Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014

Soulskill posted about 7 months ago | from the foxes-provide-the-best-sport dept.

Firefox 207

darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."

cancel ×

207 comments

Sorry! There are no comments related to the filter you selected.

God (1, Offtopic)

TempleOS (3394245) | about 7 months ago | (#46495561)

Have you considered the impact of God revealing Himself to the whole world and crime?

Re:God (-1)

Anonymous Coward | about 7 months ago | (#46495723)

How was your stay in the mental hospital, Terry?

Re:God (1)

Zero__Kelvin (151819) | about 7 months ago | (#46496009)

Yes, but don't you think we have enough crime? If God really loves us, he'll keep us in the dark as always!

Re:God (0)

Anonymous Coward | about 7 months ago | (#46496801)

Jesus Christ! DF? Do you like to share? If so hook me up!

Re:God (0)

Osgeld (1900440) | about 7 months ago | (#46496849)

have you considered that GOD has not once appeared in thousands of years?

Re:God (1)

Anonymous Coward | about 7 months ago | (#46496897)

God came back recently, through the vehicle of the operating system TempleOS.

Re:God (1, Interesting)

mellyra (2676159) | about 7 months ago | (#46497167)

I'm curious: if God had appeared to someone, say 2500 years ago, could that person have recorded the event in any way that would convince you?

Re:God (0)

Anonymous Coward | about 7 months ago | (#46497195)

addendum: I'm not trying to make a point about testimony of a single person being unreliable, so let's assume for the sake of the argument that this deity appeared to several people at different times & places within a few years 2,500 years ago.

How could a historian of that era have recorded these events to convince you that they really took place and were indeed manifestations of God?

I don't see how they could (unless they include some trick which reproducably allows anyone to make God appear - something that seems at odds with the idea of a deity, shouldn't a God have at least as much free will as we humans do?) and imho your comment is intellectually dishonest.

Does it matter? (0)

Anonymous Coward | about 7 months ago | (#46497343)

If a god appeared once 2500 years ago, is it relevant? A god that only exists where you cannot see it or in the ambivalence of personal belief is indistinguishable from an imaginary, very judgmental friend.

Re:God (1)

hawkinspeter (831501) | about 7 months ago | (#46497359)

I think it depends on the nature of the evidence. If the person had significant knowledge imparted to them that would be extremely unlikely for them to know any other way, then that would be far more interesting.

Imagine if a prophet included a page of maths leading up to e=m*c*c or the chemical formula of a cancer cure (although I don't see why a god would invent cancer and then want the cure to be known) or maybe even a work of art that is so inspirational that people are struck with awe? However, if a god wanted to be widely known, it'd be easy to write commandments into the side of a mountain or even create a new bird species whose songs were the different commandments.

The problem with a human testifying about contact with a god is that they should have extraordinary evidence. Third hand reports of turning water into wine or walking on water are too easy to be faked when specific knowledge of the future cannot be faked (unless it's retroactively).

If I ever meet a god, I'm gonna take a bunch of photos, get him to post on my facebook and ask him some specific questions. If he doesn't want to impart knowledge (apart from wishy-washy "be good to others"), then I'm going to suspect that he's a hallucination. There's a lot more evidence throughout history that humans easily hallucinate and make up shit.

Yeah, but it's fast and it's not bloated (2, Funny)

Anonymous Coward | about 7 months ago | (#46495667)

Oh, wait...

Re:Yeah, but it's fast and it's not bloated (4, Interesting)

lexman098 (1983842) | about 7 months ago | (#46495713)

It can actually be pretty fast if tweaked a bit [palemoon.org] .

Re:Yeah, but it's fast and it's not bloated (1)

Anonymous Coward | about 7 months ago | (#46495777)

It can actually be pretty fast if tweaked a bit [palemoon.org] .

And you can soup up a Yugo, too [bbc.co.uk] .

Re:Yeah, but it's fast and it's not bloated (0, Insightful)

Anonymous Coward | about 7 months ago | (#46496161)

Yeah, I'm pretty sure you have to be a raging fucking idiot to draw a parallel between completely rebuilding a car and toggling a handful of boolean values.

Re:Yeah, but it's fast and it's not bloated (0)

Anonymous Coward | about 7 months ago | (#46495893)

What about Linux users who really do have a slow and unresponsive browser?

Linux users? (1, Funny)

Anonymous Coward | about 7 months ago | (#46496121)

They can upgrade to Microsoft Windows 8.1, that's what about them!

Re:Yeah, but it's fast and it's not bloated (1)

Mitchell314 (1576581) | about 7 months ago | (#46497121)

Both of them are perfectly free to stop trying ports of IE.

In honor of Plopper and 1970s Spidey (-1)

Anonymous Coward | about 7 months ago | (#46495745)

In honor of Homer Simpson's Plopper and the 1970s Spider Man cartoons:

FirePig! FirePig!
Wants to be whatever Chrome is!
Can it render a web page?
No it can't, it's a pig!

HA! HA!
You're running FirePig!

TFA doesn't say what the exploits are? (1)

Anonymous Coward | about 7 months ago | (#46495673)

Or not that I saw. I wonder if, like usual, they depend on running malicious code from the attacking site, rather than being sensible and turning off javascript, running ghostery, and the like.

Once you start running code from attackers, you're just asking to be pwned.

check the fixes over the following hours for detai (2)

raymorris (2726007) | about 7 months ago | (#46495727)

Check the bugzilla and the security update the next day for full details on Firefox.

Re:TFA doesn't say what the exploits are? (1)

Anonymous Coward | about 7 months ago | (#46497361)

Or not that I saw. I wonder if, like usual, they depend on running malicious code from the attacking site, rather than being sensible and turning off javascript, running ghostery, and the like.

Once you start running code from attackers, you're just asking to be pwned.

Turning off Javascript breaks so much of websites and online services that it isn't really an option for most users. And when you start to whitelist sites and scripts, how do you know that these scripts/sites are not compromised, do you code review all scripts each time before enabling?

And isn't Ghostery bought by an ad company?

Firefox is the most unstable program in common use (0)

Futurepower(R) (558542) | about 7 months ago | (#46495697)

Firefox is the most unstable program in common use when many windows and tabs are open. The latest version is far more unstable and crashy that earlier versions.

Firefox gets more than $100 million from Google each year. Where does the money go? Do you see that amount of development each year?

The Mozilla Foundation stopped doing more than minimal work on Thunderbird.

The Firefox instability was first reported before version 1 was released.

Re: Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46495733)

Ever considered that it might not be unstable for every one?

Yes. (2, Insightful)

Futurepower(R) (558542) | about 7 months ago | (#46495787)

Yes. Someone makes this comment every time, for the last 9 years, since version 1.0.

Most people don't open a lot of windows and tabs at the same time. The people who do that are usually those doing serious research. For example, what to do about the changes in Google Voice coming in May, 2014?

The problem is much worse when many windows and tabs are open under the Windows OS and Windows is hibernated several times.

The Debugging Games (-1, Flamebait)

Zero__Kelvin (151819) | about 7 months ago | (#46496033)

"Yes. Someone makes this comment every time, for the last 9 years, since version 1.0. "

Well, then it's pretty clear that you're the only guy who understands this issue!

There are so many variables here it makes no sense to enumerate them. Allow me to enumerate them. In part.

1) What OS, and who is the admin?
2) This is Slashdot. If you didn't answer Linux and Me, subtract infinity points.*

* You are an idiot using a proprietary OS in 2014, with no ability to see the source code if you don't "have the rights" and No Ability to verify that the system on your drive is the same as the source code you are looking at!

Re:Yes. (1)

Anonymous Coward | about 7 months ago | (#46496159)

windows has been unstable for me since 3.0, must be the same bug they still haven't fixed

Re:Yes. (4, Informative)

vux984 (928602) | about 7 months ago | (#46496655)

Most people don't open a lot of windows and tabs at the same time.

Define many. I routiney have 10+ windows with 20+ tabs in most of them, and another 10+ windows with 1 or 2 tabs.

I do software development; not primarily web based, but it comes up both in web apps and web services, so I'm regularly loading and debugging sites that are rendering pretty broken stuff too.

I honestly can't recall the last time FF crashed on me for any reason.


The problem is much worse when many windows and tabs are open under the Windows OS and Windows is hibernated several times.

I haven't rebooted my Mac in ages -- last time I installed an update that needed a reboot. A few months easy.

My home office win 7 destkop gets rebooted around once a month for windows updates. Sleep/hibernate/wakeups the rest of the time.

I'm not disputing your experience. But I do wonder whether your crashes are tied to a particular plugin, or are linked to some other characteristic of your system. We use FF at the office as well, on dozens of computers -- stability is NOT problem there as well. Don't know what to tell you.

Re:Yes. (1)

Anonymous Coward | about 7 months ago | (#46496963)

But I do wonder whether your crashes are tied to a particular plugin, or are linked to some other characteristic of your system. We use FF at the office as well, on dozens of computers -- stability is NOT problem there as well. Don't know what to tell you.

Ditto. I run noscript and the only "FF" crashes I've had are the flash plugin and that doesn't even take down FF - I just hit refresh and the plugin reloads. Sounds like his problem is in bad JS or plugins. I'll regularly have 20 tabs open, but usually only in 1 window, or many fewer tabs in each of a couple of windows when doing webdev. And I'm running Windows.

What ever you're doing, you're doing it wrong. (0)

Anonymous Coward | about 7 months ago | (#46496785)

I use Firefox all fucking day long at work and come home and use it more. I see maybe one crash every 3 or 4 months. It's a surprise, an abnormality. WTF are you doing? Run memtest, don't run stupid, check your PEBKAC, show me a fucking stack trace or it didn't happen.

Re: Firefox is the most unstable program in common (1)

Anonymous Coward | about 7 months ago | (#46495809)

Even with lots of tabs open, it's stable for me on Linux. Maybe it's your OS.

Re: Firefox is the most unstable program in common (2)

John Bokma (834313) | about 7 months ago | (#46495985)

Funny that you mention Linux. Firefox crashes about twice a week here, most often with multimedia content. Linux and 8GB of memory. And yes, I am one of those that keeps 50+ tabs open.

Re: Firefox is the most unstable program in common (1)

Anonymous Coward | about 7 months ago | (#46496001)

I do, too, and I have almost never had FF crash on me. Since you mention multimedia content, perhaps its your GPU drivers or some other config.

Re: Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496601)

Is *any* browser stable with that many tabs open? Not in my experience, except by failing to load half of them correctly at all.

Re: Firefox is the most unstable program in common (1)

LordLimecat (1103839) | about 7 months ago | (#46496867)

My gosh, its almost like 3rd party addons can make a product unstable!

And its almost like people have been misunderstanding that about firefox for the last 10 years!

Re: Firefox is the most unstable program in common (1)

TheSeatOfMyPants (2645007) | about 7 months ago | (#46497165)

What distro/environment? In Mepis, Debian, OpenSUSE, and Fedora, it has been rock-solid stable for me using KDE 4, GNOME2, KDE 3/Trinity. I usually only keep 4-10 tabs open and use the Too Many Tabs extension for the rest, and Iusually kill off the Flash plugin via htop an hour or two after watching a video. That's a nine-year-old 2GHz Centrino laptop with 1GB of RAM, running 24/7 with Firefox almost always in use, AdBlock Plus & FlashBlock installed.

OTOH it crashed or froze up fairly often when I was using Ubuntu (roughly May 2008-Jan 2010) on a very similar laptop.

Re: Firefox is the most unstable program in common (1)

TheSeatOfMyPants (2645007) | about 7 months ago | (#46497169)

Correction: 24/7 with Firefox almost always in use when I'm actively interacting with the system (6-12 hours/day, maybe). I didn't mean that there's always somebody using Firefox at all hours of day and night.

Conditions of instability: (2, Informative)

Futurepower(R) (558542) | about 7 months ago | (#46495751)

Firefox is unstable when many windows and tabs are open, even when using NoScript, Adblock, and Ghostery, as mentioned above.

Many crashes do not start the Crash Reporter.

See for yourself. Go to this URL:
https://crash-stats.mozilla.com/home/products/Firefox/versions/27.0#duration=14
(Mozilla does not allow links from Slashdot.)
Those are NOT ALL the crashes! Those are just the crashes that don't also crash the Crash Reporter.

The earlier version, 26.0 is crashy, also:
https://crash-stats.mozilla.com/home/products/Firefox/versions/26.0

Re:Conditions of instability: (3, Informative)

Dagger2 (1177377) | about 7 months ago | (#46496547)

I have ~350 tabs in my Nightly install and it's not unstable at all. Heck, I have 1400 tabs open in my main Firefox 3.6 install, and managed to get it to 2400 recently, and it's not crashy either. Admittedly it's a bit janky due to the garbage collector (which has improved massively since 3.6), but what do you expect with 2400 tabs open? Firefox does not appear to be inherently crashy with many tabs.

If you're seeing crashes, please post some of your own crash reports so we can see if there's any obvious common cause in them. The overall crashes per ADI reports don't tell us much about how crashy Firefox is compared to other software, without also having similar reports from other software to compare with.

Re:Conditions of instability: (2)

Waccoon (1186667) | about 7 months ago | (#46496781)

I have huge issues with Firefox, mostly with regards to memory management. However, stability is not one of them. I have maybe one or two crashes a year, and that's with a minimal, carefully culled selection of extensions.

The big disappointment is AdBlock Plus. This extension is the source of most slowdowns, and after the v27 update, AdBlock slows Firefox down to a crawl, and sucks up so much memory that regular restarts are needed to keep the browser from going berserk due to running out of memory.

I do know that AdBlock merely aggravates Firefox's memory management issues, though, rather than causing them. On its own, Firefox will still choke itself to death over time, and it appears to be related to its JavaScript engine.

Meaningless. (0)

Anonymous Coward | about 7 months ago | (#46496811)

Until another browser maker publishes such information there's nothing meaningful to compare with. Those same users could have all kinds of shit crashing. There's no way to know what the 1 out of 100 (that you are part of) are doing wrong. Stop clicking every link posted to 4chan or something.

Re:Conditions of instability: (1)

LordLimecat (1103839) | about 7 months ago | (#46496877)

Firefox is unstable when many windows and tabs are open, even when using NoScript, Adblock, and Ghostery, as mentioned above.

Dont complain about problems with firefox while running 3rd party code, particularly addons that can conflict. I think I read about potential issues when combining those three, as they overlap quite a bit.

Re:Firefox is the most unstable program in common (1)

97cobra (89974) | about 7 months ago | (#46495769)

Just upgraded from v20 to v27. Crashed more times in the last 2 weeks than in the previous year.

Same here. (1)

Futurepower(R) (558542) | about 7 months ago | (#46495793)

That's my experience, also. Version 20 was considerably more stable than the latest version 27.01.

Futurepower: a true representation of everyone's e (0)

Anonymous Coward | about 7 months ago | (#46496827)

I understand it sucks being the 1% but that hardly makes the whole thing bad.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496023)

A heavy amount of crashes are related to the Flash plugin. Make sure you're running the latest version.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496119)

That would make a lot of sense, I haven't had a crash in firefox for at least a year.
Don't have flash installed and keep firefox running with lots of tabs pretty much 24/7, the only times I restart it is when updates comes out and for windows update (Win7 x64).

Not having flash works surprisingly well, I don't even miss it.

Re:Firefox is the most unstable program in common (3, Interesting)

Anonymous Coward | about 7 months ago | (#46495803)

Just saying, I use Firefox as my primary browser. It last crashed.....I can't remember when. Is it maybe possible there's something wrong with your computer?

I use it because IE...though I don't have anything specifically against the new versions, I just don't like it. Chrome, beyond not trusting it being a google product (I assume it logs every keystroke, it wouldn't be out of character for them, though I will grant they probably don't log password fields, but all others...), is there honestly a more bloated browser out there? Firefox right now has 19 tabs open for me, using 950 megs of RAM (a bunch of those tabs have plugins running such as PDF viewers or video viewers). Chrome, 3 tabs, using a grand total of a bit over 500 megs of RAM (hard to say exactly how much since I don't want to pull out a calculator and add together the I believe 8 different processes), and all just displaying simple web pages.

Re:Firefox is the most unstable program in common (1)

redmid17 (1217076) | about 7 months ago | (#46496187)

My record on FF, thought this was a few versions ago, was just over 1 GB for 4 tabs (no multimedia, just two wiki-type pages and 2 work pages with no flash). I might still have a screenshot of it laying around somewhere.

Re:Firefox is the most unstable program in common (1)

redmid17 (1217076) | about 7 months ago | (#46496217)

I found it but I'm wrong. It was 4 tabs, but it was 2 slashdot pages (old UI) and wiki-type pages.

Re:Firefox is the most unstable program in common (4, Informative)

ahabswhale (1189519) | about 7 months ago | (#46495865)

That's odd, I keep literally dozens of tabs open in it all the time and haven't had it crash on me for as long as I can remember.

Re:Firefox is the most unstable program in common (4, Insightful)

mark_osmd (812581) | about 7 months ago | (#46496229)

I think the 'crashy' people are installing huge numbers of questionable plugins. I have good luck with Firefox but only install a few well selected plugins (noscript, better privacy, adblock, flash block, littlefox, and self destructing cookies). Because many of those plugins block crud like flash ads I get even better stability.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496243)

I've found that most often it's just a crap version of Flash, bad drivers, and surprisingly often it's also bad RAM. But there certainly are crash problems with Firefox as they do their best to bring it into the future. Of course that's not to apologize for it, but at least it's painfully obvious they're constantly improving it, even if some people seem to wish it would stay in the past.

Re:Firefox is the most unstable program in common (1)

Billly Gates (198444) | about 7 months ago | (#46496409)

I had trouble with youtube playing music as soon as you use flashblock or adblock. No issue at all with other browsers.

FYI this is after I disabled it for the FREAKING SITE. It seems unless they are uninstalled no music or videos can be displayed

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496633)

It's 2014 and you're still using flash on youtube? Why the hell?

youtube.com/html5 [youtube.com]

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496901)

It's 2014 and you're still using flash on youtube? Why the hell?

youtube.com/html5 [youtube.com]

Ew. That html5 mode is a "trial" that I consider a buggy alpha.

Lots of youtube videos will just fail, and dutifully remind you download flash. Most industry-backed and homepage-featured content wants to force the adertisement API on you, which only works on flash. Status quo for years. So if you join that trial and want US content not made by your cousin, or anything with copyrighted background music accidentally sprinkled in, google will try to monetize ads... and you'll be seeing those static-filled error messages about upgrading to flash.
I recommend the video without flash [mozilla.org] extension on FF
It is buggy too (ALT+W to trigger if you don't see video load), but issues are fewer than by html5 alone. So turn off flash fully and set it to autoparse on each page load via its options pref screen. Downside seems to be:

FF only
Fullscreen is gray (broken videos)
Anything without video sources available in libre formats will only work as a orced non-streamed file download, and h264-mp4 and flv are pretty common. html5 still has a long way to go, and google won't consider it ready until it can monetize ads with it.

Another workaround used to be setting iPhone and iPad user agent strings, but I failed to get that to work today.

Re:Firefox is the most unstable program in common (1)

TheSeatOfMyPants (2645007) | about 7 months ago | (#46497189)

Odd. I use YouTube relatively often, and always have AdBlock Plus &Flashblock enabled/installed. The biggest problem I've run into with the combo is that ABP thus far can't get rid of the smallish semi-collapsing ad that appears within the video and is sponsored by the account holder.

From what I recall, though, the main difference between Firefox and other browsers is that it's the only one that lets ABP block sites from even requesting a resource; on other browsers, all ABP can do is hide elements from view once they're downloaded. That might somehow tie into the problem you're having.

FWIW I'm using Firefox 22 (I dislike the changes made as of 23) in Mepis Linux, on an old 2GHz Centrino laptop with 1GB of RAM.

Re:Firefox is the most unstable program in common (1)

drinkypoo (153816) | about 7 months ago | (#46496661)

My lady is running less plugins than I am, and literally running a subset of the plugins I am running, and her Firefox crashes fairly frequently while mine crashes only occasionally on a resume from suspend. The notable difference is that she is running Windows (7 x32) and I am running Linux (Ubuntu somethingrecent.) If one of us has more stable hardware, it's her, and not me.

Re:Firefox is the most unstable program in common (4, Informative)

ahabswhale (1189519) | about 7 months ago | (#46496695)

I would recommend noscript. Firefox does have a glaring flaw in that all the tabs run in the same process so if one gets wonky, it's game over for everything. It's probably flash that's killing you. I use noscript which blocks everything (like flash) that I don't explicitly want running and it makes Firefox very stable. As a side benefit, it makes browsing much safer. I use Chrome a lot too but when I'm going to any questionable sites, I use firefox just because of noscript.

Re:Firefox is the most unstable program in common (2)

LordLimecat (1103839) | about 7 months ago | (#46496885)

Flash runs in a separate process, and has for quite a while.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46497283)

Flash runs in a separate process, and has for quite a while.

Rendering is done with synchronous IPC so Flash can still lag the browser UI. The separate process also only protects against 95% of Flash crashes, it's still possible for the plugin process to send IPC messages which crash the browser process (have had that happen repeatably when looking at a particular Flash movie).

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496045)

Yes, I do see them making that much effort. But mostly because I actually pay attention to what they're doing, not just a few negative articles on Slashdot. And not just Firefox, either. They've helped make many a web specification, and vastly improved a number of them. Without their influence the web would be a far less stable place in general, and I have absolutely nothing against them making $100 million from Google from search engine revenue.

I've noticed that ALL browsers have become less stable over the years, after they reach a sweet spot. Chrome is the least "crashy", but makes up for it with other frustrating bugs that weren't around a few years ago. In fact I would gladly trade it's stability if it meant it was less frustrating to use in some cases. Firefox is just another browser with its own frustrations.

Re:Firefox is the most unstable program in common (1)

nickittynickname (2753061) | about 7 months ago | (#46496193)

I keep many, many tabs open all the time in osx and windows and have no issues. Are you sure you don't have a problematic plugin.

On ubuntu, on my home machine, I find firefox unusable even after much tweaking.

I also notice that chrome handles bad javascript much better than firefox. Other than that I think firefox is a fine browser.

I'm sure most of the security exploits have to do plugins. Its a common trade off, lock it down and make it more secure or open it up and make it potentially more usable.

To each their own (1)

bogie (31020) | about 7 months ago | (#46496327)

I've just not found that to be the case since the M days. And that's with usually 3-4 windows with lots of tabs open. I actually like and use both Chrome and Firefox. I think to say one is oh so much better than the other just doesn't fly from what I've seen and what my users have said. They both work very well.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46496791)

In my experience, FF crashes are somewhat predictable as you see slowdown typing or clicking, and notice FF pegging one of your cores.
It does not happen on Windows if I run script blockers and turn off Flash, since site ads can't peg you.

It does happen a lot on the work computers where JS and ads must be left on. The memory ceiling is too low on the 32 bit work image. Think that your nominal 4GB gives you wiggle room? Nope, because 1GB is reserved by Windows just to handle its resources and your hardware. So that leaves you 3GB. Basically, office apps and 30 tabs and FF gets close to 1GB and pushes Windows total RAM use close to the 3GB ceiling.

Re:Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46497045)

Every time a client complains about how crashy firefox is I backup their bookmarks (and make a copy of their profile) delete the profile, uninstall firefox and delete all the directories then reinstall firefox and import thier bookmarks, install noscript, adblock plus and ghostery and tell them to use it like that for a while.

Without exception, this fixes ALL the problems. Start blaming the crappy plugins instead of firefox and stop installing every damn plugin in the universe.

Re: Firefox is the most unstable program in common (0)

Anonymous Coward | about 7 months ago | (#46497069)

Yeah, right...

I run with about 200 tabs open all the bloody time (I know...) and Firefox isn't slow or crashing.

I also run AdBlock and FlashBlock.

Flash is the biggest culprit to Firefox problems. And that is really no wonder, given the quality of Flash plugin code and its role as an NSA attack vector.

Sometimes you do end up with a massive memory consumption, especially if you leave a site with some "push" feature running for several days or a week. Then its enough to kill that tab and things will settle.

If you get Flash problems the only thing you can do is kill the tab and restart Firefox. You can usually see the Flash going amok in the process listing.

Heresy (-1)

Anonymous Coward | about 7 months ago | (#46495725)

It's Open Source. Thousands of eyeballs and all that.

There's going to be a knock on your door in the middle of the night.

It was nice knowing you.

No app by itself is all that safe (1)

Burz (138833) | about 7 months ago | (#46495833)

I do my browsing in an untrusted or disposable Qubes domain, which is about as strong security as you can get for a functional desktop system. Still, it would be awesome if pwn2own made it one of their target OS's... now for *that* I would get out the popcorn!

Not so many options (0)

nashv (1479253) | about 7 months ago | (#46495837)

I am using Firefox for lack of a better option. I

IE is out of the question because it is too clunky, and Chrome has Google intruding into extension use and so on. I had to ditch it the day I discovered that they can remotely disable locally installed extensions. Firefox and Mozilla in general seem hell bent of making everything they make as horrible and cartoony looking as possible (Austalis(-hit)) .

It is sad that for all importance browsers have today, there are basically only 2-3 options to choose from.

Re:Not so many options (1)

afgam28 (48611) | about 7 months ago | (#46495993)

15 years ago, Internet Explorer had just won the browser wars, and all we had on Linux was an old version of Netscape Navigator that barely worked. Even Netscape had abandoned it and no one had any idea if and when Mozilla would ever be ready.

Compared to that I think 2-3 options is pretty good, especially when all of the browser vendors respect web standards (even Microsoft), Firefox is completely open source and so is nearly all of Chrome and a large chunk of Safari too.

Re:Not so many options (3, Interesting)

Billly Gates (198444) | about 7 months ago | (#46496387)

I left firefox after 4.0 debuncle. Yes it was the first release to really support HTML 5 but it was freaking HORRIBLE. Bad UI, sloooow, and on older hardware it was unusable. IE 9 won rewards on tomshardware.com which was released march 2011. I held my nose and gave it a try. It supported hardware acceleration, html5 (I admit it was more limited at the time), and was great on my 6 core system as it has per process tab. Since 2001 it ran circles on gecko web engines??!

Many slashdotters said ewww no thanks based on IE 6 memories.

I then played with Chrome. Yes it is spyware somewhat but it too has important features and has less hardware acceleration but it is more secure and frankly a much better browser than Firefox.

My father got hacked with Firefox. It is a shitty browser with no lowrights mode. It is frome the XP era and has no concept of %appdate and uses the filesystem and has access rights to some processes and threads. Bad security wise but that is what XP era software did.

Chrome and IE 9+ have separate code bases for this with XP vs Windows 7 and greater with sandbox support. Many here use Comodo Dragon which is based off of Chrome but has no privacy issues. However, be warned it based off the previous version of Chromium with some security holes.

Switch my friend!

Until Firefox goes to a processing model and supports lowrights mode I will not go back. This may change hopefully as Firefox is improving with performance and ram requirements since 2011 but on a 6 core system it is stupid not to multitask!

Re:Not so many options (0)

Anonymous Coward | about 7 months ago | (#46496625)

You seem to think Firefox is still at version 4 or something. It is now heavily multithreaded, has sped up considerably (and is now competitive with even Chrome for most users), uses far less RAM (even compared to other browsers), and has even had its process sandboxing improved on most OSes.

None of this is an attempt to deter people from switching, but simply to fight your misinformation. It's popular to bash on Firefox lately, while telling users to switch to Chromium. But Opera is probably a better choice for users who don't want to opt into Google's services and just get the faster and leaner browser, and it is better-poised to return to greatness than stagnate like Chrome has lately.

Re:Not so many options (1)

drinkypoo (153816) | about 7 months ago | (#46496675)

You seem to think Firefox is still at version 4 or something. It is now heavily multithreaded, has sped up considerably (and is now competitive with even Chrome for most users), uses far less RAM (even compared to other browsers), and has even had its process sandboxing improved on most OSes.

Why is it still so much slower at javascript and when, if ever, will this change? I'm still using it, but it's frustrating that loading a webpage often causes the entire browser to choke hard (whether I run it on SSD or not.)

Re:Not so many options (0)

Anonymous Coward | about 7 months ago | (#46496815)

On which sites? In my experience there are only a few ways it still really "chokes" compared to Chromium browsers, and that's for specific types of scripts or when there are heavy graphics effects (CSS filters etc) that Firefox is still optimizing. In fact I find Firefox faster on some sites now.

Certain addons can also drag it down substantially, especially if you run a bunch of ones like AdBlock, Ghostery, and so on at the same time. Problematic versions of Flash or video drivers can also cause weird choking-like behavior, even if Chrome seems to work (though video drivers aren't likely to be the culprit and Flash has been nothing but shite for me lately on all the browsers I try).

But if you're running into "choking" behavior regularly without much in the way of plugins/addons/etc, then it's possibly not even a "Javascript" issue so much as the garbage collector Firefox uses for everything. Some people seem adept at triggering it a lot (not their fault, of course, just the way it turns out). Mozilla's in the middle of transitioning to a better garbage collector that should solve at least some of those problems, but I suspect that will take them 2 or more releases.

If you're really that upset by such pauses, then I'd actually recommend trying out NoScript, and not just on Firefox. I've even come across similar issues with certain Antivirus software on Windows, on a really fragmented hard disk, and on a dying hard disk. Firefox has turned out to be the "canary in the coalmine" for me more than once.

Re:Not so many options (1)

Billly Gates (198444) | about 7 months ago | (#46496899)

You seem to think Firefox is still at version 4 or something. It is now heavily multithreaded, has sped up considerably (and is now competitive with even Chrome for most users), uses far less RAM (even compared to other browsers), and has even had its process sandboxing improved on most OSes.

None of this is an attempt to deter people from switching, but simply to fight your misinformation. It's popular to bash on Firefox lately, while telling users to switch to Chromium. But Opera is probably a better choice for users who don't want to opt into Google's services and just get the faster and leaner browser, and it is better-poised to return to greatness than stagnate like Chrome has lately.

Because it is!

No it is not multithreaded. Don't believe me? Hit control alt delete? Firefox uses 400 megs of ram and has high cpu spikes while 5 of my out of date cpu just sit there. One bad site ruins the rest of the 20+ tabs while javascript and everything else pegs just one core where a single bad script can take down the freaking browser.

Sounds like Windows 3.11 and MacOS classic all over!

It is snappier yes but only if you do not run more than a tab or two. It is time to move on as it is obsolete at this stage and is the new IE 6 of this decade. Stale, obsolete, and insecure.

Firefox while it does work is not the best and it pains me to type this. Chrome works better on my older cpu with mulitcores. Maybe on a shiny new icore3 Firefox might seem snappier on lightloads?

But the architecture is dated, insecure, and can not handle modern gpus and multi core cpus with modern security of per tab processes like IE and Chrome had since freaking 2009.

Shoot even the recent IPhones and Galaxy phones have 4 core systems. It is 2014.

Re:Not so many options (1)

Frankie70 (803801) | about 7 months ago | (#46496451)

IE is out of the question because it is too clunky,

What version of IE did you last use? I use IE as my secondary browser. There are reasons why it's not my primary browser, but clunkiness is not one of them. I find it far less clunky & far more stable than Firefox.

Moved to opera (1)

Papaspud (2562773) | about 7 months ago | (#46495901)

Had the same problems with FF crashing, switched to Opera next, works great for me.

Re:Moved to opera (2)

Pseudonym Authority (1591027) | about 7 months ago | (#46496667)

The new Opera is just a butchered Chrome with less features. Please don't use crappy knock-offs made by sellouts.

Re:Moved to opera (0)

Anonymous Coward | about 7 months ago | (#46496915)

ummm Chrome in this case is the crappy knockoff.

Soooooo. (0)

Anonymous Coward | about 7 months ago | (#46496041)

The hackers waited for the Pwn2Own event to release the vunerability. This makes me wonder how many Windows XP vunerabilities are lurking and will be released on April 9th???

bit3h (-1)

Anonymous Coward | about 7 months ago | (#46496075)

le4d developers c0llect any spilled

Firefox still the best web development companion (0)

Anonymous Coward | about 7 months ago | (#46496293)

I mostly use chrome for general surfing, but I still love firefox for firebug and its other very useful add-ons for web development. I know all the other browsers are copying firebug but they don't compare.

wtf?! Chrome developer tools SO much better! (1)

raymorris (2726007) | about 7 months ago | (#46496573)

What?!?! Chrome developer tools beat the pants of Firebug, in my opinion. I install Firefox for non-developers, for people who consume content. For developing sites, Chrome saves me gobs of time compared to Firefox.

No lowrights mode (not surprised) (5, Interesting)

Billly Gates (198444) | about 7 months ago | (#46496337)

Both Chrome and IE (yes slashdotters I did say IE) support lowrights mode.

This means it has no access to the file system at all, no access to processes or threads and %appdata is its prison ... assuming you are on Windows 7 or greater on Windows. XP users will get hacked regardless of browser because the OS does not support kernel level sandboxing.

I left Firefox for IE 9 in 2011 after it won rewards on tomshardware.com. Then switched to Chrome. Firefox like Netscape before it is a sad shell of its former self. I do admit the later firefox releases are much more lenient on ram usage and have improved drastically.

But I have an older Phenom II x6. Nice 6 core with virtualization support for VMWare .. but it is 2.6 ghz and is showing its age at only 2.6 ghz. My machine needs multi processing/threading apps to run close to modern and they provide greater security. One tab does not interfere with another and can be assigned for each core.

To prevent my fan from going high and causing high usage both IE 10+ and Chrome utilize my system fine and still display pages as fast as those reading this on an icore5 or later. But Firefox puts +20 tabs on one cpu with no lowrights mode and as you can image when firebug is on it slows down all the tabs and it is a security risk.

Like netscape it was the lack of funding that killed it agaisn't IE 6 onslaught. I wonder if the same is true? I used Netscape 4.7 before succumbing to IE 6 and then Firefox 1.5 to IE 9 and later Chrome today.

Re:No lowrights mode (not surprised) (2)

cbhacking (979169) | about 7 months ago | (#46496665)

Vista or greater; Mandatory Integrity Control was introduced with NT 6.0, not 6.1 (better known as Win7). IE7 on Vista was the first browser to use the Low Integrity Level sandbox.

By default, Low IL actually does allow reading much of the file system and registry. It just can't do anything to any of it.

For what it's worth, you can *kind of* get the same benefit on XP by running a browser as a very-low-rights user. That causes no end of problems for some use cases (like downloading files), though.

Re:No lowrights mode (not surprised) (-1, Troll)

drinkypoo (153816) | about 7 months ago | (#46496679)

Both Chrome and IE (yes slashdotters I did say IE) support lowrights mode.

Well, here's a nickel. Get yourself a real OS and run Firefox as another user when you want low rights mode. Most of us have that kind of functionality in our operating system. Even Windows users. I dabble in Chrome occasionally and it's gotten to the point where for most operations it's just as slow as Firefox. It was pretty fast once, though.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46496961)

Linux doesn't support lowrights. Standard users or the wheel group in Unix can still access file system, threads, processes, etc. Escalations can occur through an attaching to a process running as root.

So Windows is ahead in this area with lowrights.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46496933)

Wait, you run Windows as an Admin and rely on your browser to reduce rights? If that's not bad enough, slashdotters voted this up!?

OMG.... /. is D.E.A.D

Re:No lowrights mode (not surprised) (0)

Billly Gates (198444) | about 7 months ago | (#46496955)

You're an idiot as standard users still have access to threads, processes, and the file system. This means you can attach a rogue process or malware to an admin one which happens to run as a service. It can then be executed with full admin privileges.

Re:No lowrights mode (not surprised) (2)

cbhacking (979169) | about 7 months ago | (#46497125)

Not actually true (you don't really know that much about MIC on Windows, do you?) Standard user processes, including non-sandboxed browsers, run at Medium IL. Admin processes, including services, run at High IL. Medium IL is just as incapable of attaching to a High IL process as Low is to Medium.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46497147)

Not actually true (you don't really know that much about MIC on Windows, do you?) Standard user processes, including non-sandboxed browsers, run at Medium IL. Admin processes, including services, run at High IL. Medium IL is just as incapable of attaching to a High IL process as Low is to Medium.

Then why are there exploits in other browsers that do just this? I have had one myself. A rogue flash applet my AV caught trying to attach itself to a service as a standard user too I may add?

There are many ways around this. Lowrights mode ads another layer of protection that a hacker needs to bypass in order to infect a machine.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46497327)

Where, show us the data ! My guess is you're just speculating,
and actually clicked a Miley Cyrus phishing mail and infected your system that way.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46497315)

That's bullshit, a normal user's process can't trace/debug a privileged user's process.

Re:No lowrights mode (not surprised) (0)

Anonymous Coward | about 7 months ago | (#46496941)

"Like netscape it was the lack of funding that killed it agaisn't IE 6 onslaught."

I'm pretty sure Microsoft's integrating/bundling IE into Windows itself as a uninstallable option as well as their vendor dealings to keep new PCs IE-only played a much bigger part of netscape's downfall than just their lack of funding. Hard to secure funding in that kind of illegal anti-competitive market anyhow.

Re:No lowrights mode (not surprised) (1)

Billly Gates (198444) | about 7 months ago | (#46496969)

IE 6 was the better browser sadly. If you can believe that which I know in 2014 that is hard.

Ask any older webmaster from that time frame?

W3C was something a committee did which was academic. Only Netscape and MS specific CSS and HTML mattered and websites needed to include specific workarounds for one or the other etc. Man, people forget how dark the web was 10 years ago.

The fact the majority of non Chinese and business users use Firefox and Chrome today show bundling had nothing to do with IE's rise. It came because Netscape died at 4.7 and become very stale FAST while we like to forgot about NS 5+ as they made IE 6 look less buggy in comparison and no one really used those. I refused and kept NS 4.7 for many many users until 2002 when I gave up.

How many were DNS baed issues? (1, Interesting)

Antique Geekmeister (740220) | about 7 months ago | (#46496613)

The tendency of Firefox to preserve its own DNS cach means I cannot use it when hopping from VPN to VPN with split DNS running. unless I configure and install my _own_ local DNS server to auto-reconfigure every time I activate a VPN. I'm afraid it's become unusable for me for real work and testing when switching from internal to external website access as I debug network and configuration issues: it's the only browser that fails this way.

Re:How many were DNS baed issues? (1)

Anonymous Coward | about 7 months ago | (#46496927)

The tendency of Firefox to preserve its own DNS cach means I cannot use it when hopping from VPN to VPN with split DNS running. unless I configure and install my _own_ local DNS server to auto-reconfigure every time I activate a VPN. I'm afraid it's become unusable for me for real work and testing when switching from internal to external website access as I debug network and configuration issues: it's the only browser that fails this way.

There are a ton of about:config settings related to dns. For what is worth, a look can't hurt, but I hate stupid design decisions causing more browser fragmentation. I have 3 browsers to keep mental bug lists for, and extensions for each are worlds apart even with the same names.
Stylish's bgcolor css scripts don't work in the official chrome version. Adblock has confusing multiple versions on chrome that I can't verify are legit, and I heard the filtered content is still downloaded. But stability, multiprocess tabs and no extension version number surprises for chrome...

Re:How many were DNS baed issues? (0)

Billly Gates (198444) | about 7 months ago | (#46496989)

That is a scary security risk.

What is to stop malware from insert records into the DNS for Russian banks etc? File system escalations are bad enough and at least Chrome and IE do not have any filesystem access and can only write to %appdata.

But Firefox nope. I will make sure not to use it even if it does support threading like its competitors starting to do last decade.

Re: How many were DNS baed issues? (0)

Anonymous Coward | about 7 months ago | (#46497117)

Your mumbling about appdata makes no sense. Windows is insecure by design. If you have not understood this previously, and Snowden's material didn't make a light bulb go off, then you will never understand it.

Doin' It Wrong... (0)

Anonymous Coward | about 7 months ago | (#46497257)

I bless each Debian install with a splash of Hennessy 'cause I'm a nigger. Be an Iceweasal nigger, too. Niggers

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?