | | | Re: Fast!! No, I don't pay anything for IE. | |
|
| | | | | | wtansillNcc1701
join:2000-10-10
Falls Church, VA | Re: Fast!! said by RDSra :
No, I don't pay anything for IE.
Yeah, you do. It's bundled into the cost of the OS itself. You just don't see it as a separate cost item.
--
That which does not kill me merely prolongs the agony. | |
|
| | | | | | |  SNTPremium
join:2002-07-17
Satellite Beach, FL | Re: Fast!! said by wtansill:said by RDSra :
No, I don't pay anything for IE.
Yeah, you do. It's bundled into the cost of the OS itself. You just don't see it as a separate cost item. Linux + Wine = Free IE | |
|
| | | | | | | | wtansillNcc1701
join:2000-10-10
Falls Church, VA | Re: Fast!! said by SNT:said by wtansill:said by RDSra :
No, I don't pay anything for IE.
Yeah, you do. It's bundled into the cost of the OS itself. You just don't see it as a separate cost item. Linux + Wine = Free IE Missed that one. Still, it's the exception, but the rule.
--
That which does not kill me merely prolongs the agony. | |
|
| | | | | | | |
1 edit | Using IE in anything other than Windows is breaking the EULA of IE. That is like saying...xbox games are free cuz you have a modded xbox and you copy games so you can play them. You are just circumventing the rule.
And to quote the EULA...
"NOTE: IF YOU DO NOT HAVE A VALID EULA FOR ANY "OS PRODUCT" (MICROSOFT WINDOWS
95, MICROSOFT WINDOWS 98, MICROSOFT WINDOWS NT WORKSTATION 4.0, MICROSOFT
WINDOWS NT SERVER 4.0, MICROSOFT WINDOWS NT SERVER, ENTERPRISE EDITION 4.0 OR
MICROSOFT WINDOWS NT SERVER 4.0, TERMINAL SERVER EDITION), YOU ARE NOT
AUTHORIZED TO INSTALL, COPY, OR OTHERWISE USE THE OS COMPONENTS AND YOU HAVE
NO RIGHTS UNDER THIS SUPPLEMENTAL EULA."
»www.microsoft.com/msdownload/iep···ense.txt
So IE is NOT free. | |
|
| | | | | | | | | SNTPremium
join:2002-07-17
Satellite Beach, FL | Re: Fast!! 3 problems with that EULA.
1. ...any "OS Product"
Linux is an OS Product.
2. The list of OS's does NOT include XP
and 3. By that same EULA,
"The OS Components are provided to you by Microsoft to update,
supplement, or replace existing functionality of the applicable OS Product.
In the event your OS Product is a version of Windows NT Server, the OS
Components are deemed "Client Software." Microsoft grants you a license to use
the OS Components under the terms and conditions of the OS Product EULA for
the applicable OS Product (which are hereby incorporated by reference) and the
terms and conditions set forth in this Supplemental EULA, provided that you
comply with all such terms and conditions. To the extent that any terms in
this Supplemental EULA conflict with terms in the applicable OS Product EULA,
the terms of this Supplemental EULA control solely with respect to the OS
Components."
According to this, IE is not an OS component so the paragraph you quoted doesn't apply.
In conclusion,
Linux + Wine = Free IE. | |
|
| | | | | Matt9
join:2004-01-29
New Bedford, MA | I use Opera and Firefox as my browsers. I'm not comparing Firefox to Microsoft, Firefox is Mozilla and Microsoft is Microsoft, why compare them?
Releasing a program with such a blatant flaw is unprofessional and inexcusable no matter what company does it. Don't they test this stuff before they release it? Seems like every Firefox release there is always some major security issue they are always rushing to fix. Yeah, I know, at least they offer patches "quickly" (compared to Microsoft) and the patches work. But WHY aren't these programmers FINDING these holes BEFORE they release the product? Don't they care? Or is it "well we'll just release this and let the users find all the holes, then do damage control from there?" | |
|
| | | | | | RayWPremium
join:2001-09-01
Layton, UT
kudos:1 | Re: Fast!! said by Matt9: I'm not comparing Firefox to Microsoft, Firefox is Mozilla and Microsoft is Microsoft, why compare them? Because Microsoft has again started to and because they occupy the same ecological niche in the world of computing? And back in the early-mid 90's Microsoft threw a ton of resources and money to ensure that THEY would be the only browser around (my company at the time was directly affected by that)?
said by Matt9:But WHY aren't these programmers FINDING these holes BEFORE they release the product? Don't they care? Or is it "well we'll just release this and let the users find all the holes, then do damage control from there?" Well, I can not answer that except by inference and experience. My guess would be because there is no way a small group of programmers with a limited number of systems and a finite amount of time can find all the various loopholes and still be able to release a product in a time frame somewhat less than infinity. And face it, even the best programmers and testers have blind spots in their thinking. And it may be sacrilege to the "'zilla is God" crowd, but the 'zilla team is not a large, well funded, supposedly coherent team. It is an open source cooperative effort that seems to be doing quite well despite all their handicaps.
One would assume the smaller the group and the poorer the funding, the more the problems and the slower the fixes/workarounds
I think many of the comparisons boil down to the Microsoft's historical "head in the sand until there are no other options" and the apparent fast response by the 'zilla team.
As a closing note, I had an instructer long ago that said something to the affect that it does not matter how long a piece of software has been out or how well it has been worked over, it will still be a beta until the day it ceases to be used.
--
I am not lost, I find myself every time. | |
|
| | | |  King PDon't blame me. I voted for Ron PaulPremium
join:2004-11-17
Franklin, TN | Sorry, but if that were the case then Windows shouldn't even be around...let alone IE or SQL Server or any of the other buggy and exploitable software that most people praise microsoft for creating... | |
|
| | | | Reviews:
 ·Comcast
| said by Matt9:Can I take option 3? 3 being: Realizing you have such a huge flaw in the first place, and not releasing your software until it's fixed. Or is that too professional of an option for the Mozilla foundation? Ask that question of Microsoft while you're at it.
--
God Blesshttp://www.emmanuelcomputerconsulting.com-- carpe ductum -- "Grab the tape" | |
|
| | | | | Matt9
join:2004-01-29
New Bedford, MA | Re: Fast!! I don't care about Microsoft. I'm talking about Mozilla. Why do people always compare the 2 browsers when discussing flaws and how quickly they are fixed?
I'm not debating that Mozilla fixes them faster and more efficiently than Microsoft. I'm just trying to make the point that both exist and it seems that they release Firefox without really testing it. They find these flaws quickly a few days after a release -- why aren't they picked up on during TESTING and fixed BEFORE an official release? | |
|
| | | | | | That's easy to say for someone that has probably NEVER worked with or developed software. It's not as easy as you think.
Sadly, while we wish that all software is air-tight from the day it's released, if that was the case then nothing would get released. | |
|
| | | | | Matt9
join:2004-01-29
New Bedford, MA | Re: Fast!! These are big -- BIG flaws. Found not even a week after a release. Users, generally just browsing the web, came across them. How hard it would it be for SOFTWARE engineers to find them? I mean, really. Take a few hours of your day, browse the web. Wow...difficult, huh? Part of me wonders if Mozilla releases products with flaws just to get attention. | |
|
| | | | | | WTF? You are obviously not a programmer. Anyone with reason would understand that you can't catch every bug that a program will have before it is released. Chances are that there are a few bugs out there in widely used software that will never even be discovered at all.
If people spent too much time testing then we would never get software to use or new features added period. There has to be a balance between testing and a release schedule. It would not be "professional" to never release software because you are paranoid that there will be flaws in it (That would just be plain stupid). Ultimately your end users are the final test phase, and there will always be bugs to fix.
And after the software IS released, you don't have the option of living in a fantasy world where you can tell your users to not use your software until you can release a permanent fix. The professional thing to do is to release a temporary fix with which users can protect themselves, and then go develop a permanent bug fix that can go through all of the proper testing and reviews before being released as a patch and/or included in a future release of the software in question.
Mozilla has handled the situation quite well as many of the people in this thread have indicated. | |
|
| | | | | said by KrK:said by insomniac84:2) Take as long as a few months to release a fix or version update, meanwhile leaving your users exposed, and just hoping nobody takes advantage of it.... Oh and if a big exploit then does appear, then you put out a patch AFTERWARDS shutting down or disabling the problem until you get it fixed. (This is the route MS usually has taken.) Me, I'll take #1. You FireFox Haters will of course take #2.... and you'll praise MS for shafting you. C'mon -- ridiculous generalizations. Microsoft last month released a fix in IE in about 24 - 48 hours after it was found. Not saying that _always_ happens, but months? Microsoft is generally a lot more responsive than you think ... if you can, give examples of this specifically instead of these generalizations? | |
|
BananasPremium
join:2004-08-18
Santa Barbara, CA | easy fix Ok ... actually it was in my about:config already i just had to toggle it to false... but what worries me is the line immediately above. Here it is
network.dns.ipv4OnlyDomains default string doubleclick.net
What the heck is doubleclick doing in my config?
I hope i am not entirely clueless but as fas as i know doubleclick is a baddie.
Any ideas? | |
|
| apobull
join:2001-05-03
Manchester, MD | Re: easy fix Interesting as I have the same setting as well but again no idea why it is there. | |
|
|  Grail KnightQui audet adipisciturPremium
join:2003-05-31
Valhalla
kudos:6
·Time Warner Cable
| I do not have that setting at all.
I do not know if you have any extensions but if you do perhaps an extension added that string.
--
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050909 Firefox/1.0.6__Thunderbird version 1.0.6 (20050909) | |
|
| | | The network.dns.ipv4OnlyDomains string basically lists the servers that Firefox can't use IP Version 6 with, because they don't support it. It's not that they're selling you out, it's that they don't want pages to hang (which is what would happen if doubleclick was served ipv6). Furthermore, ipv6 sends even more user information than the other versions, so even if it did support it you might not want it to.
In short, this preference is nothing but a good thing. | |
|
| |  Mozilla more and more like Microsoft
»news.com.com/Unpatched+Firefox+f···201.html
Mozilla is unhappy with the disclosure of the flaw. "We'd like to make sure that by the time something goes public, we have a solution for the users," Schroepfer said.
»addons.mozilla.org/messages/307259.html
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. Firefox fans hailing Mozilla for the FIX are in state of denial.
--
My Web Page
Join Red Room Forum | |
|
| shrtckt1Fried RicePremium
join:2005-05-18
Athens, GA | Re: Mozilla more and more like Microsoft Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. | |
|
| | | | Re: Mozilla more and more like Microsoft said by shrtckt1:Awww come on Rich, This was a quick response to a problem until they can correct it for good. Actions speak louder than words. M/S should take notes. I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" | |
|
| | | KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK Reviews:
·AT&T DSL Service
| Re: Mozilla more and more like Microsoft said by insomniac84:I would think it would almost be better for a company to keep saying we will fix it in the next release, than sweeping it under the rug and fixing nothing by disabling it. Its almost as if they are saying, "We don't know how to fix it, so we didn't" So you take MS's approach, which is both, sweeping it under the rug, saying nothing about fixing it, and leaving everyone exposed until ??whenever?? in the future when they release a patch or the next version release?
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) | |
|
| | | Yup... I was not even aware of this "about:config" looks more and more like window's registery. | |
|
| | | How 'bout checking Bugzilla?
»bugzilla.mozilla.org/show_bug.cgi?id=307259
The bug is, in fact, fixed, both on trunk and branch. You can download a fixed build yourself. The only reason they haven't released it quite yet is because they'd like to fix a few other bugs in the meantime, as Firefox 1.0.x doesn't have automatic update and they don't want to force users to redownload Firefox for a bug with such a trivial workaround (Firefox 1.5 does, however, and they'll be getting the actual fix on Monday).
It took four days for them to completely fix it, three days to have the patches ready. That's fairly good turnaround time, methinks. | |
|
| | | Maybe you missed it, but this is only supposed to be a temporary fix. The real fix is coming later. It takes time to make and test an update.
I don't know what kind of utopian standard you are holding them up to, but they released this temporary fix pretty darn fast. Better then microsoft ever does. And I'd expect to see the real fix coming before too long.
BTW, the only similarity between about:config and the windows registry is that they both hold configuration data. about:config actually looks more like java properties or linux sysctl parameters. | |
|
|  Ryan FTake Back The WebPremium
join:2002-10-18
Alexandria, VA | You know, I think you just post because you like to see your own words on the screen. Had you actually read anything recent on the topic, you'd have found out that the fix that turns off IDN was created just about three hours AFTER they patched the exploit to ensure that users were immediately protected against this. This patch is the more permanent solution. | |
|
 envoid
join:2002-12-21
Duluth, GA | hmmmm said by mozillazine :
According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public "after a run-in with Mozilla staff".
»www.mozillazine.org/talkback.htm···cle=7307
tho supposedly he didn't post it sunday but tuesday. sounds like personal issues getting in the way. | |
|
| | | Re: hmmmm "Supposedly"? Again, I refer you to »bugzilla.mozilla.org/show_bug.cgi?id=307259.
It was reported on the sixth by Tom Ferris. The developers who fixed it made no personal comments about him, were quick to respond, did not underrate the bug's severity, and were clearly actively fixing it. Ferris, however, didn't ever actually respond to the bug after he'd posted it (he interpreted it incorrectly). When he posted on Secunia, he claimed there was a "run-in" with the Mozilla module owners; I'm not sure where the run-in came in. Nor am I sure why he posted it... | |
|
| |  recoil0Premium
join:2005-02-22
Exton, PA | Re: hmmmm and firefox doesn't have automatic updates for this in the new browser? It should at least be sent out as optional. | |
|
| | | | | Re: hmmmm Agreed. In fact, all the Mozilla folks agree with you, especially since they want to test the automatic update system more thoroughly. They intend to send out the patched build starting on Monday, since it takes a while to set up and they want to be able to deal with any regressions. Until then, the extension works fine (or you can compile the build from source, like I did, but that's not an option for most people). | |
|
 koamPink PeckerPremium
join:2000-08-16
East Puddle | link doesn't work for me That link for the download only opens a new tab "untitled" and doesn't download anything.
How should i fix that?
--
Danieli Consulting LLC, Strategy and Branding »kdanieli.com | |
|
| |
| | koamPink PeckerPremium
join:2000-08-16
East Puddle Reviews:
·Shoreham Telephone
| Re: link doesn't work for me I already did the "about:config" workaround so am protected from the vulnerability, but am concerned that the .xpi link didn't work. Is it something wrong on my side? Thanks.
--
Danieli Consulting LLC, Strategy and Branding »kdanieli.com | |
|
KyeU
join:2003-12-31
Canada | Hmm... The only thing that bugs me is that this was reported to Mozilla on the 4th of September, but only when the exploit code was publicly exposed did they do anything... | |
|
|  bcroninPremium
join:2004-03-27
Hyde Park, NY | Re: Hmm... Aye, but as soon as it was, they release a near-immediate workaround (and already have the final fix well in the works). Thats arguably better support than MS is able to provide in most cases, imho ... | |
|
|
approval from:
wtansill 
| I've posted the link to Bugzilla in two other threads on this article, so I'm not going to bother posting it again, but...
(1) The bug was reported (though not correctly) by Tom Ferris in the afternoon on September 6.
(2) Work was ongoing from the moment he reported it to the moment it was fixed (today). They were not slacking off.
(3) The fix would have gone into the next version (Firefox 1.0.7), which they are withholding because they'd like to fix a few other security-related bugs they know about, and the Firefox 1.0.x series does not have automatic update so it would unnecessarily require people to download a new browser for a simple fix.
(4) Firefox 1.5 beta 1, which does have an automatic update system, is receiving just such an update on Monday.
In the meantime, the Mozilla people have created an XPI to mitigate the problem temporarily, which they would not have had to do if the bug had not been prematurely reported on Secunia (for no discernable reason). This is the only action that they took that they would not have taken had the bug not been reported.
In light of all this, and the fact that Mr. Ferris reported it publically about two days after he submitted it to Mozilla, I'd say Mozilla reacted as best it could. | |
|
| | Geez.. Don't EVEN get started comparing Mozilla and Internet Explorer..Mozilla has ALWAYS been more secure than Internet Explorer...
You know what I've had to do with my sister's and mom's computer? Spyware galore, just simply by using a search engine and getting false links that they don't reckonize. No prompts of course. To say Internet Explorer is better than Mozilla in terms of security is just moronic.
At least Mozilla offers a work around, Microsoft doesn't offer work arounds for the most part, and they take FOREVER to release patches. Hell, Internet Explorer still has the same damn vulnerabilities from years ago..that haven't been patched...Old Coolwebsearch varients anyone?
--
- paranoidxe (txtfiles.org) | |
|
| Zarggg
join:2004-10-03
Easton, PA Reviews:
·ProLog
| Re: Geez.. I agree.
Internet Explorer has no way of disabling portions of its functionality if vulnerabilities are discovered. At least Mozilla and its younger brother Firefox have about:config where the entire problematic portion can be disabled until the fix is published. | |
|
| |  What in the heck is IDN?
| |
|
|  Bobb5Premium
join:2001-02-16
Kent, WA | Re: What in the heck is IDN? Luckily hardly anyone uses Firefox so not that many are at risk.
Hardly front page news.... | |
|
| | RayWPremium
join:2001-09-01
Layton, UT
kudos:1 | Re: What in the heck is IDN? said by Bobb5:Luckily hardly anyone uses Firefox so not that many are at risk. Hardly front page news.... Let me see, in my office of 32 people, about 20 or so use either Mozilla or Firefox unless we are doing official work that requires active-X and IDs as IE whatever millionth iteration they are on. Most of the people who have not downloaded 'zilla are the older people who are not comfortable with computers and the less technically literate.
Your mileage may vary.
--
I am not lost, I find myself every time. | |
|
| | | | said by Bobb5:Luckily hardly anyone uses Firefox so not that many are at risk. Hardly front page news.... Personally, I don't know a single soul that uses Firefox. Especially after I SHOW them how much faster and stabler Opera is!! 
--
Spread Opera. Fastest browser on Earth or in Cyberspace!! | |
|
| |
 ScilicetPremium
join:2005-04-11
Aurora, CO | The Fix To End All Fixes Mozilla had promised a browser alternative to beat all browsers. As an experiment in browser design, Mozilla has proven to be fix after fix. For me, it's time for the ultimate fix, deletion! | |
|
| | | Re: The Fix To End All Fixes Then you should delete IE also, talk about fix after fix! | |
|
| | ScilicetPremium
join:2005-04-11
Aurora, CO Reviews:
·Comcast
 ·Vonage
| Re: The Fix To End All Fixes What I dislike most about Mozilla as well as IE is the heavy-minded mentality of some of it's users or should I say followers. Good grief man you don't even present yourself to whom you think is a dissenter. It's only a program! If you want to wipe out Bill Gates, pool all your money together and buy him out. By the way, you can't delete IE, I tried.
-Mike
--
Never let your sense of morals prevent you from doing what is right. | |
|
| | | |
| |
| | |
1 edit | No program is flawless Yea mozillia is quick with the fixes. Only becuase they have so few being reported. Firefox isnt as air-tight secure as most people think (be it htat it is more secure then IE at the moment), just takes time for vulnerabilites to be discovered. And someone said it before, but a program is released with bugs to be fixed later, cuz ultimately programmers are under a clock set by there company to release that software.
Personall I dont use firefox or any other browser, i still use IE as my main browser. | |
|
|
|
