Sign In
Register
Help
How can you use "this week's blip" to represent the generalized story? Is this how you play the stock market too?
Assuming that all these stats are correct what I see is this.
World Spam contribution (at least this is over a year):
http://www.digitimes...0421PD201.html]
China 13% Korea 2%
World PC share:
[http:/www.c-i-a.com/pr0109.htm
China 8.29% Korea 2.93%
Spam share / PC: China 13/8.29 Korea 2/2.93
So even if there is a direct correlation to Spam and number of PC's...it's still China that is the bigger perpetrator!
You are truly reaching. I'm sure you're going to dig up yet another link to try to rationalize it in some odd manner. Go ahead! Keep digging your own hole! Puleeezze!
The Firefox 3.5 vs. IE8 Deathmatch
#81
rasmasyean 
- Senior Member
-
- Group: Members
- Posts: 704
- Joined: 31-October 08
Posted 03 May 2009 - 07:43 PM
MultiQuote
#82
shekharc
- Newbie
-
- Group: Members
- Posts: 9
- Joined: 07-April 09
Posted 03 May 2009 - 08:27 PM
Quote
How can you use "this week's blip" to represent the generalized story? Is this how you play the stock market too?
You are again demonstrating your half-baked understanding of the things. The spam % is not something like a ocean-wave that comes at a second and vanishes in the other. The spam % of 5% would have been sustaining from last 2-3 months at least.
Quote
Assuming that all these stats are correct what I see is this.
World Spam contribution (at least this is over a year):
http://www.digitimes...90421PD201.html
World Spam contribution (at least this is over a year):
http://www.digitimes...90421PD201.html
I couldn't open this link because it is a paid site and I have no intention to pay for it. Although, it may be an usual attempt to create FUD by an M$-fanboy by providing a publicly inaccessible link, lets "assume" that what you are claiming is true.
Then, what is the reason of sudden increase in the spam from Korea? Are they installing more IE-8? :-D
Quote
http://www.digitimes...90421PD201.html
China 13% Korea 2%
World PC share:
http:/www.c-i-a.com/pr0109.htm (http://www.c-i-a.com/pr0109.htm)
China 8.29% Korea 2.93%
China 13% Korea 2%
World PC share:
http:/www.c-i-a.com/pr0109.htm (http://www.c-i-a.com/pr0109.htm)
China 8.29% Korea 2.93%
>
Quote
Spam / PC: China 13/8.29 Korea 2/2.93
http://www.marshal8e..._statistics.asp & http://www.c-i-a.com/pr0109.htm show something else and this is the most recent data:
% SPAM: China = 2.5%, Korea = 5%
% PCs: China = 8.29%, Korea = 2.93%
Now, to establish which one is the correct representation, there comes two questions:
Can spam increase from 2% to 5% in a week and go back to 0.5% in the next week (yes, average of 2% means something like this)?? If we consider the fact that number of computers in this world is more than 1 billion, this is impossible.
After keeping this fact in mind, and "assuming" that the average of the Korean spam of 2% you gave us is true, and also that 5% of Korean spam is the current data, it certainly depicts something devastating going on in the Korean internet community....they seem to be very prompt in updating their PCs with IE-8, a security blackhole.
Quote
So even if there is a direct correlation to Spam and number of PC's...it's still China that is the bigger perpetrator!
You are truly reaching. I'm sure you're going to dig up yet another link to try to rationalize it in some odd manner. Go ahead! Keep digging your own hole! Puleeezze!
You are truly reaching. I'm sure you're going to dig up yet another link to try to rationalize it in some odd manner. Go ahead! Keep digging your own hole! Puleeezze!
Educate yourself and learn how to analytically read statistical data, and so some maths as homework. And think, if you can, before ridiculing yourself on global forums by demonstrating your half-baked knowledge.
#83
rasmasyean
- Senior Member
-
- Group: Members
- Posts: 704
- Joined: 31-October 08
Posted 03 May 2009 - 11:35 PM
bq. "You are again demonstrating your half-baked understanding of the things. The spam % is not something like a ocean-wave that comes at a second and vanishes in the other. The spam % of 5% would have been sustaining from last 2-3 months at least."
So if South Korea changes from #6 last week to #4 this week and 2% in 2008 and ~5% this week, that's not an example of "ocean wave" behavior? Gimme a break. You constantly contradict yourself with your OWN research and try pretend to insult other people's intelligence for seeing right through your farce. I'm done responding to your crap and wasting my time. It's one thing if you come up with legit arguments, but the one thing I hate is someone who makes up BS and think's he's all that! Sorry!
bq. "I couldn't open this link because it is a paid site and I have no intention to pay for it. Although, it may be an usual attempt to create FUD by an M$-fanboy by providing a publicly inaccessible link, lets "assume" that what you are claiming is true. Then, what is the reason of sudden increase in the spam from Korea? Are they installing more IE-8? :-D"
No, you can't open that site because I can't open it either in FireFox apparently, but it opens fine in IE. That's prolly just another site that doesn't work in FireFox. Rolf! What a coincidence? Not! Happened all the time to me in FF so that's why I use IE! It happened so much that as soon as you said that my first reaction was "Oh, let me try FireFox, I bet it doesn't work." And I am right once again! Looks like you're the one with all the FUD and consipracy theories. And NO, I do not have a subscription to digitimes if that's what you are thinking.
So if South Korea changes from #6 last week to #4 this week and 2% in 2008 and ~5% this week, that's not an example of "ocean wave" behavior? Gimme a break. You constantly contradict yourself with your OWN research and try pretend to insult other people's intelligence for seeing right through your farce. I'm done responding to your crap and wasting my time. It's one thing if you come up with legit arguments, but the one thing I hate is someone who makes up BS and think's he's all that! Sorry!
bq. "I couldn't open this link because it is a paid site and I have no intention to pay for it. Although, it may be an usual attempt to create FUD by an M$-fanboy by providing a publicly inaccessible link, lets "assume" that what you are claiming is true. Then, what is the reason of sudden increase in the spam from Korea? Are they installing more IE-8? :-D"
No, you can't open that site because I can't open it either in FireFox apparently, but it opens fine in IE. That's prolly just another site that doesn't work in FireFox. Rolf! What a coincidence? Not! Happened all the time to me in FF so that's why I use IE! It happened so much that as soon as you said that my first reaction was "Oh, let me try FireFox, I bet it doesn't work." And I am right once again! Looks like you're the one with all the FUD and consipracy theories. And NO, I do not have a subscription to digitimes if that's what you are thinking.
#84
yankeeDDL
- Advanced Member
-
- Group: Members
- Posts: 286
- Joined: 07-April 09
Posted 03 May 2009 - 11:50 PM
Shekharc, the digitimes link works fine for me (no subscription or anything). I put a snapshot below ...
I think you guys are going a bit off track on something very "subjective".
Here's an article that may shed some truth about why FireFox + NoScript is more secure than IE8. http://blogs.zdnet.c...ecurity/?p=1421
There are plenty along these lines. It is simply logical: disabling Java/Javascript on unknown sites and not having ActiveX support is simply going to dramatically reduce the chances of you getting infected because it will be a lot harder to get your browser to run anything unwanted on your PC.
!http://forums.pcworld.com/legacyimages/
1!
I think you guys are going a bit off track on something very "subjective".
Here's an article that may shed some truth about why FireFox + NoScript is more secure than IE8. http://blogs.zdnet.c...ecurity/?p=1421
There are plenty along these lines. It is simply logical: disabling Java/Javascript on unknown sites and not having ActiveX support is simply going to dramatically reduce the chances of you getting infected because it will be a lot harder to get your browser to run anything unwanted on your PC.
!http://forums.pcworld.com/legacyimages/
1!
#85
yankeeDDL
- Advanced Member
-
- Group: Members
- Posts: 286
- Joined: 07-April 09
Posted 04 May 2009 - 12:01 AM
@ rasmasyean
> No, you can't open that site because I can't open it either in FireFox apparently, but it opens fine in IE. That's prolly just another site that doesn't work in FireFox. Rolf! What a coincidence? Not! Happened all the time to me in FF so that's why I use IE! It happened so much that as soon as you said that my first reaction was "Oh, let me try FireFox, I bet it doesn't work." And I am right once again! Looks like you're the one with all the FUD and consipracy theories. And NO, I do not have a subscription to digitimes if that's what you are thinking.
[/quote]
There must be something wrong with your setup, or you're simply out of luck.
I can open your link just fine in Firefox (both Firefox 3.0.10 and Firefox 3.6preAplha). I never had any of the problems you described using Firefox in the last 5 years.
> No, you can't open that site because I can't open it either in FireFox apparently, but it opens fine in IE. That's prolly just another site that doesn't work in FireFox. Rolf! What a coincidence? Not! Happened all the time to me in FF so that's why I use IE! It happened so much that as soon as you said that my first reaction was "Oh, let me try FireFox, I bet it doesn't work." And I am right once again! Looks like you're the one with all the FUD and consipracy theories. And NO, I do not have a subscription to digitimes if that's what you are thinking.
[/quote]
There must be something wrong with your setup, or you're simply out of luck.
I can open your link just fine in Firefox (both Firefox 3.0.10 and Firefox 3.6preAplha). I never had any of the problems you described using Firefox in the last 5 years.
#86
rasmasyean
- Senior Member
-
- Group: Members
- Posts: 704
- Joined: 31-October 08
Posted 04 May 2009 - 12:06 AM
I didn't do anything. All I did was install FireFox, no add-ons, no changes, nothing. Unless Mozilla likes to default their browser to "the wrong setup"...
That's even worse! lol! It's not like that site required some add-on / plugin that is missing.
That's even worse! lol! It's not like that site required some add-on / plugin that is missing.
#87
rasmasyean
- Senior Member
-
- Group: Members
- Posts: 704
- Joined: 31-October 08
Posted 04 May 2009 - 12:17 AM
You are right that it is "subjective" and maybe we did get carried away with it considering that Spam and PC count might not even have a relation as people can do spam from their own servers. But he's the one who's bringing up all this "PC count data" and making some deluded sense out of it so I just had to poke the holes...even though in the end, it probably doesn't prove anything related to the subject. :p
#88
WinTard
- Expert
-
- Group: Members
- Posts: 3,141
- Joined: 16-January 09
- Location:Look behind you...
Posted 04 May 2009 - 10:13 PM
Actually, perception becomes reality?
There is so much FUD and BS being spewed around, that one cannot believe everything they read, or hear...
Here are facts:
And let's not forget the Pwn2Own competition. It was Firefox 3.0 that got hacked first on the Mac OS X no less, and all the hackers said it was easy! Whereas hacking Windows was "very very hard".
Google: Results 1 - 10 of about 914,000 for pwn2own. (0.16 seconds)
TippingPoint | DVLabs | Pwn2Own 2009TippingPoint's Zero Day Initiative (ZDI) team is pleased to announce that we will once again be sponsoring this year's Pwn2Own contest for ...
dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 - 46k - Cached - Similar pages
TippingPoint | DVLabs | Pwn2Own 2009 Day 1 - Safari, Internet ...The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we ...
dvlabs.tippingpoint.com/.../pwn2own-2009-day-1---=safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits - 42k - Cached - Similar pages
More results from dvlabs.tippingpoint.com >
CanSecWest Applied Security Conference: Vancouver, British ...10 Feb 2009 ... But odds are if you do discover it in the book, it you probably won't be able to claim a PWN2OWN prize with it. It probably doesn't count as ...
cansecwest.com/ - 17k - Cached - Similar pages
Pwn2Own: What OS really won? | Zero Day | ZDNet.comThose takeaways appear to be the consensus view following the Pwn2Own contest ... Rest assured, if Pwn2Own ran another day Ubuntu would have stumbled too. ...
blogs.zdnet.com/security/?p=995 - 125k - Cached - Similar pages
Pwn2Own 2009: Safari/MacBook falls in seconds | Zero Day | ZDNet.comStaying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
blogs.zdnet.com/security/?p=2917 - 129k - Cached - Similar pages
More results from blogs.zdnet.com >
Browser security: Pwn2Own topples all but Chrome | csmonitor.comInnovation: The Christian Science Monitor's innovation section.
features.csmonitor.com/innovation/2009/03/24/browser-security-pwn2own-topples-all-but-chrome/ - 53k - Cached - Similar pages
The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 119 Mar 2009 ... One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their ...
www.engadget.com/2009/03/19/the-pwn2own-trifecta-safari-ie-8-and-firefox-exploited-on-day/ - 141k - Cached - Similar pages
Slashdot | First Pwn2Own 2009 Contest Winners Emerge19 Mar 2009 ... First Pwn2Own 2009 Contest Winners Emerge -- article related to Security.
it.slashdot.org/article.pl?sid=09/03/19/2110206&from=rss - 122k - Cached - Similar pages
AppleInsider | Pwn2Own contest winner: Macs are safer than Windows26 Mar 2009 ... Charlie Miller, the security expert who won both this and last year's CanSecWest Pwn2Own security contests by exploiting Macs running Safari ...
www.appleinsider.com/articles/09/03/26/pwn2owncontestwinnermacsaresaferthan_windows.html - 61k - Cached - Similar pages
Pwn2Own 2009: Mac falls in seconds | Technology | guardian.co.ukLast year, at least the Mac lasted a couple of minutes before it was hacked. This year, it lasted seconds?
www.guardian.co.uk/technology/blog/2009/mar/18/apple-pwned-again - 129k - Cached - Similar pages
Searches related to: pwn2own cansecwest pwn to own
March 23rd, 2009 Nils2Own: 'I want to see security flaws fixed'
Let?s go through your accomplishment here. On a scale of 1-10, how do you rate the difficulty of exploting these bugs. Start with Safari on Mac OS X?
For that bug, I?d rate it a 5. Not because Safari on Mac is a harder target but because of the kind of vulnerability. I can?t say much about it (because of an NDA signed with conference sponsors) but it was harder to find that bug on the Mac. Writing the exploit for Mac was the easy part.
Dino Dai Zovi] had a great quote during his talk [http://.pdf: ? Exploit writing on the Mac is fun. Exploit writing on Windows Vista is hard work. ? I totally agree with that.
Mac OS X Leopard did not implement randomization properly so it?s very easy to get your exploit to work. I?m looking forward to seeing what they Apple] do with Snow Leopard.
How about the Firefox on Windows exploit?
Let me correct something. It was a Firefox on Mac OS X vulnerability and exploit. The bug does affect Windows but, honestly, it?s way harder to get the code to run reliably on Windows. That?s the reason I did my Firefox attack on the Mac. I?m not allowed to talk about it but, for that bug, to get real exploitation on Windows is difficult because of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). On the Mac, I could trigger it and exploit it easily.
For that reason, I?d rate it a 3 in terms of difficulty. The vulnerability was nice. You get get a lot of control over what you can do and just execute your code. Just place the code in memory. You can spray it and it?ll be in a predictable area. On Mac OS X, there?s no ASLR or DEP, so you can just [snaps finger], execute it and it will work.
IE 8 on Windows 7?
I came here with that vulnerability. It?s another nice bug but it was really, really difficult to write the exploit because of those ASLR and DEP. I had to use some techniques around those mitigations and make a lot of preparation to make it a reliable exploit. It was very, very hard.
{Snipped}
Also look at: [Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts
In other words, do not use Administrator equivalent rights to surf a hostile environment such as the Internet.
People can easily do that by the Run As command, similar to su in Unix.
Searching the NVD for Internet Explorer returns:
Search Results (Refine Search)
There are 85 matching records. Displaying matches 1 through 20.
CVE-2009-0554
TA09-104ASummary: Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0551
TA09-104ASummary: Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0550
TA09-104ASummary: Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0305
VU#131100Summary: Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.
Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0076
TA09-041ASummary: Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0075
TA09-041ASummary: Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
Published: 02/10/2009
CVSS Severity: 8.5 (HIGH)
CVE-2009-0369
Summary: Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
Published: 01/30/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0341
Summary: The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
Published: 01/29/2009
CVSS Severity: 9.3 (HIGH)
CVE-2008-3358
Summary: Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
Published: 01/28/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5917
Summary: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Published: 01/21/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5912
Summary: An unspecified function in the Javascript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Published: 01/20/2009
CVSS Severity: 2.1 (LOW)
CVE-2009-0072
Summary: Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen attribute value in a BODY element.
Published: 01/08/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5750
Summary: Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
Published: 12/29/2008
CVSS Severity: 6.8 (MEDIUM)
CVE-2008-5556
Summary: DISPUTED The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5555
Summary: Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5554
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5553
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5552
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5551
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5548
Summary: VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Published: 12/12/2008
CVSS Severity: 9.3 (HIGH)
h4. Guess what? There are NONE for IE8 in 2009! (yet)
Searching the NVD for Firefox
Search Results (Refine Search)
There are 442 matching records. Displaying matches 1 through 20.
CVE-2009-1313
Summary: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Published: 04/30/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1312
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1311
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1310
Summary: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1309
Summary: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1308
Summary: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL Javascript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1307
Summary: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Published: 04/22/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1306
Summary: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1305
Summary: The Javascript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOPDEFVAR and properties that lack the JSPROPPERMANENT attribute.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1304
Summary: The Javascript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) jsFindPropertyHelper, related to the definitions of Math and Date; and (2) jsCheckRedeclaration.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1303
Summary: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1302
Summary: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xsltattributesetImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1232
Summary: The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.
Published: 04/02/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1169
Summary: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
Published: 03/27/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-1044
Summary: Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0733
Summary: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUTA2B and ReadLUTB2A functions.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0723
Summary: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0581
Summary: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Published: 03/23/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0821
Summary: Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
Published: 03/05/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-0777
Summary: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Published: 03/05/2009
CVSS Severity: 5.8 (MEDIUM)
And these are all for 2009!
Last, history demonstrates that Firefox is the most vulnerable application in all of 2008!
Google: Results 1 - 10 of about 9,800,000 for most vulnerable application 2008. (0.18 seconds)
http://www.dslreport...ication-in-2008
>
ZDNet also reports: Firefox tops list of 12 most vulnerable apps
Another good site to look at is: http://www.us-cert.gov/current/
Um, it appears to me at least the splash page at http://www.mozilla.c...firefox/ie.html
Using Internet Explorer
is So 2006
You deserve a better browser: Firefox is safer, faster
and easier to use than IE. Make the switch today!
Is pure BS as evidenced by reported facts... No wonder they patch so often! :(
That said, I still like and use Firefox carefully... And primarily onto non-Windows installations, like all Unix/Linux etc... And I like the Open-Source concept.
~~~~~~~~~~
The reverse side also has a reverse side.
{Japanese Proverb}
-----
>
There is so much FUD and BS being spewed around, that one cannot believe everything they read, or hear...
Here are facts:
And let's not forget the Pwn2Own competition. It was Firefox 3.0 that got hacked first on the Mac OS X no less, and all the hackers said it was easy! Whereas hacking Windows was "very very hard".
Google: Results 1 - 10 of about 914,000 for pwn2own. (0.16 seconds)
TippingPoint | DVLabs | Pwn2Own 2009TippingPoint's Zero Day Initiative (ZDI) team is pleased to announce that we will once again be sponsoring this year's Pwn2Own contest for ...
dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 - 46k - Cached - Similar pages
TippingPoint | DVLabs | Pwn2Own 2009 Day 1 - Safari, Internet ...The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we ...
dvlabs.tippingpoint.com/.../pwn2own-2009-day-1---=safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits - 42k - Cached - Similar pages
More results from dvlabs.tippingpoint.com >
CanSecWest Applied Security Conference: Vancouver, British ...10 Feb 2009 ... But odds are if you do discover it in the book, it you probably won't be able to claim a PWN2OWN prize with it. It probably doesn't count as ...
cansecwest.com/ - 17k - Cached - Similar pages
Pwn2Own: What OS really won? | Zero Day | ZDNet.comThose takeaways appear to be the consensus view following the Pwn2Own contest ... Rest assured, if Pwn2Own ran another day Ubuntu would have stumbled too. ...
blogs.zdnet.com/security/?p=995 - 125k - Cached - Similar pages
Pwn2Own 2009: Safari/MacBook falls in seconds | Zero Day | ZDNet.comStaying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
blogs.zdnet.com/security/?p=2917 - 129k - Cached - Similar pages
More results from blogs.zdnet.com >
Browser security: Pwn2Own topples all but Chrome | csmonitor.comInnovation: The Christian Science Monitor's innovation section.
features.csmonitor.com/innovation/2009/03/24/browser-security-pwn2own-topples-all-but-chrome/ - 53k - Cached - Similar pages
The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 119 Mar 2009 ... One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their ...
www.engadget.com/2009/03/19/the-pwn2own-trifecta-safari-ie-8-and-firefox-exploited-on-day/ - 141k - Cached - Similar pages
Slashdot | First Pwn2Own 2009 Contest Winners Emerge19 Mar 2009 ... First Pwn2Own 2009 Contest Winners Emerge -- article related to Security.
it.slashdot.org/article.pl?sid=09/03/19/2110206&from=rss - 122k - Cached - Similar pages
AppleInsider | Pwn2Own contest winner: Macs are safer than Windows26 Mar 2009 ... Charlie Miller, the security expert who won both this and last year's CanSecWest Pwn2Own security contests by exploiting Macs running Safari ...
www.appleinsider.com/articles/09/03/26/pwn2owncontestwinnermacsaresaferthan_windows.html - 61k - Cached - Similar pages
Pwn2Own 2009: Mac falls in seconds | Technology | guardian.co.ukLast year, at least the Mac lasted a couple of minutes before it was hacked. This year, it lasted seconds?
www.guardian.co.uk/technology/blog/2009/mar/18/apple-pwned-again - 129k - Cached - Similar pages
Searches related to: pwn2own cansecwest pwn to own
March 23rd, 2009 Nils2Own: 'I want to see security flaws fixed'
Let?s go through your accomplishment here. On a scale of 1-10, how do you rate the difficulty of exploting these bugs. Start with Safari on Mac OS X?
For that bug, I?d rate it a 5. Not because Safari on Mac is a harder target but because of the kind of vulnerability. I can?t say much about it (because of an NDA signed with conference sponsors) but it was harder to find that bug on the Mac. Writing the exploit for Mac was the easy part.
Dino Dai Zovi] had a great quote during his talk [http://.pdf: ? Exploit writing on the Mac is fun. Exploit writing on Windows Vista is hard work. ? I totally agree with that.
Mac OS X Leopard did not implement randomization properly so it?s very easy to get your exploit to work. I?m looking forward to seeing what they Apple] do with Snow Leopard.
How about the Firefox on Windows exploit?
Let me correct something. It was a Firefox on Mac OS X vulnerability and exploit. The bug does affect Windows but, honestly, it?s way harder to get the code to run reliably on Windows. That?s the reason I did my Firefox attack on the Mac. I?m not allowed to talk about it but, for that bug, to get real exploitation on Windows is difficult because of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). On the Mac, I could trigger it and exploit it easily.
For that reason, I?d rate it a 3 in terms of difficulty. The vulnerability was nice. You get get a lot of control over what you can do and just execute your code. Just place the code in memory. You can spray it and it?ll be in a predictable area. On Mac OS X, there?s no ASLR or DEP, so you can just [snaps finger], execute it and it will work.
IE 8 on Windows 7?
I came here with that vulnerability. It?s another nice bug but it was really, really difficult to write the exploit because of those ASLR and DEP. I had to use some techniques around those mitigations and make a lot of preparation to make it a reliable exploit. It was very, very hard.
{Snipped}
Also look at: [Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts
In other words, do not use Administrator equivalent rights to surf a hostile environment such as the Internet.
People can easily do that by the Run As command, similar to su in Unix.
Searching the NVD for Internet Explorer returns:
Search Results (Refine Search)
There are 85 matching records. Displaying matches 1 through 20.
CVE-2009-0554
TA09-104ASummary: Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0551
TA09-104ASummary: Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0550
TA09-104ASummary: Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
Published: 04/15/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0305
VU#131100Summary: Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.
Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0076
TA09-041ASummary: Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
Published: 02/10/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0075
TA09-041ASummary: Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
Published: 02/10/2009
CVSS Severity: 8.5 (HIGH)
CVE-2009-0369
Summary: Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
Published: 01/30/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0341
Summary: The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
Published: 01/29/2009
CVSS Severity: 9.3 (HIGH)
CVE-2008-3358
Summary: Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
Published: 01/28/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5917
Summary: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Published: 01/21/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5912
Summary: An unspecified function in the Javascript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Published: 01/20/2009
CVSS Severity: 2.1 (LOW)
CVE-2009-0072
Summary: Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen attribute value in a BODY element.
Published: 01/08/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5750
Summary: Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
Published: 12/29/2008
CVSS Severity: 6.8 (MEDIUM)
CVE-2008-5556
Summary: DISPUTED The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5555
Summary: Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5554
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5553
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5552
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5551
Summary: The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
Published: 12/12/2008
CVSS Severity: 4.3 (MEDIUM)
CVE-2008-5548
Summary: VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Published: 12/12/2008
CVSS Severity: 9.3 (HIGH)
h4. Guess what? There are NONE for IE8 in 2009! (yet)
Searching the NVD for Firefox
Search Results (Refine Search)
There are 442 matching records. Displaying matches 1 through 20.
CVE-2009-1313
Summary: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Published: 04/30/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1312
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1311
Summary: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1310
Summary: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1309
Summary: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1308
Summary: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL Javascript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1307
Summary: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Published: 04/22/2009
CVSS Severity: 6.8 (MEDIUM)
CVE-2009-1306
Summary: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Published: 04/22/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1305
Summary: The Javascript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOPDEFVAR and properties that lack the JSPROPPERMANENT attribute.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1304
Summary: The Javascript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) jsFindPropertyHelper, related to the definitions of Math and Date; and (2) jsCheckRedeclaration.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1303
Summary: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1302
Summary: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xsltattributesetImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Published: 04/22/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-1232
Summary: The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.
Published: 04/02/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-1169
Summary: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
Published: 03/27/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-1044
Summary: Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0733
Summary: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUTA2B and ReadLUTB2A functions.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0723
Summary: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Published: 03/23/2009
CVSS Severity: 9.3 (HIGH)
CVE-2009-0581
Summary: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Published: 03/23/2009
CVSS Severity: 4.3 (MEDIUM)
CVE-2009-0821
Summary: Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
Published: 03/05/2009
CVSS Severity: 5.0 (MEDIUM)
CVE-2009-0777
Summary: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Published: 03/05/2009
CVSS Severity: 5.8 (MEDIUM)
And these are all for 2009!
Last, history demonstrates that Firefox is the most vulnerable application in all of 2008!
Google: Results 1 - 10 of about 9,800,000 for most vulnerable application 2008. (0.18 seconds)
http://www.dslreport...ication-in-2008
>
ZDNet also reports: Firefox tops list of 12 most vulnerable apps
Another good site to look at is: http://www.us-cert.gov/current/
Um, it appears to me at least the splash page at http://www.mozilla.c...firefox/ie.html
Using Internet Explorer
is So 2006
You deserve a better browser: Firefox is safer, faster
and easier to use than IE. Make the switch today!
Is pure BS as evidenced by reported facts... No wonder they patch so often! :(
That said, I still like and use Firefox carefully... And primarily onto non-Windows installations, like all Unix/Linux etc... And I like the Open-Source concept.
~~~~~~~~~~
The reverse side also has a reverse side.
{Japanese Proverb}
-----
>
#89
yankeeDDL
- Advanced Member
-
- Group: Members
- Posts: 286
- Joined: 07-April 09
Posted 05 May 2009 - 12:51 AM
@WinTard,
it's always good to have a discussion based on data and you brought a lot to it. I do have some remarks though:
1) Regarding the discussion on S. Koree, China and what not: I mentioned that the conclusions based on that data was always going to be subjectiv: we cannot say how many PCs are legal, patched, how many use IE, FF, if those are patched ...
I only provided the snapshot to facilitate the discussion.
2) I do disagree in the connection tha a pirated Windows is less patched than the legal one because of WGA. There are plenty of anti-WGA kits online which bypass WGA easily and let you keep you PC up to date.
Of course, you can say that there is a higher chance than a pirated copy is not patched, compared to a legal copy, but what's the exact % is simply impossible to tell. I can tell you that there are also several fully legal Windows installation that are unpatched (perhaps because the connection to internet occurs via a dial-up instead of DSL).
3) PWN2OWN: I already sent you the link of the interview to the guy that broke FF in PWN2OWN. He explained that it took weeks of work to break a browser, so I would not say that FF (or IE) are "easily" hijacked.
4) You did not think my Zdnet link was relevant/objective. This study is a lot more comprehensive: www.infoworld.com/d/security-central/browser-security-wars-448
At one point the author says: <<Nearly all real-life exploits use Javascript to launch the executable.
It's easy to disable Javascript support in all the browsers, except for
Chrome, but doing so can also cause problems with a high percentage of
legitimate Web sites (throwing the baby out with the bathwater).
Disabling Javascript makes sense when an unpatched zero day is launched
and becomes super popular (it does happen occasionally). But most
serious zero day exploits are patched within a few days, so the days of
risk exposure are minimized>>
That's exactly what NoScript helps you doing.
5) We already discussed also about the "least priviledged account" solution and I think we already agreed that yes, it's a solution, but it is hardly ever implemented in Windows' systems. Besides, this is browser-independent.
6) The "Most vulnerable application in 2008" link was interesting. I would have been surprised that FF was the most vulnerable but what got me was that IE was not in the list. So I read further and found out that the list is based on applications that:
• *Relies on the end user, rather than a central IT administrator, to
manually patch or upgrade the software to eliminate the vulnerability,
if such a patch exists.*
• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.
Which means you'll never see IE on that list, by definition.
There is also this report (http://blogs.technet.com/security/attachment/2594822.ashx) which is a bit old though (2007) showing that early FF releases were more buggy than IE but from FF 2.0 they're about equivalent. Please notice that this also does not include the use of NoScript which prevents any Javascript related issue.
There are also other articles which show how the XSS protection in IE is much weaker than in FF.
I think we can go on for hours, realistically, I'd say that the two browsers are somewhat similar in terms of protection, if you don't take NoScript into account.
7) And last, while security is important, it's not the only feature. How easily a browser crashes, how much memory it uses, how responsive it is, how quickly it renders a page, how configurable it is ... In the end, a browser, like any other software, needs to meet your needs. I use FIreFox and it meets my needs thanks to some of the extensions and a good performance. If I could, I would change several things in FireFox: it's hardly a perfect browser, but for what I do with it, it's the best out there and by quite some margin.
it's always good to have a discussion based on data and you brought a lot to it. I do have some remarks though:
1) Regarding the discussion on S. Koree, China and what not: I mentioned that the conclusions based on that data was always going to be subjectiv: we cannot say how many PCs are legal, patched, how many use IE, FF, if those are patched ...
I only provided the snapshot to facilitate the discussion.
2) I do disagree in the connection tha a pirated Windows is less patched than the legal one because of WGA. There are plenty of anti-WGA kits online which bypass WGA easily and let you keep you PC up to date.
Of course, you can say that there is a higher chance than a pirated copy is not patched, compared to a legal copy, but what's the exact % is simply impossible to tell. I can tell you that there are also several fully legal Windows installation that are unpatched (perhaps because the connection to internet occurs via a dial-up instead of DSL).
3) PWN2OWN: I already sent you the link of the interview to the guy that broke FF in PWN2OWN. He explained that it took weeks of work to break a browser, so I would not say that FF (or IE) are "easily" hijacked.
4) You did not think my Zdnet link was relevant/objective. This study is a lot more comprehensive: www.infoworld.com/d/security-central/browser-security-wars-448
At one point the author says: <<Nearly all real-life exploits use Javascript to launch the executable.
It's easy to disable Javascript support in all the browsers, except for
Chrome, but doing so can also cause problems with a high percentage of
legitimate Web sites (throwing the baby out with the bathwater).
Disabling Javascript makes sense when an unpatched zero day is launched
and becomes super popular (it does happen occasionally). But most
serious zero day exploits are patched within a few days, so the days of
risk exposure are minimized>>
That's exactly what NoScript helps you doing.
5) We already discussed also about the "least priviledged account" solution and I think we already agreed that yes, it's a solution, but it is hardly ever implemented in Windows' systems. Besides, this is browser-independent.
6) The "Most vulnerable application in 2008" link was interesting. I would have been surprised that FF was the most vulnerable but what got me was that IE was not in the list. So I read further and found out that the list is based on applications that:
• *Relies on the end user, rather than a central IT administrator, to
manually patch or upgrade the software to eliminate the vulnerability,
if such a patch exists.*
• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.
Which means you'll never see IE on that list, by definition.
There is also this report (http://blogs.technet.com/security/attachment/2594822.ashx) which is a bit old though (2007) showing that early FF releases were more buggy than IE but from FF 2.0 they're about equivalent. Please notice that this also does not include the use of NoScript which prevents any Javascript related issue.
There are also other articles which show how the XSS protection in IE is much weaker than in FF.
I think we can go on for hours, realistically, I'd say that the two browsers are somewhat similar in terms of protection, if you don't take NoScript into account.
7) And last, while security is important, it's not the only feature. How easily a browser crashes, how much memory it uses, how responsive it is, how quickly it renders a page, how configurable it is ... In the end, a browser, like any other software, needs to meet your needs. I use FIreFox and it meets my needs thanks to some of the extensions and a good performance. If I could, I would change several things in FireFox: it's hardly a perfect browser, but for what I do with it, it's the best out there and by quite some margin.
#90
blottobot
- Member
-
- Group: Members
- Posts: 25
- Joined: 19-March 07
Posted 11 May 2009 - 11:14 AM
I am using Firefox 3.0.10 (haven't seen any official release for Firefox 3.5). Firefox is better than all others. Why? Because of Add-ons! Some of these actually fix limitations in Firefox, while others make Firefox the standout it is to so many of the previous posters. I have included below my list of add-ons, most of which I find very useful (others I still don't use). I'll spare you all a description of each.
Adblock Plus
Colorful Tabs
DownloadHelper
FEBE
FfChrome
Flashblock
GooglePreview
Hide Unvisited
IE Tab (I don't use it)
LongURL Mobile Expander
MultirowBookmarksToolbar
No-Referer
OpenBook
PhProxy - InBasic (I don't use it)
PlainOldFavorites
Redirect Remover
Search Cloudlet
Smart Bookmarks Bar
Tab Mix Plus (probably my favorite add-on)
Unsorted Bookmarks Folder Menu
Can you do any of this with IE? I can even access my IE favorites (always up to date) from a Favorites menu in Firefox. I hate gestures and anything to do with them. I have a hard enough time remembering "Ctrl-Alt-Shift A" for opening Internet, Firefox, and GetRight at once (I use an app called Keyboard Shortcuts). If you like remembering all that crap then have fun with your accelerators. I don't know if this is just me, but I noticed once I installed IE8 that every time I opened IE8, it would take a few seconds longer than IE7 and load a static page from the harddrive. I also noticed Windows Explorer took a few seconds longer to open each time, as well. Maybe a bad install (this was the "final" release, not a beta)? I also couldn't close the last tab. I had to close IE to do that, but then how to I delete all history if the page is still loaded in IE when I do this? Maybe it deletes fine, but I feel better with Firefox. IE8's only real benefit is the ability to put an icon on the toolbar for emptying the cache, etc. But then, Firefox is set up to automatically popup a dialog when I close it which gives me the option to delete all history by clicking "Clear Private Data Now" or "Cancel" to leave it there. One click, not two or three. Firefox takes a few seconds to load, as well, but it doesn't affect Windows Explorer or other apps that use Explorer. Firefox for me is just more versatile and user-friendly (sorry I used that term) and will probably be so for anyone who takes the time to install the many add-ons they find useful. I also don't think the one second faster page load of IE8 (from a previous article) constitutes a better browser. I use dial-up and see no usefulness in such knit-picking from broadband users. Oh, one more thing. Firefox loads pages fully, IE stalls at the five-minute mark. Yes, I still visit sites that can take longer than five minutes to load.
By the way, could we please refrain in the future from copy-paste of every post when responding? This thread is looking like a Congressional Bill with Amendments attached. Oh, and here's an idea, try to stay on topic. ALSO, what is up with the new post method? It took forever to load. Thank you and good day.
Adblock Plus
Colorful Tabs
DownloadHelper
FEBE
FfChrome
Flashblock
GooglePreview
Hide Unvisited
IE Tab (I don't use it)
LongURL Mobile Expander
MultirowBookmarksToolbar
No-Referer
OpenBook
PhProxy - InBasic (I don't use it)
PlainOldFavorites
Redirect Remover
Search Cloudlet
Smart Bookmarks Bar
Tab Mix Plus (probably my favorite add-on)
Unsorted Bookmarks Folder Menu
Can you do any of this with IE? I can even access my IE favorites (always up to date) from a Favorites menu in Firefox. I hate gestures and anything to do with them. I have a hard enough time remembering "Ctrl-Alt-Shift A" for opening Internet, Firefox, and GetRight at once (I use an app called Keyboard Shortcuts). If you like remembering all that crap then have fun with your accelerators. I don't know if this is just me, but I noticed once I installed IE8 that every time I opened IE8, it would take a few seconds longer than IE7 and load a static page from the harddrive. I also noticed Windows Explorer took a few seconds longer to open each time, as well. Maybe a bad install (this was the "final" release, not a beta)? I also couldn't close the last tab. I had to close IE to do that, but then how to I delete all history if the page is still loaded in IE when I do this? Maybe it deletes fine, but I feel better with Firefox. IE8's only real benefit is the ability to put an icon on the toolbar for emptying the cache, etc. But then, Firefox is set up to automatically popup a dialog when I close it which gives me the option to delete all history by clicking "Clear Private Data Now" or "Cancel" to leave it there. One click, not two or three. Firefox takes a few seconds to load, as well, but it doesn't affect Windows Explorer or other apps that use Explorer. Firefox for me is just more versatile and user-friendly (sorry I used that term) and will probably be so for anyone who takes the time to install the many add-ons they find useful. I also don't think the one second faster page load of IE8 (from a previous article) constitutes a better browser. I use dial-up and see no usefulness in such knit-picking from broadband users. Oh, one more thing. Firefox loads pages fully, IE stalls at the five-minute mark. Yes, I still visit sites that can take longer than five minutes to load.
By the way, could we please refrain in the future from copy-paste of every post when responding? This thread is looking like a Congressional Bill with Amendments attached. Oh, and here's an idea, try to stay on topic. ALSO, what is up with the new post method? It took forever to load. Thank you and good day.
#91
Jarhead1407
- Newbie
-
- Group: Members
- Posts: 1
- Joined: 30-June 09
Posted 30 June 2009 - 12:02 PM
IE8's features destroys Firefox, and when talking security, every moron here is comparing the latest Firefox to an older version of IE. IE8 has better protection than Firefox.
Go here - http://www.microsoft...comparison.aspx
Go here - http://www.microsoft...comparison.aspx
#92
TechieXP
- Expert
-
- Group: Members
- Posts: 2,260
- Joined: 29-October 08
- Location:Chicago / Sarasota
Posted 01 July 2009 - 06:58 AM
I look at that list too. However I prefer to go to a source that didn't make the product.
One of teh things I want to hit on is.
May firefox brag about 2 things ff does that ie doesn't. They first talk about the No Script addon. IE doesn't need it bec it is built in which is how it should be. If a 3rd party makes using a software better than the original developer..then I question the developer. Something similar to No Script should have been wriiten into FF by the maker of FF.
Plugins...such a waste of time. The only thing that ff does that I like is allows for themeing the look of the browser. Th erest is simply boring. if ff had what it should have you wouldn't need plugins. I agree with MSFT on that one. A bunch of plugins to give you features ie either already had...or you simply don't need. plugins dont make a browser better. its simply different.
Lastly...speed. A fact...a broswer will only be as fast as the data being request can be sent back to it. The difference in IE and FF is FF will start to immediate show the data that it is receiving based on incoming packets...while IE will wait until it receives so much data and then show you the pages. But what good is FF or pothers being faster when most of teh data os missing or not rendered properly? Unless you visit a site frequently you wont know if sta is missing. I notice bec sometimes I run IE and FF siste by side an load pages. FF always has data missing or loaded improperly.
I dont use IE bec I like it...I use it bec it works.
One of teh things I want to hit on is.
May firefox brag about 2 things ff does that ie doesn't. They first talk about the No Script addon. IE doesn't need it bec it is built in which is how it should be. If a 3rd party makes using a software better than the original developer..then I question the developer. Something similar to No Script should have been wriiten into FF by the maker of FF.
Plugins...such a waste of time. The only thing that ff does that I like is allows for themeing the look of the browser. Th erest is simply boring. if ff had what it should have you wouldn't need plugins. I agree with MSFT on that one. A bunch of plugins to give you features ie either already had...or you simply don't need. plugins dont make a browser better. its simply different.
Lastly...speed. A fact...a broswer will only be as fast as the data being request can be sent back to it. The difference in IE and FF is FF will start to immediate show the data that it is receiving based on incoming packets...while IE will wait until it receives so much data and then show you the pages. But what good is FF or pothers being faster when most of teh data os missing or not rendered properly? Unless you visit a site frequently you wont know if sta is missing. I notice bec sometimes I run IE and FF siste by side an load pages. FF always has data missing or loaded improperly.
I dont use IE bec I like it...I use it bec it works.
#93
browntheodore
- Member
-
- Group: Members
- Posts: 27
- Joined: 30-September 07
Posted 01 July 2009 - 07:47 AM
@TechieXP
This is ridiculous. Plugins a waste of time? If everything was built in, the browser would be a bloated mess of features that most people wouldn't use. With plugins, everyone can build their own perfect browser. Also, don't forget that Firefox already comes with many more features than IE - like geolocation, a download manager, tear off tabs, open video support, spell checking (something you have to add to IE with a plugin, by the way), and much much more.
About speed... This thing about Firefox being faster only because it loads stuff as it comes in is also ridiculous. Firefox 3.5 beats IE8 by a wide margin in every speed test, including page load times (the time it takes to load EVERYTHIN), Javascript performance, etc.
This is ridiculous. Plugins a waste of time? If everything was built in, the browser would be a bloated mess of features that most people wouldn't use. With plugins, everyone can build their own perfect browser. Also, don't forget that Firefox already comes with many more features than IE - like geolocation, a download manager, tear off tabs, open video support, spell checking (something you have to add to IE with a plugin, by the way), and much much more.
About speed... This thing about Firefox being faster only because it loads stuff as it comes in is also ridiculous. Firefox 3.5 beats IE8 by a wide margin in every speed test, including page load times (the time it takes to load EVERYTHIN), Javascript performance, etc.
#94
rasmasyean
- Senior Member
-
- Group: Members
- Posts: 704
- Joined: 31-October 08
Posted 01 July 2009 - 04:16 PM
So even if what you say is correct and a FF browser page loads 1 second faster than an IE page, and you spend 2 minutes on that page...how does that make the FF browser "significantly faster"? When you have the REAL performance increase of 0.1%, it doesn't make any difference!
#95
Mattus
- Newbie
-
- Group: Members
- Posts: 3
- Joined: 30-April 09
Posted 01 July 2009 - 04:57 PM
My, my - there's a lot of absolute rubbish being spoken here.
TechieXP - do you really think that 20% of the market would use Firefox if it displayed pages with pieces missing? That's a laughable accusation. You'll have to provide an example page where I can see this phenomenon. Almost all pages look just the same in IE and Firefox. The only reason they might look different is because a minority of pages are designed around rendering flaws in previous versions of IE. There's no reason a modern website should look any different in IE8 and FF3.5.
Also, you say that IE has a feature built in which is equivalent to NoScript. I don't know where you got this from, but it's simply not true
Furthermore, your attitude to plugins is ridiculous. There are plugins like AdBlock, NoScript, better download managers, bookmarks synchronisation, which almost everybody can benefit from. None of these features are integrated into IE, and nor should they be. There's no point bloating out a browser with lots of features, each of which is only used by a minority, when people could just add the features they needed through plugins. And also: even IE has add-ons. Ever heard of IEPro?
_
Jarhead1407, you might want to know that half the tech sites on the web are in hysterics about that ridiculous chart on microsoft.com. If you were looking to buy a car, would you go by what the Ford website told you was best? I thought not.
The one area in which IE leads is security, because IE runs in a low-privileges mode under Vista. The rest of those claims are complete rubbish:
* Both Chrome and Firefox have private browsing
* IE's standards support is laughable. IE8 is much better than previous versions, but it still lags well behind. On the Acid3 test, a test of web standards compliance, Chrome scores 100/100, Firefox scores 93 and IE8 scores... 20.
* "The customizations you'd want to download for Firefox are already a part of Internet Explorer 8"? Haha. Maybe I missed how IE8 allows me to queue multiple files for download, synchronise my bookmarks across multiple PCs, block ads, change themes, control iTunes from my browser and download YouTube videos. Or maybe Microsoft made that claim up.
* And if Microsoft think that performance is a tie, they ought to try visiting Javascript-intensive sites like GMail or Digg, rather than Yahoo and MSN.com.
People really need to think about things themselves instead of believing what they're told.
TechieXP - do you really think that 20% of the market would use Firefox if it displayed pages with pieces missing? That's a laughable accusation. You'll have to provide an example page where I can see this phenomenon. Almost all pages look just the same in IE and Firefox. The only reason they might look different is because a minority of pages are designed around rendering flaws in previous versions of IE. There's no reason a modern website should look any different in IE8 and FF3.5.
Also, you say that IE has a feature built in which is equivalent to NoScript. I don't know where you got this from, but it's simply not true
Furthermore, your attitude to plugins is ridiculous. There are plugins like AdBlock, NoScript, better download managers, bookmarks synchronisation, which almost everybody can benefit from. None of these features are integrated into IE, and nor should they be. There's no point bloating out a browser with lots of features, each of which is only used by a minority, when people could just add the features they needed through plugins. And also: even IE has add-ons. Ever heard of IEPro?
_
Jarhead1407, you might want to know that half the tech sites on the web are in hysterics about that ridiculous chart on microsoft.com. If you were looking to buy a car, would you go by what the Ford website told you was best? I thought not.
The one area in which IE leads is security, because IE runs in a low-privileges mode under Vista. The rest of those claims are complete rubbish:
* Both Chrome and Firefox have private browsing
* IE's standards support is laughable. IE8 is much better than previous versions, but it still lags well behind. On the Acid3 test, a test of web standards compliance, Chrome scores 100/100, Firefox scores 93 and IE8 scores... 20.
* "The customizations you'd want to download for Firefox are already a part of Internet Explorer 8"? Haha. Maybe I missed how IE8 allows me to queue multiple files for download, synchronise my bookmarks across multiple PCs, block ads, change themes, control iTunes from my browser and download YouTube videos. Or maybe Microsoft made that claim up.
* And if Microsoft think that performance is a tie, they ought to try visiting Javascript-intensive sites like GMail or Digg, rather than Yahoo and MSN.com.
People really need to think about things themselves instead of believing what they're told.
#96
TechieXP
- Expert
-
- Group: Members
- Posts: 2,260
- Joined: 29-October 08
- Location:Chicago / Sarasota
Posted 02 July 2009 - 08:42 AM
I don't know how many people use FF and I didn't say how many from what I remember.
As far as no script...what that plugin does is already built into IE8.
Plugins for blocking ads are already built into IE.
I am not against plugins...IE has them too. What I said specifically was...if a 3rd party has to create plugins for features that should already be built into the browser...i question the devloper of the browser.
The question about what pages break...doesn't atter what technolgy is breaking.
IE is teh ost popular browsers and since there were no others it is obvious that oages were programmed to work with IE. That is a given. I am not speaking of those. However I am all for these new browsers provinding us with new technologoes...but ot at teh expense of now working with existing ones.
I do web design so I speak from experience. When I make a page I use standard W3C. THis will insure ALL my work can be viewed using any browser. However even some of that has to be altered to make them work. I know bec I use Dreamweaver and it uses W3C as a standard. When you add siply media playback coding...IE is the only browser that works with teh standard code. The other browsers will not work with it...Dreamwaver CS4 includes additional tools to help code so other browsers can read the same stuff. Example...The generic code for loading flash meadia has been altered for several reasons...first was to make it more seure and second to make it load for all browsers...the old flash code simply does not work in FF or Safari properly...FF won't eve load it...and Safari will load it but not properly. Example...the code insures that flash meaid plays once it is loaded...Safari wouldn't start the flash playback unless u right clicked on the move and chose play. That code had to be altered to that playback would happen as the coder set it to work.
Playing MP3's are standard...however playing WM or QT is not. MSFT has a code that embeds Windows Media playback inside the browser..even if you don't have any media layer installed at all. That plugin fails with ALL broswers other than IE. Why? They could have also coded their browser to work the same way. They chose not too. That means they are no more adaptive to standard then MSFT is.
But you all see it oneway. I too agree MSFT needs to b more compliant..but compliant to what? A bunch of new standards that have yet to be proven ready for mass usages? HTML5 and CSS3 are still in developement...while previos standards are already stable and established and IE is compatible with them. CSS2.1 is the most widely used CSS standard right now...and IE is compliant 100% just liek everyone else...however I also creat sites using Joomla and I add my own coding and I also use templates. Where IE displays thinsg like Expose', and drop downs perfectly...FF breaks them and so do others.
In fact for one site that I did...I use a Joomla template....I had to rewrite 5 of the 10 seatcions in the CSS to ake it work properly in FF and Chrome. I fact not only did I have to rewrite the coding...I had to also do the following. I had to add code and create several separate CSS foles for each browser. I have a IE.css..FF.CSS and ChR.css files that all contain exceptions when loading the page so that they would load properly. And it still isn't perfect. I am still having issues with drop down in FF. The code I added was simply...it allows be to create other types of drop down boxes. There is a builtin feature that works...but my code offers for something more. Incluing allowing a shopper to search for another item dynamically without leaving the present product page.
I reality FF is not better than IE...they do a few things better by capitalizing on things others missed. That is called innovations.
I too agree with u on if you go to a site of the creator of a product they are going to make sure their product is shown to be better. But they also have to be factual. Which means the info at MSFT site about IE vs other browsers would have to be true. Whether you or I like it or not. You can't discredit a FACT no matter who it is coming from. Even if it is the Joker. A fact is what it is...MSFT on there site made a lost based on knwoing the technology from having experience and in-depth knowledge. If you feel its hogwash...let e ask...can you deveope a browser? I certaibly can't but I do code for them.
From by persective...IE is eastier to code for bec the tools to do so have been established based on the fact IE was the only browser. New browser should bring new tools but also make use of the old. They simply don't and thus I don't like them. I use FF bec I am forced to...On my computer that I use at hoe....I run navtively IIS and Apache Webservers....before creating a web site I test teh code on the same setups as well hosts. I have CPanel and other software used by them as well.
Sires like MySpace and Facebook are becoming more prevalent. Cosing them to work cross-platform is a nightmare. When it was just IE it was simply. Cross-platform does crete fair competition but it also comes at a cost. The cost of a lot of imcompatibility bec developement tools have to be updated to work with the new guys. Until you do soe coding, you will have no idea what goes into it.
Bec you are seeing the finish product in your favorite browser...doesn't count for ht pain and suffering it takes to get it that way. And until you dela with it that way you have no idea what problems are there.
One thing in plugins. In the days of Netscape vs IE...Netscape was faster than IE bec it didn't have the bultin features to hand media like IE did. By the time you installed all of them which too time to browse for on a 14/4 or 28.8 dialup connection it was a pain. Thank god we have high-speed internet which makes it no huge deal today. But it was back then. You go and try to download a 10MB fil on 28.8 and see how much hunting was a pin. IE for free whih had almost everything was better than Netscape which has a cost that didn't include nothing. That is why IE was better and killed netscape. People new to web browsers didn't undretsnad plugins...why should I have to do the work. Its YOUR PRODUCT. This is why companies with money tend to have better products. MSFT really isn't giving IE away..tey make you pay for it in the cost of other products. FF and Chrome and Safari and Opera, certainly don't have the money MSFT has. They simply force MSFT to sped soe of it to have things they should have had long ago. I give them that...but they are not better at teh game...theysimply did a few things better. But that doesn't make them the best. How can they be. A company witj 20 years of expereonce isn't just going to be beaten over night at their own game. In teh game where MSFT spends the most money no one ca touch them...when MSFT spend the least money is where they simply compete but not in a strong offering. To simply beat IE you need to have a big gun. When it comes to use at home...MSFT is surely lsoing its lead..but not where MSFT has its strongest foot. Just remember the applications from them we use at hoe were originally designed for business. IE on the enterprise has advantages no one can touch..not even FF and Chrome and Opera and Safari. That is 70% of MSFT money....business are still saying...IE is still the safest browser to use in business bec they can alter how the browser works to insure safty...beyind what any of us can do at home.
However no matter how safe a car is, if you put an idiot behind the wheel...it doesn't mean much....now does it? All of these new guys are new behind teh wheel and they ahve a lot to learn. The work has been cut out for them already by MSFT. All they have to do innovate new ideas. And they have...but until everyine accepts them then they are not a standard...and just bec SFT hasn't jumped on new bandwgons doesn't men they will. They will when it matters. Mmarketshare of IE is probably not that big of a hitter. As long as businesses kepp using Windows...they will use IE. For us as consumers, MSFT simply upped the anty bec they wnat to remain ahead.
As far as no script...what that plugin does is already built into IE8.
Plugins for blocking ads are already built into IE.
I am not against plugins...IE has them too. What I said specifically was...if a 3rd party has to create plugins for features that should already be built into the browser...i question the devloper of the browser.
The question about what pages break...doesn't atter what technolgy is breaking.
IE is teh ost popular browsers and since there were no others it is obvious that oages were programmed to work with IE. That is a given. I am not speaking of those. However I am all for these new browsers provinding us with new technologoes...but ot at teh expense of now working with existing ones.
I do web design so I speak from experience. When I make a page I use standard W3C. THis will insure ALL my work can be viewed using any browser. However even some of that has to be altered to make them work. I know bec I use Dreamweaver and it uses W3C as a standard. When you add siply media playback coding...IE is the only browser that works with teh standard code. The other browsers will not work with it...Dreamwaver CS4 includes additional tools to help code so other browsers can read the same stuff. Example...The generic code for loading flash meadia has been altered for several reasons...first was to make it more seure and second to make it load for all browsers...the old flash code simply does not work in FF or Safari properly...FF won't eve load it...and Safari will load it but not properly. Example...the code insures that flash meaid plays once it is loaded...Safari wouldn't start the flash playback unless u right clicked on the move and chose play. That code had to be altered to that playback would happen as the coder set it to work.
Playing MP3's are standard...however playing WM or QT is not. MSFT has a code that embeds Windows Media playback inside the browser..even if you don't have any media layer installed at all. That plugin fails with ALL broswers other than IE. Why? They could have also coded their browser to work the same way. They chose not too. That means they are no more adaptive to standard then MSFT is.
But you all see it oneway. I too agree MSFT needs to b more compliant..but compliant to what? A bunch of new standards that have yet to be proven ready for mass usages? HTML5 and CSS3 are still in developement...while previos standards are already stable and established and IE is compatible with them. CSS2.1 is the most widely used CSS standard right now...and IE is compliant 100% just liek everyone else...however I also creat sites using Joomla and I add my own coding and I also use templates. Where IE displays thinsg like Expose', and drop downs perfectly...FF breaks them and so do others.
In fact for one site that I did...I use a Joomla template....I had to rewrite 5 of the 10 seatcions in the CSS to ake it work properly in FF and Chrome. I fact not only did I have to rewrite the coding...I had to also do the following. I had to add code and create several separate CSS foles for each browser. I have a IE.css..FF.CSS and ChR.css files that all contain exceptions when loading the page so that they would load properly. And it still isn't perfect. I am still having issues with drop down in FF. The code I added was simply...it allows be to create other types of drop down boxes. There is a builtin feature that works...but my code offers for something more. Incluing allowing a shopper to search for another item dynamically without leaving the present product page.
I reality FF is not better than IE...they do a few things better by capitalizing on things others missed. That is called innovations.
I too agree with u on if you go to a site of the creator of a product they are going to make sure their product is shown to be better. But they also have to be factual. Which means the info at MSFT site about IE vs other browsers would have to be true. Whether you or I like it or not. You can't discredit a FACT no matter who it is coming from. Even if it is the Joker. A fact is what it is...MSFT on there site made a lost based on knwoing the technology from having experience and in-depth knowledge. If you feel its hogwash...let e ask...can you deveope a browser? I certaibly can't but I do code for them.
From by persective...IE is eastier to code for bec the tools to do so have been established based on the fact IE was the only browser. New browser should bring new tools but also make use of the old. They simply don't and thus I don't like them. I use FF bec I am forced to...On my computer that I use at hoe....I run navtively IIS and Apache Webservers....before creating a web site I test teh code on the same setups as well hosts. I have CPanel and other software used by them as well.
Sires like MySpace and Facebook are becoming more prevalent. Cosing them to work cross-platform is a nightmare. When it was just IE it was simply. Cross-platform does crete fair competition but it also comes at a cost. The cost of a lot of imcompatibility bec developement tools have to be updated to work with the new guys. Until you do soe coding, you will have no idea what goes into it.
Bec you are seeing the finish product in your favorite browser...doesn't count for ht pain and suffering it takes to get it that way. And until you dela with it that way you have no idea what problems are there.
One thing in plugins. In the days of Netscape vs IE...Netscape was faster than IE bec it didn't have the bultin features to hand media like IE did. By the time you installed all of them which too time to browse for on a 14/4 or 28.8 dialup connection it was a pain. Thank god we have high-speed internet which makes it no huge deal today. But it was back then. You go and try to download a 10MB fil on 28.8 and see how much hunting was a pin. IE for free whih had almost everything was better than Netscape which has a cost that didn't include nothing. That is why IE was better and killed netscape. People new to web browsers didn't undretsnad plugins...why should I have to do the work. Its YOUR PRODUCT. This is why companies with money tend to have better products. MSFT really isn't giving IE away..tey make you pay for it in the cost of other products. FF and Chrome and Safari and Opera, certainly don't have the money MSFT has. They simply force MSFT to sped soe of it to have things they should have had long ago. I give them that...but they are not better at teh game...theysimply did a few things better. But that doesn't make them the best. How can they be. A company witj 20 years of expereonce isn't just going to be beaten over night at their own game. In teh game where MSFT spends the most money no one ca touch them...when MSFT spend the least money is where they simply compete but not in a strong offering. To simply beat IE you need to have a big gun. When it comes to use at home...MSFT is surely lsoing its lead..but not where MSFT has its strongest foot. Just remember the applications from them we use at hoe were originally designed for business. IE on the enterprise has advantages no one can touch..not even FF and Chrome and Opera and Safari. That is 70% of MSFT money....business are still saying...IE is still the safest browser to use in business bec they can alter how the browser works to insure safty...beyind what any of us can do at home.
However no matter how safe a car is, if you put an idiot behind the wheel...it doesn't mean much....now does it? All of these new guys are new behind teh wheel and they ahve a lot to learn. The work has been cut out for them already by MSFT. All they have to do innovate new ideas. And they have...but until everyine accepts them then they are not a standard...and just bec SFT hasn't jumped on new bandwgons doesn't men they will. They will when it matters. Mmarketshare of IE is probably not that big of a hitter. As long as businesses kepp using Windows...they will use IE. For us as consumers, MSFT simply upped the anty bec they wnat to remain ahead.
#97
TechieXP
- Expert
-
- Group: Members
- Posts: 2,260
- Joined: 29-October 08
- Location:Chicago / Sarasota
Posted 02 July 2009 - 08:48 AM
And also...ur just parrotting what others are saying with getting hard facts...maybe you should follow your own advice.
Acid3 means nothing...it is a new standard that was relased in 2008. However it has not be adopted by all as a complete standard for the web...Neither is CSS3 or HTML5.
CSS2.1 is accepted...Acid2 is accepted and HTML4 is accepted and IE is compatible with these. You want IE to be online bec everyone else is jumping on new bandwagons that aren't even excepted standards yet? Why?
Acid3 means nothing...it is a new standard that was relased in 2008. However it has not be adopted by all as a complete standard for the web...Neither is CSS3 or HTML5.
CSS2.1 is accepted...Acid2 is accepted and HTML4 is accepted and IE is compatible with these. You want IE to be online bec everyone else is jumping on new bandwagons that aren't even excepted standards yet? Why?
#98
TechieXP
- Expert
-
- Group: Members
- Posts: 2,260
- Joined: 29-October 08
- Location:Chicago / Sarasota
Posted 02 July 2009 - 08:53 AM
Also in Acid3...I did 3 websites using Magento which uses Acid3. They work just fine in IE.
If IE didn't have some complance they woudn't work at all.
However MSFt said they will work on that when it needs too.
These new guys simply jumped on a new standard before it has been proven ot develpers have really learned to use properly.
ITS NEW. Why should MSFT rush to be complant to a technology that isn't even a standard for everyday usages?
You'd be stupid to do so...its like using a beta software for everyday usage.
If IE didn't have some complance they woudn't work at all.
However MSFt said they will work on that when it needs too.
These new guys simply jumped on a new standard before it has been proven ot develpers have really learned to use properly.
ITS NEW. Why should MSFT rush to be complant to a technology that isn't even a standard for everyday usages?
You'd be stupid to do so...its like using a beta software for everyday usage.
#99
Mattus
- Newbie
-
- Group: Members
- Posts: 3
- Joined: 30-April 09
Posted 02 July 2009 - 07:23 PM
Okay - where to start?
Firstly, Acid3 and emerging standards. I agree with you that Acid3 tests bleeding-edge standards that aren't frequently used. This is the point. These features can't be used in real websites until the popular browsers support them. Since IE has at least 70% of the browser market, the standards it supports have a massive influence upon how the web is coded. By refusing to implement new standards such as the <audio> and <video> tags and SVG, which all of the alternative browsers support, Microsoft are thus holding back progress on the web. And then they have the temerity to trumpet good CSS2.1 compliance as an achievement. CSS2.1 is a revision of the CSS2 standard - a standard which first became a recommendation eleven years ago, in 1998. That IE is only now achieving good CSS2 compliance when all the other browsers have been passing tests like Acid2 for ages is not really something to shout about.
Standards compliance is not just about the present, but also the future.
Regarding Windows Media Player playback - I would imagine your implementation only works in IE because it depends on an ActiveX control, and only IE supports ActiveX. (Good thing too, since it's a big security hole!) This is not following standards - it's trying to control the web using proprietary technology which is not shared with any other browser. This attitude goes against the ethos promoted by bodies like the W3C who aim to improve the web through open standards. Don't kid yourself into thinking that MS is leading the way here.
Secondly, you claim that IE8 natively supports the features which Adblock and Noscript add to Firefox. IE8 can prevent cross-site scripting attacks, but it has no way of allowing you to whitelist scripts on a per-page basis, which is what NoScript does. Similarly, IE can feasibly block ads using InPrivate Filtering, but it offers no simple way of automatically updating ad blacklists and creating your own filtering rules is a little tedious. It's a good step forward for IE but it can't compare to the dedicated plugins.
Thirdly, whilst I'm not a web developer by profession, I'm a reasonably good part-time web dev who has spent plenty of time getting to know XHTML and CSS. I know first-hand that achieving cross-browser compatibility can be an infuriating process! Generally, Firefox, Chrome and Opera will render a page just about the same, and it'll be IE that requires modifications. I must admit that IE8 has made this much less of an issue, as it generally displays sites much more similarly to the other browsers. Only thing is that 15% of the web is still on IE6, and coding for it is a massive pain due to its outdated CSS support. Can't really put that one at Microsoft's door, though - not their fault if people are running an eight-year-old version of their browser.
Fourthly, IE killing Netscape had a little to do with it being better and a whole lot to do with it shipping with Windows. Most people aren't motivated to change from the default.
Fifthly, Microsoft certainly can be beaten. On the desktop they make very good operating systems, but on the internet they are vulnerable. In 1996, a couple of university students decided to make a search engine as a research project. The rest is history, and Microsoft has been floundering to keep up with Google's innovation on the web ever since. Which do people use - Gmail, or Hotmail? Google search, or Bing? Google Earth, or Virtual Earth? Now it's Google Chrome that's making waves, not IE8.
MS doesn't have a good track record competing in the online arena against more light-footed organisations with a more progressive ethos.
Finally, that ludicrous chart on MS.com is a long, long way from 'factual'. You don't have to have coded your own browser to see that. It is quite simply propaganda.
* "InPrivate Browsing and InPrivate Filtering help Internet Explorer 8 claim privacy victory"? That is not a fact. It is an assertion with no evidence to back it up. It doesn't mention the privacy features of other browsers and why they are inferior to IE's.
* "Features like Accelerators, Web Slices and Visual Search Suggestions make Internet Explorer 8 easiest to use"? That is not a fact either. It's just name-dropping features of IE and completely ignoring features of competing browsers.
* "Internet Explorer 8 is more compatible with more sites on the Internet than any other browser."? Again, that is not a fact until it's supported by hard evidence, is it?
* "many of the customizations you'd want to download for Firefox are already a part of Internet Explorer 8 – right out of the box"? That is not a fact. It is a presumption.
Firstly, Acid3 and emerging standards. I agree with you that Acid3 tests bleeding-edge standards that aren't frequently used. This is the point. These features can't be used in real websites until the popular browsers support them. Since IE has at least 70% of the browser market, the standards it supports have a massive influence upon how the web is coded. By refusing to implement new standards such as the <audio> and <video> tags and SVG, which all of the alternative browsers support, Microsoft are thus holding back progress on the web. And then they have the temerity to trumpet good CSS2.1 compliance as an achievement. CSS2.1 is a revision of the CSS2 standard - a standard which first became a recommendation eleven years ago, in 1998. That IE is only now achieving good CSS2 compliance when all the other browsers have been passing tests like Acid2 for ages is not really something to shout about.
Standards compliance is not just about the present, but also the future.
Regarding Windows Media Player playback - I would imagine your implementation only works in IE because it depends on an ActiveX control, and only IE supports ActiveX. (Good thing too, since it's a big security hole!) This is not following standards - it's trying to control the web using proprietary technology which is not shared with any other browser. This attitude goes against the ethos promoted by bodies like the W3C who aim to improve the web through open standards. Don't kid yourself into thinking that MS is leading the way here.
Secondly, you claim that IE8 natively supports the features which Adblock and Noscript add to Firefox. IE8 can prevent cross-site scripting attacks, but it has no way of allowing you to whitelist scripts on a per-page basis, which is what NoScript does. Similarly, IE can feasibly block ads using InPrivate Filtering, but it offers no simple way of automatically updating ad blacklists and creating your own filtering rules is a little tedious. It's a good step forward for IE but it can't compare to the dedicated plugins.
Thirdly, whilst I'm not a web developer by profession, I'm a reasonably good part-time web dev who has spent plenty of time getting to know XHTML and CSS. I know first-hand that achieving cross-browser compatibility can be an infuriating process! Generally, Firefox, Chrome and Opera will render a page just about the same, and it'll be IE that requires modifications. I must admit that IE8 has made this much less of an issue, as it generally displays sites much more similarly to the other browsers. Only thing is that 15% of the web is still on IE6, and coding for it is a massive pain due to its outdated CSS support. Can't really put that one at Microsoft's door, though - not their fault if people are running an eight-year-old version of their browser.
Fourthly, IE killing Netscape had a little to do with it being better and a whole lot to do with it shipping with Windows. Most people aren't motivated to change from the default.
Fifthly, Microsoft certainly can be beaten. On the desktop they make very good operating systems, but on the internet they are vulnerable. In 1996, a couple of university students decided to make a search engine as a research project. The rest is history, and Microsoft has been floundering to keep up with Google's innovation on the web ever since. Which do people use - Gmail, or Hotmail? Google search, or Bing? Google Earth, or Virtual Earth? Now it's Google Chrome that's making waves, not IE8.
MS doesn't have a good track record competing in the online arena against more light-footed organisations with a more progressive ethos.
Finally, that ludicrous chart on MS.com is a long, long way from 'factual'. You don't have to have coded your own browser to see that. It is quite simply propaganda.
* "InPrivate Browsing and InPrivate Filtering help Internet Explorer 8 claim privacy victory"? That is not a fact. It is an assertion with no evidence to back it up. It doesn't mention the privacy features of other browsers and why they are inferior to IE's.
* "Features like Accelerators, Web Slices and Visual Search Suggestions make Internet Explorer 8 easiest to use"? That is not a fact either. It's just name-dropping features of IE and completely ignoring features of competing browsers.
* "Internet Explorer 8 is more compatible with more sites on the Internet than any other browser."? Again, that is not a fact until it's supported by hard evidence, is it?
* "many of the customizations you'd want to download for Firefox are already a part of Internet Explorer 8 – right out of the box"? That is not a fact. It is a presumption.
