Firebird and Mozilla Clarification
July 12, 2004 1 Comment
I've seen some mis-information on this in a couple of places now, so I feel the need to comment. A few days ago a vulnerability was reported in Mozilla/Firebird that allowed arbitrary code execution under windows. What some people seem to be missing is that this was a vulnerability in *windows* not Mozilla. The bug does not effect any OS but windows, and will probably be patched in XP SP2. Why some people are using this to say things like “see, it's not just IE that has problems” is beyond me. While Mozilla surely has bugs, let's view the facts on this one.
– Only Windows is vulnerable
– A Windows SP will address the issue
– A fix was provided by Mozilla within 12 hours of a report on FD
It is simply FUD to see this incident being used as an example of how OSS is flawed. If anything it's an example of how an OSS program was able to work around an OS issue in less than 12 hours, which is quite impressive to me. It's clear that some people still don't get it. We'll keep making our point with code and response times like this, instead of just talking about it.
–jeremy
Jeremy's Blog 
I have to completely agree with your statement. Its infuriatingly frustrating to be a mere user and see the crap that is slung by those who fear a new concept.
This comparison of user-app problems is friutless, since it is an OS problem. The reverse has been a cause of consternation as well, of course. How many time has the list of Linux vulnerabilities been cited to make it appear that MS Windows is more secure. If the bugs in every available win32 application were listed along with those at windowsupdate, the list would be too long to manage, yet this is what is used to compare with when referring to Linux security.
I guess that the best approach to this is to provide the solution quickly and obviously. Then, be sure it's pointed out and carry on with class. perhaps the high road to evangelism will work well with the high road esteemed by the advocates of the GPL, et al.