[SOLVED] Have dumped Firefox, is IE8 any better?

For security reasons, I removed all versions of Firefox that was on my Windows installs. Regardless of any opinion, I've permanently parted ways with FF. I described the reason in another thread. Now, I have a choice to make. I've tried Chrome and didn't like it (a critical password was displayed within the string of numbers & letters over a bookmark). Opera required an opening in the firewall, so that's out. Safari requires a lot of space, and Bonjour and Apple Software Update too, that's a last option. Is IE8 better on Windows 7 than it was on XP Pro? IE7 was a fine browser, in fact, it's still the #1 most used worldwide. But that will change as 7 rolls forward. IE8 simply crippled my XP Pro laptop, as far as browsing is concerned. But this is Windows 7 that I'm looking for a browser for, not XP. I installed IE7 on them. The main thing(s) that I notice are, ads popup, regardless of my setting the control to block all popups. The second is, when opening a link in an email, instead of IE opening another tab, it opens another web page. How can I control these issues?

You moved from Firefox to IE8 for security reasons?

Wow! Now you're going through what the EU is making all Europeans go through when they buy Win7.

You have shot down all the big ones so why not try SeaMonkey?. Mozilla, but what the heck.

I don't use it much, but IE8 runs fine in Win7. I also have it installed and it runs well on XP Home.

Good luck.

Yes, Firefox has a problem with "arbitrary code execution", something that's far more serious than a ordinary virus or malware. Your computer can be entirely taken over through this method. You probably are aware of what this term means, if not, the definition is in Wikipedia. This problem has been used through Firefox since early 2006, and it's still not certain that the problem is resolved. It can attack a Windows or Linux user, although Windows users have mainly been targeted with this. At first, I thought it was a bunch of hogwash, and went into defensive mode on FF's behalf (on another forum), a couple of more rounds of how this was not possible finally drew the attention of the moderator of the forum, and I was issued an official warning, with a notice of "creating an enviornment where the users feel perfectly safe, when they were not" would lead to supension on the forum. At that point, I researched the term through Wikipedia, and I felt like an ass for my assertions that FF was a perfectly safe browser, after reading the Wiki article and the 13 pages of a thread on this very topic, and the relation with FF. Secunia initally issued the vulnerability of FF in regard to this issue. This has been a known issue since early 2006, when the thread started. I hope this answers my question, as I don't want a program of this nature on my computer. It is one of the worst attacks that can be placed on a computer.

Seamonkey was included with this warning. I'm going to research it further. After research, there was confirmation of the problem both with FF and Seamonkey. Do a Bing search "does Firefox have a problem with arbitrary code execution" w/o the quotes, you'll see it. Being that it has been a longtime problem, it's too soon for Secunia to say the problem is gone. FF 3.6.2 has only a day or two been released, that's not enough time to say the problem is gone.

I went to the Secunia website and downloaded the Secunia PSI security scanner. It's free for personal use.

The ONLY thing(s) it found with vulnerabilities was Adobe Flash Player. Downloaded the update patches which the scanner listed and I'm 100% secure now (according to Secunia's software.) These vulnerabilities were considered a 3rd level or mid-level threat.

No issues at all with Firefox at all, and the browser was open during the scan.



Can you post info about what you're stating? I went to Wikipedia and didn't find anything at all related to what you're talking about.

Give some links, screenshots, etc., to back up your position, please.

Using the Bing search engine, type "does firefox have problems with arbitrary code execution", you will see many links to this issue. And do a Wiki search on the issue itself, it's a dangerous problem.

I asked you to post links and screenshots. Found it anyway using Bing on IE8, Secunia recommended to update FF to v3.6.2, which I did yesterday and I have zero issues with it.

The following are screenshots of the Secunia PSI security scanner software and it's results.










From the Secunia website about the vulnerability you described:

Description
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

1) An integer overflow error exists in the processing WOFF fonts. This can be exploited to cause a heap-based buffer overflow and execute arbitrary code via a web page embedding a WOFF font with an overly large "origLen" field.

2) A use-after-free error when handling "multipart/x-mixed-replace" images can be exploited to potentially execute arbitrary code.

3) An error in the implementation of the "window.location" JavaScript object can be exploited to bypass access restrictions imposed by certain plugins and disclose data from a different domain or from the local system.

4) Multiple errors in the browse engine can be exploited to corrupt memory and potentially execute arbitrary code.

5) An error related to the implementation of the "addEventListener()" and "setTimeout()" methods can be exploited to capture keystroke events from a cross-origin frame or window.

This is related to vulnerability #3 in:
SA26095

6) An error in the implementation of security checks used when preloading images can be exploited to perform privileged actions via certain add-ons, by specifying a restricted protocol.

7) An error in the processing of stylesheets used in XUL documents can be exploited to pollute the XUL cache and change browser style attributes.

8) An error in the implementation of the asynchronous Authorization Prompt can be exploited to potentially capture HTTP authorization credentials used for another domain.

The vulnerabilities are reported in versions prior to 3.6.2.

Solution
Update to version 3.6.2.


Provided and/or discovered by
1) Reportedly a module for VulnDisco Pack.

I should note for the record that an "arbitrary code execution" security problem is the single most common type of security breach for a browser. IE6, IE7 and IE8 was susceptible to one in January.

Switching browsers because of an arbitrary code execution flaw is like changing houses because someone might break into your home.

Just tried Secunia myself. Gave me a 100% score as well. Using Firefox. It made referencing to something about IE a flash plug in i think but I never use IE anyway.

Mike