firefox insecurity?

Alex Dean alex at
Tue Sep 20 11:38:26 MST 2005

Also, as the Symmantec article states, their report is dealing with 
'vendor-confirmed vulnerabilities', which means 'vulnerability in 
Firefox according to Mozilla' vs. 'vulnerability in IE according to 
Microsoft'.  Given that there's no way to ensure these are the same 
standard (and I suspect most of us are sure it is NOT the same 
standard), this isn't a very useful measurement in my view.


Kenneth wrote:

>Up to a point, this is the argument that appears
>several times per week on the *.advocacy usenet
>groups.  The number of vulerabilities isn't the whole
>In open source code, often vulnerabilities are spotted
>by the community, and can be patched before being
>exploited.  We only hear about vulnerabilities in MS
>products after they have been exploited.  If MS has
>any internal security auditing team, and they found
>some that had not been exploited, we would never know
>about them, they would simply be patched (or not) with
>the next update.
>I don't know how much of this applies to firefox,
>maybe it is less secure for all I know, but this is
>the general argument when people talk about number of
>vulnerabilities in MS vs OSS.

More information about the PLUG-discuss mailing list