Neil Turner's Blog

Blogging about technology and randomness since 2002

Making a song and dance

Some people, Matt included, have pointed out that the people who usually make a song and dance every time an exploit has been found in IE have been strangely silent when the major flaw in Firefox came to light.
It’s certainly interesting, although it has to be said I’ve probably made more of a song and dance about the Firefox flaw than I do about other browsers. But then I don’t think most of you (by ‘you’ I mean those of you who read this regularly) use IE, and so the biggest mention I make is usually an announcement on Smaller World when patches are ready. The exception is the one today, which I’ve only just realised has been made available and so I’ll mention it now. There’s just the one “important” patch for Windows 2000 users, although it may affect 98 and Me too.
But anyway, I think the difference between the flaw in Firefox and the previous flaws in IE have been down to the attitudes of the respective organisations behind the browsers. If a flaw is found in IE and exploitable code comes to light, MS often keeps schtum until a patch is ready, which, if the flaw is found towards the middle of the month may be 3-4 weeks away because of its monthly patch cycles. With this flaw in Firefox, we had an official statement from Mozilla the day after the flaw became known detailing temporary workarounds, some work on their part to minimise the risk of the flaw being exploited, and, a day later, test builds which included the fix. And this isn’t the first time that we’ve had a quick turnaround from MoFo to fix security flaws in Firefox, though this is the first one that has been this serious.
I know I’m biased but I do genuinely think that MoFo have handled this very well, considering the situation, which, let’s face it, could have been avoided if someone hadn’t leaked the details.

One Comment

  1. The main difference between IE and Firefox when it comes to critical patches — turn around time. IE it could be months, FF it’ll be a matter of a few days. People are mocking FF because of these exploits because it claims to be secure. I believe that the quick turn around of patching only secure this browses stand point.