7/31/2004 05:59:00 PM - XUL spoofing
We're all used to reading abotu security bugs in Internet Explorer. And then comes the outrage of how months have gone by. In case you've forgotten, there are bugs in Mozilla, too. Some of them have been known for years. bug 22183 is an example. It certainly makes me glad I customize my browser. There are at least 100 known security bugs, of some form. Since I'm not "in the know," I can't estimate how many are likely to happen.
Ok, so there are bugs. The real question is: with its commitment to security, why aren't they being fixed? All this work goes into improving the user experience, but you don't read about the Mozilla team taking a month off of development to educate its staff or dedicating a month to just fixing security bugs. Right now Firefox is rapidly approaching version 1.0. I think that once it is released, development should freeze for a month or two and only security bugs and critical bugs get fixed. One nice thing about IE is that they basically froze the features, which gives them time to work on those security bugs. That's an overly optimistic statement. I think that we need to stop with the whizbangs and fix the broken stuff. Not a new concept. And don't reply telling me what I can do to help.
