Latest Firefox vulnerabilities

Just found:

http://www.secunia.com/advisories/38608

and:

http://www.theregister.co.uk/2010/02/18/firefox_zero_day_report/

 

If true, then it's a zero-day Firefox vulnerability in the wild simply because the researcher choose not to responsibly disclose the bug to Mozilla first.

 

It's also what happens if it's a black-hat hacker who discovers it first, not a security researcher. The fact is that Firefox is simply a leaky browser when it comes to security vulnerabilities.

 

As the article stated: "...it would be one of the few times in recent memory that a zero-day vulnerability for Firefox has circulated in the wild....", 'leaky' or not, as most all browsers have security vulnerabilities.

 

be responsible and disclose the bug to Mozilla for free when they pay people to find and disclose bugs for them, or sell the bug to someone for thousands of dollars? most people won't disclose bugs for free.

 

In this case the researcher did not responsibly disclose the bug to Mozilla, and also did not take any money for it AFAIK.

 

then he's the dumbest smart guy I've heard of, people make good money finding bugs

 

Which one is safer? Chrome no, Safari never, Opera? ...

 

I would say Chrome, yes. It has a built-in sandbox and runs in protected mode. Firefox does not.

 

Firefox leaky?? That's new to me. FF with Sandboxie (when going to the darker side)seems pretty safe to me. If not.. I would like to know why.

 

But it also had some vulnerabilities ...

 

On x86 systems, sure. On x64 systems, not so much.

Though, the part that makes it secure is Sandboxie, not FireFox. Or any browser, for that matter.