Comments on: Measure What Matters – The SEC Essentials

By: Daniel Veditz

Daniel Veditz — Tue, 09 Jun 2009 17:41:45 +0000

Paul: sorry you keep getting infected, but are you sure it’s Firefox? We are aware of no “in-the-wild” exploits that affect recent versions of Firefox 3, and it’s not just our small team looking, we are also contacted by internet security firms and researchers when they come across new attacks. What we do see is a lot of attacks on old plugins since their ubiquity makes them profitable multi-browser targets.

Please make sure your plugins are updated to the most recent version from their respective vendors and see if that helps. And don’t forget to check external document viewers like Adobe Reader and Microsoft Word.

If you’re still getting infected after that I would love to get a copy of your browser history if you’re willing to share it. If so contact us at security@mozilla.org

By: Paul_Bags

Paul_Bags — Tue, 09 Jun 2009 09:24:28 +0000

I’ve been getting constant trojans for the last month or so while browsing with firefox. It is the only program running at the time, and the only possible source of these instances of malicious code running on my machine. It occurs after restoring from backup hard drive images, as well as complete, clean, reinstalls.

In my eyes both the quality and security of firefox has been declining for a long time, and I am seriously considering ditching it for something else. However I still prefer the firefox interface, I’m comfortable with it, and I hold out hope for a return to the brilliance, stability, and security once inherent to firefox.

By: Bill Mitchell

Bill Mitchell — Mon, 01 Jun 2009 11:56:53 +0000

Can I remove IE from my system? I run latest Firefox/w, XP Pro SP3. Still get MS updates? Going blind so need Zoom Text, built for IE. I got it to work with Firefox! A vet hacking my way in the dark. Still have a need for speed. Thanks for your valued time.

By: Fill

Fill — Wed, 20 May 2009 06:47:18 +0000

I use NoScript and FlashBlock. I refused to AdBlock plus because this addon led to crash Firefox. May be he not working only with me =) But addon very cool.

By: Pseudonymous Coward

Pseudonymous Coward — Sat, 02 May 2009 15:36:06 +0000

In the light of the recent NoScript/Adblock Plus controversy, I think Mozilla Security should focus its attention on the questionable security model of its add-ons mechanism. Suggestions:

1. A strong Javascript sandbox.
2. Why on earth do extensions have such raw power in Firefox? We need a strong add-ons sandbox too.

By: Tom

Tom — Wed, 29 Apr 2009 12:47:53 +0000

If your security is so good, how come I can’t stop google analytics, omniture and the other ad surveys from popping up on my computer when I am in Firefox? I don’t have this happen with Safari.

By: Tristan

Tristan — Mon, 27 Apr 2009 02:33:38 +0000

Hey Johnathan, I’ve whipped up a translation in French of this post. It’s located here: http://standblog.org/blog/post/2009/04/27/Mesurer-ce-qui-est-important-%3A-S%C3%A9v%C3%A9rit%C3%A9%2C-Dur%C3%A9e-d-exposition-et-Compl%C3%A8te-divulgation

You’ve written an excellent post that deserves more eyeballs!

By: B.J. Herbison

B.J. Herbison — Sat, 25 Apr 2009 20:31:22 +0000

I find Mozilla lacking in the disclosure area. In particular, take a look at http://www.mozilla.org/security/ — the last two Firefox security patch releases aren’t even mentioned. The top of the page says “we understand the importance of security”, but the lack of updates says “we don’t think security is very important”.

(I’ve reported lags in updating that page many time over several years. It’s hard to find contacts, or at least contacts that will respond to e-mail. The page needs someone to take ownership.)

By: gandalf

gandalf — Thu, 23 Apr 2009 00:49:59 +0000

Y – “You attitude” – bugs that are putting me at risk should be more important -> bugs that are exploitable on SPARC machines or Amiga should be less exposed than those for Windows XP

By: Josh

Josh — Wed, 22 Apr 2009 22:16:25 +0000

@Jesse

“Y”ear over Year improvement?