By the end of 2005, one out of ten web surfer will definately be a Firefox user. :-D

Never mind about that, do you have any comments about the major security flaws discovered in Firefox yesterday? When can we expect a fix?

First, it seems a bit rude to tell me to never mind about something I'm interested in posting at my weblog. Second, if you'd like to pose questions unrelated to the topic at hand, perhaps you should get your own weblog. I tend to find most popular weblogs that ask direct questions of me and sometimes I even answer.

See the advisory for my comments about the flaws. A fix is in progress and expected shortly.

- A

I hope that the 1.0.4 version apears this week!

Asa, I'm sorry I flew off the handle at you.

But I'm just tiring of keeping discovering the browser I'm using has such poor security :(. It's such an important issue I thought, as head of Q&A, that you might have had something to say on the matter.

Poor security? As Alex Bishop of MozillaZine says, "latest nightly branch builds have a fix for both issues", meaning that they got fixed within a week or so.

http://www.mozillazine.org/talkback.html?article=6590#2

Go get it.

http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

Dan, security is a process, not something that's achieved and then ignored. Our process seems to be working fairly well (though this exploit was filed into Bugzilla as confidential and was leaked and made public against the wishes of the bug reporter).

As we grow, so does the community of contributors. Some new contributors have been helping us by identifying features and areas of code with the potential for exploits. We're fixing those as quickly as we can and in the meantime have done what we can to mitigate the problem with server-side fixes and offering additional workarounds to users who are willing to take further action.

- A

Security through obscurity is not security.

On topic: Isn't this what I said before? That the 9% was Mozilla altogether? ;P

It seems unlikely currently that Mozilla will gain a hold in Japan without support for the tag. Internet Explorer's implementation is broken and limited as allways but at least it is there.

Should've used preview...
Meant the <ruby> tag...

vcv: Yes, that's what you said before. But of all the browser stat reports, WSS is the one which gives the 'alternative browsers' the lowest usage numbers. Many other stats sources put them alot higher:

• Xiti (European usage stats, puts Firefox alone at 13.3%)
• OneStat (gives Gecko a total of at least 9.77% - it's a bit unclear if they give Firefox alone 8.69% or if that's Moz Suite + Ff together.)
• Janco (Has Gecko at 15.01%.)

David,

The OneStat is meant to give Mozilla/Firefox together a total of 8.69%.

"David,

The OneStat is meant to give Mozilla/Firefox together a total of 8.69%."

Did you email them abuot it? The text says "moz browsers total" but the table says Mozilla Firefox. I'd say it's 50/50.

I know you're right about the whole 'community proces' thing, Asa. It's just that I've been using what's now Firefox for two years and had become used to the idea of a very secure browser. So when I look on The Register or something and see that my browser suddenly has 'Extremely critical' security flaws with publically-available exploitations, it's a bit of a shock. So too was seeing the demo of how a website could read my memory with version 1.0.2, and I must say 1.0.3 has been far less stable - I couldn't remember the last time FF crashed, but now it's daily unless I kill it and restart it first (thank goodness for SessionSaver!).

On the other hand it's a free product and no-one's making me use it. You guys are clearly doing your best in what are becoming more and more difficult circumstances as usage of the browser rapidly spreads. And I doubt one could have a similar conversation with the head of Q&A for IE :).

Thanks.

David,

Just read the article
"... today reported that Mozilla's browsers have a total global usage share of 8.69 percent. "

Impressive Firefox stats in Germany! I wish the Danish stats were just as good, but I sadly think they are closer to the Japanese stats :( It is rising though.

habacus, there's an extension to add ruby support - http://piro.sakura.ne.jp/xul/_rubysupport.html.en

vcv,

Just read the table
"2. Mozilla Firefox 8.69 %"

vcv, if you manage to email them and get an explanatory reply - a) you'd be a wizard (they never reply to emails) and b) i'd accept the explanation.

Until then, it's a 50/50 chance either way.

The latest statistics from Germanys bigges news magazin based on 276 million visitors in April:
MSIE 63.18%
F.F. 30.18
Netscape 2.47
http://www.spiegel.de/netzwelt/technologie/0,1518,355494,00.html

> habacus, there's an extension to add ruby support - http://piro.sakura.ne.jp/xul/_rubysupport.html.en
Which works worse than IE's implementation (at least with those parts that actually are used out there)

Also this should be built-in as it is a XHTML1.1 requirement.

David,

It could be Firefox alone, but based on what it previously said, it is more likely that it is ALL Mozilla browsers. I'd say more 60-40 than 50-50.

I'll try to get a response though.