Comments on: Exploit code released for Firefox vulnerability http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/ Tom Raftery, social media consultant, speaker, blogger and podcaster Thu, 04 Dec 2008 21:20:06 +0000 http://wordpress.org/?v=2.6.3 By: Tom Raftery http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1673 Tom Raftery Fri, 23 Sep 2005 18:16:23 +0000 http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1673 Exactly Damien, Just like Firefox - the number of vulnerabilities reported for Firefox and their level of severity is far less than then number for Internet Explorer. Also, Firefox is faster releasing patches for reported vulnerabilities than is Microsoft. Exactly Damien,

Just like Firefox - the number of vulnerabilities reported for Firefox and their level of severity is far less than then number for Internet Explorer.

Also, Firefox is faster releasing patches for reported vulnerabilities than is Microsoft.

]]> By: Damien Mulley http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1672 Damien Mulley Fri, 23 Sep 2005 17:43:58 +0000 http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1672 <blockquote>This is because the Open Source pedigree of OS X means that the code base is peer reviewed and consequently far less vulnerable to exploits.</blockquote> Just like Firefox Tom?

This is because the Open Source pedigree of OS X means that the code base is peer reviewed and consequently far less vulnerable to exploits.

Just like Firefox Tom?

]]> By: Ed Byrne http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1668 Ed Byrne Fri, 23 Sep 2005 09:58:06 +0000 http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1668 If I worked for Apple I'd hire you in the moring! (Of course, I'd hire myself too) If I worked for Apple I’d hire you in the moring! (Of course, I’d hire myself too)

]]> By: Tom Raftery http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1667 Tom Raftery Fri, 23 Sep 2005 08:28:44 +0000 http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1667 <blockquote>The same is / will be true of Macs once (if ever) their user base reaches a critical mass - no question. </blockquote> Hey Lee, the buy a Mac comment was a bit tongue in cheek, tbh - however, I don't buy the numbers argument at all. 70% of the world's webservers are Apache and yet, the vast majority of the exploits for webservers are for IIS - I think the same would apply to PCs - if 70% of the world's PCs were Mac, the vast majority of exploits would still be for PC's. This is because the Open Source pedigree of OS X means that the code base is peer reviewed and consequently far less vulnerable to exploits.

The same is / will be true of Macs once (if ever) their user base reaches a critical mass - no question.

Hey Lee, the buy a Mac comment was a bit tongue in cheek, tbh - however, I don’t buy the numbers argument at all. 70% of the world’s webservers are Apache and yet, the vast majority of the exploits for webservers are for IIS - I think the same would apply to PCs - if 70% of the world’s PCs were Mac, the vast majority of exploits would still be for PC’s.

This is because the Open Source pedigree of OS X means that the code base is peer reviewed and consequently far less vulnerable to exploits.

]]> By: hostyle http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1666 hostyle Fri, 23 Sep 2005 08:04:10 +0000 http://www.tomrafteryit.net/exploit-code-released-for-firefox-vulnerability/#comment-1666 Also interesting is that its a very basic rewrite of an old IE exploit using buffer overflows. And while the exploit is now in the wild, the vulnerability was actually fixed by the Mozilla/Firefox team the day before the public disclosure. It does however still mean that there are a lot of vulnerable machines out there. As for buying a Mac - I would not recommend that as a security measure. Firefox has been out for quite some time and while it had a small user base very few vulnerabilities were found / exposed. The same is / will be true of Macs once (if ever) their user base reaches a critical mass - no question. Also interesting is that its a very basic rewrite of an old IE exploit using buffer overflows. And while the exploit is now in the wild, the vulnerability was actually fixed by the Mozilla/Firefox team the day before the public disclosure. It does however still mean that there are a lot of vulnerable machines out there. As for buying a Mac - I would not recommend that as a security measure. Firefox has been out for quite some time and while it had a small user base very few vulnerabilities were found / exposed. The same is / will be true of Macs once (if ever) their user base reaches a critical mass - no question.

]]>