[LennonCook]

Quote:

I dunno, Firefox has just came out and it already has a number of "moderately critical" flaws detected.

Well, OK, I guess "one" is a number. [img]tongue.gif[/img] Secunia reports four open vulnerabilities in Firefox: one moderately critical, three less critical.

The moderately critical "frame injection vulnerability" is not being worked on directly (bug 273699), but it's dependancy (bug 103638) has a good deal of progress being made. Once 103638 is fixed, it will be probably be a somewhat trivial manner to fix 273699.

The "tab spoofing" is in the Apple Java Plugin, not Firefox proper, and it only affects MacOS X. Due to restrictions that almost saw a split between 1.0 and 1.0-mac, regressions specific to MacOS are to be expected (for all intents and purposes, 1.0 is still beta on MacOS).

The tabbed browsing vulnerabilities are partially fixed in 1.0, with a proposed patch for the remaining vulnerabilities (see bug 262887). Meaning that if this patch works as expected, this will be fixed very soon (in the nightly builds, in Mozilla 1.7.6, and possibly as an auto-update for Firefox).

The cross-domain cookie injection vulnerability is unpatched at this point.

That means, of 4 bugs, 2 have quite a bit of work being done on them. Considering IE has bugs of similar criticalbility that have been open for years, Firefox's track record isn't too bad.

If Firefox is slow, you need to speed it up. This is it's greatest benifit: you can tweak the hell out of it if you want to. And for most of it, you don't even have to have the source code (let alone having to recompile it). Just take a look at the URL about:config, and start fiddling. [img]smile.gif[/img]