Mozilla Firefox security vulnerabilities, CVEs, exploits, metasploit modules, vulnerability statistics and list of versions
www.cvedetails.com
I am fully aware of that.
One of my next points on my to-do-list is to set up firefox run in a jail (or any other browser - my trust in webbrowsers (resp. webpages) is limited, anyway.)
As far as I understand jail yet, possible security issues will stay in jail.
With cookies and fingerprints one may open pandora's box and ask what security exactly means. (No, we don't do it. At least not here in this thread! [SirDice will ban me one day
])
Don't tell me, firefox (resp. mozilla) were a 100% non-profit orga, which allows their browser to be set actually the way you may surf the net completely anonymously. ?
If you followed some interesting articles published about that topic you may get to the conclusion, cookies are from yesterday. Fingerprints is the stuff.
If webpages tell me their cooky-acceptance-bs I always think of a guy rummaging your underpants drawer saying:"We respect your privacy!" ?
BTW: Firefox ["secretly"] has an experimental option, to suppress fingerprinting.
But if it works - who knows? How one may test, if you don't have access to a webserver? Go to youporn and see if you receive more viagra ads? ?
I do have nothing against updates and patches. Those fix bugs and ensure security - but shall (must) not change the usage of the program.
But most software companies wildely mix those up with upgrades. Upgrades change the usage of a program.
The first is OK.
The second
I want to decide, if and when.
Let me draw you a picture:
Lets assume your computer/desktop/os/browser were your car.
What you want is bugs in the ABS software fixed, the software of the gas injection system to be updated to reduce fuel consumption, newest maps installed to the GPS, and so on.
That's OK.
Those are updates and patches.
Welcome (don't bother me with OK-only-requesters, just do it! Automatically, quiet in the background.)
What you don't need, but also sometimes get, is an upgrade of windscreen wiper software.
The wiper still not wipes better, but, well OK, it also not wipes worse, so what the heck.
Some trainee also needs to share the feeling of beeing part of big software releases. ?
But if it wipes worse, I'm pissed. I neither see no progress, nor any benefit for me in it.
So I want the old version back, because that one wiped better.
Understandable, is it?
But what I absolutely don't want, never ever, is to get in my car in the morning, reading "an important security update has been installed",
and your steering wheel is gone.
Therefore there are two levers on both sides of the seat.
"wtf!?!..." - "Yeah! It's cool! It's new! It's better."
I don't care!
It doesn't matter if it's better or worse.
It's a change.
A
sudden change.
An unasked change!
Besides you fell mocked, since this ain't no "security update", this is a system's
upgrade, you're faced to be forced to use and learn it,
now.
I neither asked for, nor was I asked, if I wanted it, and especially not, if I'm
now ready, willing and able to learn, test and decide if I wants it.
Now I simply have neither the time, nor the nerve, nor the will to stay additionally 5, 10...20 minutes in the garage, being forced to bother with something unexpected new.
Now I need to drive to work.
Just as I did for years, without accidents, with my old-school, back-woods, ancient onehundredandtwenty years old, boring round steering wheel, way back from the stone-ages of steam-engine driven vehicles.
I don't give a..., what others think it's cool.
It simply just worked perfectly for me.
That's all I asked for. That's what I had.
Don't take this away from me without I having a decision!
There is no need to change things just because they are "old".
There
may a reason to change,
if things are better.
But new does not necessarily means better.
Something many software guys simply don't get.
Of course, I understand that. They spent hundreds and thousands of hours slaving over that new feature, and now it has to be brought into the world.
But also software engineers have to learn two things:
1. There are "ignorant customers, too stupid to see the greatness of their fantastic ideas". They don't want it. They may not really need it. They even may
dislike it.
2. Not all of their ideas are great. Some actually may be pure bs, really.
Sorry, but that means: "Welcome to the real world." Deal with it!
Other engineers also do.
Maybe it's better.
Maybe it's not.
Sometimes it's simply another style, better for some, but no improvement to all.
But
I want to decide when I test it.
And
I want to decide when I change to it -
if I change.
I don't like to be forced.
On
my machine (I payed for it) I decide.
If I do
sudo rm -Rf / on my machine, pour beer in it, or throw it out of the windows, than it's my responsiblity, because it's my machine, and also no software guys buys me a new machine, when they made a mess neither.
my responsibility = my decision.
I want no some pimple-faced tie-holder nerd from marketing decides for me because they just were in some sudden mood.
Therefore at least:
- distinguish between patches, updates and upgrades, please
- please let me decide, when I install what
- give my a chance to fall back again ("downgrade"), switch it off, remove it
FreeBSD is exemplary in this point, because you may fall back, if you like.
One may discuss, if it's useful or secure - but I have a chance to decide.
Some things are not old.
They are
established.
Because they've proven their good usage.
Such as to make an OS like unix and follow the unix philosophy.
Not just because it's established ("old"), but because it's established because it's proven best (so far) ?
Fact is:
The reason why I update, if I update Firefox is webpages not working anymore.
Because the pure idea of an update alone already gives me the willies!
(I'm simply impaired by lots of bad experiences on MS Windows - and Firefox.)
I never had any security issues with Firefox, yet. (At least none I'm aware of.)
Even if I'm not running always the very recent version.
But I had countless nuiances because of so called "updates":
Startpage's set to Google (formerly) or (nowadays) to "Firefox-News'n'Facebook-crap-startpage" again.
I neither want both! I want my speedials being startpage on any new tab, especially the startpage!
Update: speed-dials killed, again.
Again "Welcome to Firefox-BS" (I use Firefox since ver. 6), URl-bar collapsed - again (maybe some upgrade will remove it completely some day? - who knows?), menus also collapsed, again...... and, and, and, shit, shit, shit, again and again!
I want the menu bar be appeared, always, no exception. Every update I have to switch it on again, cause I use it.
I want to have a adress bar, always. Every update I have to switch it open again.
I am an so old fashioned fart, when I know the address I actually, really type it in directly, or - believe it or not - I really, actually use bookmarks!
Yes, I do. I do not google everything always everytime I need it again. (old fashioned idiot, maybe. But I feel the other way is highly inefficient [and costs lots of energy!])
So, switch on that f#c41n adress bar! Again.
No, I neither need nor want any websearches start everytime immediatly at the very first letter I type in there! Especially not on Google.com!!
You may imagine my great joy, when the new, great, cool feature appeared several years ago, so you cannot completely switch off the adress-bar search in the normal settings anymore (formerly you could). Now, you only may decide if you have an extra, additional search bar, but still the adressbar still starts searches.... ?
Greatest invention of humankind since the leaf blower!
And I've given up hope, that will ever come back again.
I use Firefox since ver. 6. (six-point-, unary.)
Now we're at 101.something.something (or something above, already? maybe .0.0.0.1.0-1a? ?)
I have been grown my browser with me (a real bookmarks-tree, speeddials, settings, even a theme(!)...)
For many years I draw a textfile with all
my about:config-variables.
With every update I still have to set them all back by hand, again, the way I want them to be, such as "don't close the whole business, just because I closed last tab..."
(formerly this was default)
Every second or third (...who knows?) Firefox "update" cost me at least half an hour,
only to reset all the shit the way I wants it to be (download and install not included.This comes extra.)
I
H A T E THAT!!
You may understand, that I do not want to do that
every couple of days, or how often new versions appear, that jumble all your settings,
but try to stay with a version at least for 3...4 months?!
Either you spent a significant amount of time upgrading, or you just stay with the default, as others decided what they think what's best for most.
I daresay, I have better things to do, than to adjust all settings for every update for all my software every couple of days.
(One of the main reasons I ran away from Windows;
"The system needs to be restarted!"
"What? Now? No!!"
ten minutes later:"The system needs to be restarted"
....
at least every 3rd day!! ?
And with Windows you give up quickly to have any own setting at all, and just stay with the (crappy-bs) default.
(Maybe nowadays this may be different. I don't checked, because I stopped caring with XP, and completely dropped this rubbish after 7.)
Absolutely no go!)
Patches and updates are necessary, of course, no question there.
But I have my computer to do things with it, not to react on requesters and to do upgrades.
I simply insist on I am the master over my slave the machine.
I don't let me be slaved by any machine.
The question is:
Is this still my machine then?
The reason why I still stay with Firefox is, the others are even worse.
At least the ones I've checked, so far, yet.
Every now and then I'll check, if there are alternatives.
Last thing I saw a couple of weeks ago was:
? Wow! There are several new browsers on the market (seems I'm not the only one dissatisfied with Firefox ?
...but to check them all out..
...maybe I could start with a pre-chosen selection.
So, seriously,
what are real alternatives to Firefox (on FreeBSD, of course)?
P.S.: Sorry for this long post. ?
P.P.S.:
Thanks for reading (if reading it til here ?, if not, also thanks!)
P.P.P.S.: Sorry, for the many curse words. But this topic pi... - fusses me ?
www.androidheadlines.com
news.itsfoss.com
