Comments on: Firefox leads in browser vulnerabilities http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/ Top Technology news Mon, 13 Feb 2012 11:40:13 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Robert http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227882 Robert Wed, 11 Nov 2009 04:56:01 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227882 Secunia PSI shows; Description: Stefan Esser has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability exists because pages that don't specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset. Successful exploitation requires that the user is tricked into visiting a malicious web site. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected. While Mozilla Firefox 3.5.5 shows up as fully patched and SECURE. Secunia PSI shows; Description:
Stefan Esser has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerability exists because pages that don’t specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset.

Successful exploitation requires that the user is tricked into visiting a malicious web site.

The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected. While Mozilla Firefox 3.5.5 shows up as fully patched and SECURE.

]]> By: JDM http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227312 JDM Mon, 09 Nov 2009 22:47:50 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227312 I suppose this is the greatest strength and weakness in any popular Opensource product. However, comparing Opensource and proprietary browsers on the basis of "vulnerability" is unfair to both. I suppose this is the greatest strength and weakness in any popular Opensource product.

However, comparing Opensource and proprietary browsers on the basis of “vulnerability” is unfair to both.

]]> By: mick http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227296 mick Mon, 09 Nov 2009 22:08:00 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227296 spot on dorian, i use google chromium spot on dorian, i use google chromium

]]> By: dorian http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227292 dorian Mon, 09 Nov 2009 22:06:27 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227292 correct ncaissie, if u look at data, firefox is in fact slower than IE to correct vulnerabilities. I am surprised the article does not mention google chrome which only accounts for 1.2% of vulnerabilities, is updated fast and is (with its recent update) faster than firefox. I however use Opera correct ncaissie, if u look at data, firefox is in fact slower than IE to correct vulnerabilities. I am surprised the article does not mention google chrome which only accounts for 1.2% of vulnerabilities, is updated fast and is (with its recent update) faster than firefox. I however use Opera

]]> By: ncaissie http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227250 ncaissie Mon, 09 Nov 2009 19:30:31 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227250 You are wrong geo. Firefox does not update very often. MS has procedures to follow and is accountable. Open source is not. You are wrong geo.
Firefox does not update very often. MS has procedures to follow and is accountable. Open source is not.

]]> By: geolight http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/comment-page-1/#comment-227176 geolight Mon, 09 Nov 2009 13:37:24 +0000 http://tech.blorge.com/Structure:/2009/11/09/firefox-leads-in-browser-vulnerabilities/#comment-227176 The important bit is how fast do they address and fix those vulnerability? Microsoft takes forever to fix anything in IE, where are Firefox addresses vulnerability very fast, as such, a fully patched Firefox is waaay better than a fully patched IE. enough said.... The important bit is how fast do they address and fix those vulnerability? Microsoft takes forever to fix anything in IE, where are Firefox addresses vulnerability very fast, as such, a fully patched Firefox is waaay better than a fully patched IE. enough said….

]]>