In its latest monthly update, Microsoft was not been able to fix a serious vulnerability in Internet Explorer because the flaw was discovered only a few days before the company’s regular update was due. To make matters worse a worm exploiting the flaw was released on Monday, leaving the software giant without any option but to ignore the problem – for now.Posted by asa at November 10, 2004 07:20 AM
....
The IFRAME vulnerability and the Bofra worm appeared in the week leading up to the final release of Mozilla’s Firefox browser, which is unaffected by the worm and seen as the biggest threat to Microsoft’s dominance of the browser market for many years.
"To release a stable patch for IE would be impossible [in that time] because they want to test it thoroughly before it goes out..." said Richmond.
So let me get this straight... Microsoft wants to test their patches fully before they are released. Seems to me that if they were to take the same stance on their applications, they wouldn't need to release so many patches to begin with. Seems that in their constant rush to get to market, they are always first on the shelves but the last to know about their security holes.
Posted by: andy on November 10, 2004 07:42 AMThere is reasonable doubt that MS is telling the whole story ....
http://securityfocus.com/archive/1/380543/2004-11-07/2004-11-13/0
Posted by: bernd on November 10, 2004 08:01 AMMaybe, Microsoft was busy with other things these days. Integrating enhanced search abilities in their browser would give them a competitive advantage over Firefox and Google. There are rumours, Microsoft will launch its much improved search engine tommorrow.
MS also launched a well designed site with MSIE-add-ons listed a few days ago. In opposition to mozdev, the add-ons listed there should all work. This is something, which could and should be improved at mozdev:
working addons, betas, alphas, abandoned ones etc.
w_j_s: isn't that update.mozilla.org ...?
Posted by: Asaf Romano on November 10, 2004 02:49 PMAsaf:
yes, it is update.mozilla.org, I've forgotten, but there are some problems to use it.
First:
I prefer locoalized extensions, so I have to download them from a German site which provides them (or is there an update.mozilla-europe.org which provides them? This would be very nice)
Second:
update.mozilla.org had massive server problems even before the release of FF 1.0(I've read in an interview with Mitchell Baker, that the Foundation is aware of this problem and it shall be solved in the near future). Update requests started with a few minutes delay and often didn't work for me, so I had to choose an european mirror server or mozdev because of the downloads.
(The way I do this: look at update.mozilla.org for the extension, then go to the mirror or mozdev and download it - this works fine for me, but I'm sure it is not the intended procedure).
Third:
Mozdev.Org provides a fantastic overwiew of Gecko's possibilities as a software platform, so I am one of the more curious users which use it for installing extensions. Indeed Asa's weblog is the wrong place to critisize mozdev.org.
Last:
Obviously Microsoft is taking Mozilla serious. Their site for 3rd party extensions seems to be mixture between the concepts of mozdev and update.mozilla.org.