Firefox: 71 exploits found

655 bugs and 71 exploits have been found by an automated code analysis process. And then you people trust that insecure software as your web browser?

http://www.g2zero.com/2006/09/examining_defects_in_the_firef.html

www.opera.com

Except the article says 'may be' and 'possible' a lot.

Also, it's not obvious to me how you'd exploit any of those types bugs, but if any of them are exploitable, I'm sure they'll be fixed soon enough.

Oh boy, I'm so glad my vulnerability is only potential! That I may potentially get assraped doesn't necessarily mean that I will, so I can safely ignore all those security holes.

Well, now you're just being much too transparent. Practice more, try trolling Slashdot and see what works best.

I wonder if the bug-checking program would crash if you run it on the IExplore codebase...

Enjoy your closed-source featureless crap browser then.

MOZILLA IS BASED ON CLEAN SECURE CODE. IT IS FRESH AND NEW, JUST LOOK AT NETSCAPE 4 AND SEE THE LIGHTWEIGHT LOW-BLOAT STANDARDS-COMPLIANT CODEBASE MOZILLA HAS CHOSEN TO BUILD UPON.

I would have rather waited 2 years longer for firefox 1 if it had a new engine than have it still use gecko

>>8
I doubt any of that code survives today. First, they started with the next Netscape, not 4. Second, they built a new engine from scratch. Third, they ditched the UI. Fourth, they rewrote the client code. Fifth, they added the component system which they now use. Sixth, JavaScript has changed too. And I could go on.

>>10
So they replaced old vulnerabilities by new ones

>>11
Just like Opera

Just like all software. Goes with the territory.

What'd be more interesting is the internal architecture. That's why IE sucks balls no matter how much they patch it.

>>10
It could also be said the Gecko was pretty badly coded to begin with, but I think it's pretty foolish to think they started totally afresh. There was probably a lot of duped code from NS4 even though it was marketed as a total revamp (Opera did this with version 7, but I've no doubt there's loads of pre-7 code in Presto, for instance.)

Also, the "new Netscape" was still built on all sorts of retarded premises and ideas that do nothing for the user, like XUL. The "WE WILL BECOME THE DESKTOP!" mindset of confused-late-90s-Netscape is prevalent in 2006 Firefox in both the source code and Mozilla's attitude to the community. Why else would it be the most bloated and second-most insecure browser, despite being one of the largest and most prominent open source projects ever?

>>14

age for the harsh yet beautiful truth

>>14
Gecko had few stability issues, and had and still has one of the best standards implementation, going as far as the most useful parts of CSS3 already done. Gecko is pretty damn fast, and still is. It was surely an improvement over MSIE, which was previously faster. It's Firefox' UI what's slow. Compare K-Meleon.

XUL is actually a good idea for distributed applications with lightweight, smart clients; your only other choice is the web and it was not designed for it; web applications suck sure there's AJAX, but it's made of dirty and hack, there are few actually useful frameworks where you wouldn't have to do everything by hand, and it's a PAIN IN THE ASS to do, which means it's IMPRODUCTIVE.

XUL's problem is it was designed like business software, and ended up being bloated and enterprise'd a bit, plus there's the whole web 2.0 services shiz behind it. On top of that, its documentation must be the worst ever; it's as bad as having a fetus shoven up your ass twice.