SOLVED Have dumped Firefox, is IE8 any better?

[catilley1092]

For security reasons, I removed all versions of Firefox that was on my Windows installs. Regardless of any opinion, I've permanently parted ways with FF. I described the reason in another thread. Now, I have a choice to make. I've tried Chrome and didn't like it (a critical password was displayed within the string of numbers & letters over a bookmark). Opera required an opening in the firewall, so that's out. Safari requires a lot of space, and Bonjour and Apple Software Update too, that's a last option. Is IE8 better on Windows 7 than it was on XP Pro? IE7 was a fine browser, in fact, it's still the #1 most used worldwide. But that will change as 7 rolls forward. IE8 simply crippled my XP Pro laptop, as far as browsing is concerned. But this is Windows 7 that I'm looking for a browser for, not XP. I installed IE7 on them. The main thing(s) that I notice are, ads popup, regardless of my setting the control to block all popups. The second is, when opening a link in an email, instead of IE opening another tab, it opens another web page. How can I control these issues?

 

[Thrax]

You moved from Firefox to IE8 for security reasons?

 

[yodap]

Wow! Now you're going through what the EU is making all Europeans go through when they buy Win7. :dontknow:

You have shot down all the big ones so why not try SeaMonkey?. Mozilla, but what the heck.

I don't use it much, but IE8 runs fine in Win7. I also have it installed and it runs well on XP Home.

Good luck.

 

[catilley1092]

Yes, Firefox has a problem with "arbitrary code execution", something that's far more serious than a ordinary virus or malware. Your computer can be entirely taken over through this method. You probably are aware of what this term means, if not, the definition is in Wikipedia. This problem has been used through Firefox since early 2006, and it's still not certain that the problem is resolved. It can attack a Windows or Linux user, although Windows users have mainly been targeted with this. At first, I thought it was a bunch of hogwash, and went into defensive mode on FF's behalf (on another forum), a couple of more rounds of how this was not possible finally drew the attention of the moderator of the forum, and I was issued an official warning, with a notice of "creating an enviornment where the users feel perfectly safe, when they were not" would lead to supension on the forum. At that point, I researched the term through Wikipedia, and I felt like an ass for my assertions that FF was a perfectly safe browser, after reading the Wiki article and the 13 pages of a thread on this very topic, and the relation with FF. Secunia initally issued the vulnerability of FF in regard to this issue. This has been a known issue since early 2006, when the thread started. I hope this answers my question, as I don't want a program of this nature on my computer. It is one of the worst attacks that can be placed on a computer.

 

[catilley1092]

Wow! Now you're going through what the EU is making all Europeans go through when they buy Win7. :dontknow:

You have shot down all the big ones so why not try SeaMonkey?. Mozilla, but what the heck.

I don't use it much, but IE8 runs fine in Win7. I also have it installed and it runs well on XP Home.

Good luck.

Seamonkey was included with this warning. I'm going to research it further. After research, there was confirmation of the problem both with FF and Seamonkey. Do a Bing search "does Firefox have a problem with arbitrary code execution" w/o the quotes, you'll see it. Being that it has been a longtime problem, it's too soon for Secunia to say the problem is gone. FF 3.6.2 has only a day or two been released, that's not enough time to say the problem is gone.

 

[Nibiru2012]

I went to the Secunia website and downloaded the Secunia PSI security scanner. It's free for personal use.

The ONLY thing(s) it found with vulnerabilities was Adobe Flash Player. Downloaded the update patches which the scanner listed and I'm 100% secure now (according to Secunia's software.) These vulnerabilities were considered a 3rd level or mid-level threat.

No issues at all with Firefox at all, and the browser was open during the scan.

Can you post info about what you're stating? I went to Wikipedia and didn't find anything at all related to what you're talking about.

Give some links, screenshots, etc., to back up your position, please.

 

[catilley1092]

Using the Bing search engine, type "does firefox have problems with arbitrary code execution", you will see many links to this issue. And do a Wiki search on the issue itself, it's a dangerous problem.

 

[Nibiru2012]

I asked you to post links and screenshots. Found it anyway using Bing on IE8, Secunia recommended to update FF to v3.6.2, which I did yesterday and I have zero issues with it.

The following are screenshots of the Secunia PSI security scanner software and it's results.

From the Secunia website about the vulnerability you described:

Description
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

1) An integer overflow error exists in the processing WOFF fonts. This can be exploited to cause a heap-based buffer overflow and execute arbitrary code via a web page embedding a WOFF font with an overly large "origLen" field.

2) A use-after-free error when handling "multipart/x-mixed-replace" images can be exploited to potentially execute arbitrary code.

3) An error in the implementation of the "window.location" JavaScript object can be exploited to bypass access restrictions imposed by certain plugins and disclose data from a different domain or from the local system.

4) Multiple errors in the browse engine can be exploited to corrupt memory and potentially execute arbitrary code.

5) An error related to the implementation of the "addEventListener()" and "setTimeout()" methods can be exploited to capture keystroke events from a cross-origin frame or window.

This is related to vulnerability #3 in:
SA26095

6) An error in the implementation of security checks used when preloading images can be exploited to perform privileged actions via certain add-ons, by specifying a restricted protocol.

7) An error in the processing of stylesheets used in XUL documents can be exploited to pollute the XUL cache and change browser style attributes.

8) An error in the implementation of the asynchronous Authorization Prompt can be exploited to potentially capture HTTP authorization credentials used for another domain.

The vulnerabilities are reported in versions prior to 3.6.2.

Solution
Update to version 3.6.2.


Provided and/or discovered by
1) Reportedly a module for VulnDisco Pack.

 

[Thrax]

I should note for the record that an "arbitrary code execution" security problem is the single most common type of security breach for a browser. IE6, IE7 and IE8 was susceptible to one in January.

Switching browsers because of an arbitrary code execution flaw is like changing houses because someone might break into your home.

 

[Mychael]

Just tried Secunia myself. Gave me a 100% score as well. Using Firefox. It made referencing to something about IE a flash plug in i think but I never use IE anyway.

Mike

 

[HaveBlues2]

Have you tried that speedy Browser called K-Meleon yet? Not much too look at but it's just as fast as Safari.

 

[HaveBlues2]

I just ran Secunia PSI and I didn't have a single issue with FF or any other applications. Scoring 100% works for me.

 

[Core]

I'm using Chrome these days, and it's fantastic.

 

[yodap]

Secunia says I'm good too.

If you're really worried, You can run any browser sand boxed.

http://www.sandboxie.com/

 

[Nibiru2012]

yodap,

Thanks for the reminder about Sandboxie. I found that it is now x64 capable.

I tried using Maxthon browser just for grins and it is very slow.

 

[catilley1092]

I'm trying out this new IE9 pre-release that was offered to me today. It has no support, and a little rough around the edges, but finally Windows is moving forward with IE9. With that in mind, this thread is solved.

 

[yodap]

Surely you haven't decided to use that as your main browser. New, untested, featureless and dare I say, less than secure.

 

[catilley1092]

I'm willing to do my part to make IE a better browser. What if when the RC of Windows 7 was released, people felt that way? Open market testing is the only way to detirmine if a product is good or not. Microsoft has finally realized this, look at the success of Windows 7. Were it not for the beta testers, it may have not been such a great product. Microsoft needs us to test and report problems, so that hopefully IE9 will receive a better reception than IE8 did. Unless I have problems with access to websites, this will be my default browser.

 

[yodap]

I'm not knocking you. I beta test also, obviously, I've been a member of this forum for a year. And thanks for the heads up on this one, but is this the only browser you want to use right now? Do you feel it is secure enough for anyone to use for paying bills or banking online? I'll probably give it a test run in a limited way, but that's it.

Like I said earlier, good luck with it.

 

[catilley1092]

I'm not knocking you. I beta test also, obviously, I've been a member of this forum for a year. And thanks for the heads up on this one, but is this the only browser you want to use right now? Do you feel it is secure enough for anyone to use for paying bills or banking online? I'll probably give it a test run in a limited way, but that's it.

Like I said earlier, good luck with it.

I'm using IE8 for the time being, yodap. No, I would never do any transactions on this kind of browser. But I'm using it for everyday browsing. Really, it's good that Microsoft has decided to release this so soon. Like with Windows 7, we can give input as to what does and doesn't work. The RC of Windows 7 wasn't this raw. There's a debug and report issue shortcuts. My AV is still protecting me. If Microsoft releases every major product like this, it's a step in the right direction. They are giving us some say in the matter. There's Office products that has beta versions, too, although they aren't this raw, either. I like what they are doing, they're not content having over 90% of the computing population, they want it all, and this is good public relations for the corporation.