Germany Warns Against Using Firefox

jayme0227 writes "Due to the recent exploit in Firefox, Germany has warned against its use. This comes a couple months after Germany advised against using IE. Perhaps we should start taking odds as to which browser will be next." Note: the warning (from the Federal Office for Information Security) is provisional, and should be rendered moot by the release later this month of 3.6.2.

3.6.2 released

[Anonymous Coward]

Yup

Re:3.6.2 released

[Z00L00K]

And if you want to be really safe - use Lynx instead. No images, no Flash, no Javascript, No ability to view pr0n.

Re:3.6.2 released

[gzipped_tar]

> No ability to view pr0n.

I doubt that.

Re:3.6.2 released

[Anonymous Coward]

http://www.asciipr0n.com/ [asciipr0n.com]

Re:

[L4t3r4lu5]

I wonder if that site would set off the text filter...

Re:3.6.2 released

[impaledsunset]

http://secunia.com/advisories/search/?search=lynx [secunia.com]

Re:

[nangus]

looking at your list, there was one advisory in 2009, one in 2008, and then one in 2006. I think what is happening here is lynx is just introdusing a minor security flaw about once a year just so they can hang out with all the cool kids. They are just trying to be "edgy" and "hip".

Re:

[rvw]

And if you want to be really safe - use Lynx instead. No images, no Flash, no Javascript, No ability to view pr0n.

Use Noscript.

Re:Pr0n

[TaoPhoenix]

Rule 34a (or similar numbering).

No such system exists whereby Pr0n cannot be discerned. Bertrand Russell and and Alfred North Whitehead became very upset when Kurt Godel figured that out.

Re:

[Mister Whirly]

Gopher is really where it is at. Lynx is too "bloated" with features.

Re:

[JohnBailey]

Confirmed. Just popped up for download now.11:03 GMT.

Re:

[ericlondaits]

I agree... if you're not satisfied with the default ugliness you can download and apply a number of themes that will raise the ugliness to previously unattainable levels.

Seriously, I tried a lot of themes and most of them make the interface fuzzier and harder to see and operate. Most themes are developed by "pimp my desktop" types and not by UI experts aiming for higher usability with pleasing aesthetics.

3.6.2 is out.

[Anonymous Coward]

3.6.2 is out. [mozilla.org]

A release that has just happened, in fact...

[n6mod]

Firefox 3.6.2 was released earlier tonight: http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/ [mozilla.com]

Free software in action

[Statecraftsman]

As soon as I read about this on /. I realized Firefox is downloading an update to 3.6.2. This is why free software is our best tool against malware. Reaction time can scale with importance. And (shameless free software plug alert) it's why I wrote what's in my sig.

Re:Free software in action

[Anonymous Coward]

That is a really poor standard you have. I don't want software that patches exploits quickly, I want software that was correctly written and had no exploits to begin with.

Re:

[matria]

Thank you; I needed a good laugh!

Re:

[lattyware]

Right. Find me a group of programmers that can write an entire web browser without any flaws or exploits, while having all the features everyone wants. Yeah.

Re:Free software in action

[Jurily]

OpenBSD seems to do just fine, with a bigger codebase, written in C.

Wanna guess what the difference is? They have security-obsessed people in charge.

Nobody gets credit for fixing a bug. Instead, we celebrate the people who get a fix out fastest. We don't care about flammable buildings, but we watch the response time of the fire department like a hawk.

Re:Free software in action

[TheLink]

> OpenBSD seems to do just fine, with a bigger codebase, written in C.

They just ship OpenBSD with most services disabled by default, and then claim it is safe by default.

That's similar to Microsoft's shipping IE on their server O/S with most stuff disabled by default, and then claiming that IE is not vulnerable
on their server O/Ses by default.

Yes they are safe by default just like a car with its wheels, engine and battery "disabled" by default is safe from most carjackers.

Re:

[dkf]

OpenBSD code quality is higher

Not uniformly. They've got some significant problems (e.g., a non-thread-safe getaddrinfo() for goodness' sake! They've not even bothered to put a lock internally, despite the fact that the specs for these functions have required thread safety since RFC 2553 [ietf.org], i.e., over 10 years...) but they perhaps aren't strictly security problems. Just major functionality issues that every other vendor addressed long ago.

Re:

[JohnBailey]

Umm... You forgot the word "known"... Can't count what you are not aware of..

Re:

[c-reus]

Go ahead and construct a formal verification for any browser currently available. Here's a starting point [wikipedia.org], let's see how far you'll get.

Re:Free software in action

[Zontar The Mindless]

I want software that was correctly written and had no exploits to begin with.

And I want Anonymous Cowards to start making /. posts that are insightful, useful, and realistic.

And WHERE'S MY PONY?!

Re:

[Spad]

http://www.deagostini.com.au/ilovehorses/ [deagostini.com.au]

Re:

[mcgrew]

And WHERE'S MY PONY?!

Outside, next to your flying car.

Re:Free software in action

[DNS-and-BIND]

A sad day on Slashdot when someone saying "programming correctly is the right response" and he's ridiculed by at least 4 replies and modded +3 Funny. What the hell happened to this place?

Re:Free software in action

[chthon]

They where probably all reactions from people who program for a living.

Re:Free software in action

[selven]

Because "don't set this place on fire" is not a fire escape plan. Bugs and vulnerabilities will happen either way, and you still need a plan for dealing with them.

Re:

[natehoy]

No matter how clever you think you are, no matter how hard you work to prevent vulnerabilities, they will be in the release code in something as complex as a web browser (or an Operating System).

"I want software that is written correctly and has no exploits" is an unrealistic expectation. It's like saying "I want my power tools to be built in such a way that they cannot possibly harm me"

Most (certainly not all) software is built with very careful reviews, trying to figure out ways that black hats might exp

Re:

[Jaysyn]

And I want a pony.

Re:Free software in action

[Aceticon]

Creating 100% secure software is like trying to prove an absolute statement (as in "All X have Y") - to prove it right, every single one of the subjects of your statement have to comform to it, while proving it wrong only takes one that does not.

Or in more specific terms: no matter how good the team developing a piece of software is and how long they have to do it, all it takes is one of them doing a single mistake and the results is not 100% secure.

It's reasonable to expect that all first order mistakes (i.e. the blindingly obvious) are caught, it is however not reasonable to expect that higher-order mistakes (for example: "unexpected interactions with a different version of a certain library installed in the same system in the 64 bit version of the OS") are caught, expecially those relating to external factors (which can change after the release is done).

Also there are economic limits to the level of security in a piece of software: more specifically, time is money, getting only the top best professionals to do it is a lot of money and (suprise, suprise) people are not willing to pay the higher price that such a product would require to break-even.

Re:

[im_thatoneguy]

What the German government should do is release an open source application which switches your default browser.

A team of German security experts would make a bi-weekly security assessment and then set the default browser for the period. ;)

Of course this browser switcher would also be able to push patches as well. Automate their recommendations!

Re:

[umghhh]

I think you are right but your proposal misses one vital feature - this switcher should also fully automatically transfer all our account information to the tax man - that would save the government some millions usually charged for bank accounts info stolen from swiss banks.

They could contact them easily too

[Ilgaz]

Better yet, free software authors (developers) aren't hiding anywhere. It would be hard to contact IE team but Mozilla developers can be reached easily, via mail or even IRC.

Posting this warning while it is easy to figure/ask 3.6.2 is OTW really requires some review by German Govt. For example, did someone from that team have some dinner/launch with some company executive lately?

Re:Free software in action

[Zoidbot]

You know it's taken over a month to fix this right? The exploit was discovered 18-02-2010 according to securina.

Opera takes less than a week usually (and the occurrence of exploits is less also).

The argument that Open Source allows anyone to fix things and thus making patches quicker does not work, as clearly it also opens up your code for hackers to review looking for new exploits. I don't believe in security by obscurity, but the fact remains, Opera is closed source and the most secure (and fastest) web browser out there.

Re:

[Anonymous Coward]

The guy who found the bug didn't give details to Mozilla promptly, he sold it in his security product to clients for a few weeks, then told Mozilla. Can't blame Mozilla for not fixing a bug they had 0 details on. Once they were given details they fixed it in a few days, not bad for fixing the bug, making a build, QA'ing and releasing it.

Re:Free software in action

[Rockoon]

While its true that Mozilla got the fix out pretty fast once someone pointed right at it for them, it is often claimed that Open Source is more secure because there are thousands of eyes looking at the source code.

None of those Mozilla-loving eyes found this bug, yet a researcher unaffiliated with Mozilla but certainly looking for exploits, found it. Now what about all the researchers looking for exploits in order to driveby firefox users.. that will just keep the damn thing a secret?

Yeah.. they got the fix out fast. Bravo. Look at the real significance of these events, tho..

..exploit found
..went unpatched for a month
..only got patched because the person who discovered it pointed right at it.

Re:

[MrMista_B]

You know it takes a little while to bug test bug patches, right?

Re:

[Nemyst]

[citation needed]

In other words, one case does not a rule make. And your last line makes your entire post crumble because it's a totally unfounded claim (whether it is true is moot, it's just totally unrelated to the subject at hand and is backed up in no way).

Re:

[umghhh]

This is all very strange - on BSI [bsi.bund.de] (this is what the german abbreviation of Federal Office for IT Security is) site there is nothing about this, BuergerCert [buerger-cert.de] site informs about new upcoming release of firefox that is going to fix unspecified security problem. If you compare it with IE warning from some time ago there is a difference - back then BSI issued a warning telling people not to use compromised software that is actively used for attacks and here you have a warning based on information of new release.

Re:

[Beelzebud]

If Firefox is bloated and crashes a lot, that's your own damn fault for installing 100 addons.

Re:

[sopssa]

It is "bloated" in the sense of feeling slow to begin with. XUL and XML based GUI is probably the worst idea ever. If you've ever used Opera, you know just how fast and snappy the UI feels. This is what has always put me off from Firefox - it just doesn't feel good.

Re:

[TheReal_sabret00the]

Seriously? I'm all for the opinion that Firefox is becoming the Winamp of browsers, with that best of the rest feel rather than the best feel. But Opera really doesn't have a snappy UI or a snappy feel. Opera is a great browser but has always felt clunky and dopeish. Not to mention that with the same tabs open in both Opera and Firefox, Opera is the one that feels the most sluggish. I fully agree that Firefox is making some disastrous decisions, taking a month to fix a reported bug is beyond acceptable, b

Re:

[bickerdyke]

The gpl guarantees fixes as fast as you are able to debug the code yourself.

Thats what is guaranteed. But what you can expect is getting a fix as soon as someone debugged the code. (usually pretty fast, but not guaranteed)

and even that CMA-guarantee is much better than what you get for closed source.

Re:

[sopssa]

And the fact that the vulnerability has been in the wild for a month [computerworld.com].

Just days before the start of a hacking contest set to target Web browser vulnerabilities, Mozilla has patched its flagship Firefox browser. ...

Mozilla had been under pressure to fix the bug, after it was included by Russian security researcher Evgeny Legerov last month in his VulnDisco hacking tool, which is sold as an add-on to the Canvas penetration testing kit.

What did you say about reaction time with importance again?

Re:

[data2]

Yes, but there is this little detail, which, if you had read http://secunia.com/advisories/38608 [secunia.com], you would know. It was not clear that this was a real bug, there were no details known.
A fairly unknown researcher claimed there was a zero day in firefox, without giving enough details to tell where the bug is.
So what happened was that somebody, who we not know if he is to be trusted, claimed there was a bug. Imagine!
Reaction time from knowing the details to roll-out was far better, at least in this case. This

To add some information to the void..

[Seth Kriticos]

The vulnerability *only* affects the current 3.6 branch. Patch is complete and will be pushed on the 30th of March.

Here is the Mozilla blog entry on the topic:
http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608 [mozilla.com]

Here is the original bug report:
http://secunia.com/advisories/38608 [secunia.com]

Ps: can we please get security related articles with some content instead of *OMG, we are all going to die!!* ??

Re:

[n6mod]

Seth, scroll up one post in the blog. 3.6.2 was released tonight.

Re:

[Hurricane78]

Ps: can we please get security related articles with some content instead of *OMG, we are all going to die!!* ??

But we are all going to die! Every single one of us. At some point. ^^

Re:

[julesh]

The vulnerability *only* affects the current 3.6 branch

Although note that other vulnerabilities with exploits in the wild and being actively used affect the 3.5 branch. I've had malware installed on my machine by drive-by redirects in advertising on otherwise trustworthy sites (TPB, for instance). If you're on 3.5, upgrade now.

This just in

[Rijnzael]

German government warns against use of the internet and software that has bugs.

Software is inevitably going to have bugs in it and try as we might, it's something we'll always have to deal with. There are always mitigation strategies, such as running Firefox in a virtualized environment a la Sandboxie [sandboxie.com] or a full virtual machine, but we'll never be privy to using only bug-free software day to day. I'm glad to see the German government taking an active approach to notifying people in regard to vulnerabilities in an attempt to mitigate them, but as TFA states, what's the point in suggesting users quit using Firefox when the alternatives are potentially just as vulnerable?

Re:

[mlts]

Sometimes I wonder if application virtualization like Sandboxie should be part of the OS. Not just Windows, but on UNIX as well. With ZFS, this is easier because a directory can be rolled back fairly easy due to the snapshot functionality.

Another cool idea is how Thinstall (well, now called VMWare ThinApp) packages apps. The app thinks it has admin rights and can happily doodle around the Registry and the filesystem, but in reality, all it does is just modify stuff stored in \users\blarf\appdata\roaming\

Re:

[rawler]

Only if that app does not have to communicate in any way with the rest of the system. What people encouraging virtualization tends to forget is that a multi-tasking OS already have means of protection. The memory an application sees is virtual, and the access to the rest of the system often enforces a security-model.

Still, however, the user has little use for isolated applications that cannot talk to others. A modern web-browser more or less requires other apps to be of any use, such as flash, a pdf viewer,

Re:

[cerberusss]

Actually, OS X supports application virtualization.

http://www.macosxhints.com/article.php?story=20100318044558156 [macosxhints.com]

Re:

[Hurricane78]

In other news: (Or in Soviet Russia...)
Internet warns against German government and leaders with narrow mustaches. ;)

Bah

[tsotha]

The take-away from this is Germans are never happy.

Re:Bah

[beh]

So, what would you rather have?

That they warn you about vulnerabilities in IE6, but ignore vulnerabilities in open source browsers?

I think they've done the right thing - there was a security hole (in the 'current' 3.6), and they warned about it. Their warning DID include that it affected the 'current' 3.6 version and that it should be fixed in 3.6.2.

That's fair comment, and it's their job to report it and not lull people into a false sense of security that the (then current 3.6) version of firefox was safe.

If they had NOT warned, it might have damaged their reputation for NOT covering it, and it might also have helped MS lobbying efforts if they could have been shown to be biased by reporting on IE issues, but not Firefox ones...

Re:

[hackel]

If they would have contacted the Mozilla team they could have announced that the update was due out TODAY and advise users to upgrade, instead of advising them not to use it.

This is just irresponsible fear-mongering, and I think it is highly likely that it was done as a form of retaliation against the previous IE recommendation.

Bah humbug! mod parent TROLL

[beh]

mod parent TROLL...

Have you looked at the BSI page and linked mozilla blog page?

The mozilla blog entry was dated March 18th (giving March 30th as the release date for 3.6.2). The BSI advisory was dated March 19th (4 days before the story broke on slashdot; and 4 days before the actual release of 3.6.2).

So, you're saying, it was retaliation by BSI against Firefox, for publishing a release date the firefox crew themselves published the day before?

On March 19th - with the projected release date 11 days away,

Re:

[Dr. Evil]

The difference is that Firefox has vulnerabilities like any normal application... Internet Explorer on the other hand has been the forefront infection vector for botnets of hundreds of thousands of machines for the past decade.

Responsible reporting

[AmiMoJo]

The German government seems to be being quite responsible here. There is an issue with Firefox, and most users probably don't know about it because they don't regularly read tech news sites.

The government is simply trying to keep people informed about this rather important topic, and has done so in a reasonable and proportional way. Not every warning put out is a damning condemnation of flawed security that mandates switching to Lynx you know.

Re:

[value_added]

The German government seems to be being quite responsible here. There is an issue with Firefox, and most users probably don't know about it because they don't regularly read tech news sites.

No, it's an attempted government takeover of the IT sector. Do you really want a government bureaucrat telling you what you can or can't do, what sites you can visit, or what browser you should use? I say let the free market decide. This country was founded on the ideas of personal responsibility, freedom and liberty,

Re:

[Sique]

As far as I can see, the BSI didn't release a new EU DIN which required "any browser except Firefox 3.6 until Firefox 3.6.2".
So where do you see a bureaucrat telling you what you have to do?`

It works completely different. If an organisation gets into IT trouble in the next time and the root cause can be determined to be the usage of a pre 3.6.2 release of Firefox 3.6 it can't claim "act of God", because they have been warned.

That's the whole purpose of the warning.

Re:

[VJ42]

Whoosssssh

Re:

[mysidia]

Yeah... that's actually encouraging, it means they are actually providing meaningful distinctive advise/suggestions, and not merely copy and pasting vendor vulnerability lists and activating pretty 'alert level' colors...

not like the US government, who yanked up what used to be the wonderful somewhat independent [but gov sponsored] organization called 'CERT', absorbed them into the department of homeland security, and turned them into US-CERT a mere vacant shadow of their former selves, just another clea

Re:

[jaraxle]

Note as well that the headline of this writeup appears to be misleading. I read the article and nowhere does it say the German government is actually warning AGAINST using Firefox, they are simply warning the public of a security issue in the browser.

Specifically, the article states that the government is also warning people against switching browsers "willy nilly" every time a security hole is found because you never know what you'll be getting into. They're saying to be cautious if you're using Firefox

The BSI is not the Government

[prefec2]

The BSI is not the government. It is a federal agency. BSI = Bundesamt für Sicherheit in der Informationstechnik (engl. Federal Agency for safety and security in Information Technology). They are more something like CERT. Even though the US government thinks the BSI is some sort of NSA, because the NSA also does security in information technology (e.g. seLinux). However, the BSI does not spy on people. This is done by another agency. And the BSI is so much the government as it is the police or judges.

the way to go

[l3v1]

Well, the Germans, by releasing this warning about the same time the expected Firefox update came out only proves that their eariler recommendation for choosing Firefox was the right one.

Re:

[jim_v2000]

Opera 10.51 Changelog [opera.com]

"Security
Fixed
Fixed an issue where the HTTP Content-Length header could be used to execute arbitrary code; see our advisory (http://www.opera.com/support/search/view/948/).
Fixed an issue where XSLT could be used to retrieve random contents of unrelated documents, as discovered by crazypops; see our advisory (http://www.opera.com/support/search/view/949/)."

OH SNAP SON! So much for those skilled contractors and their superior skills.

First

[Beelzebud]

First they came for IE, and I didn't speak up because I didn't use IE.

Then they came for Firefox, and I didn't speak up because I didn't use Firefox.

Re:First

[pagaboy]

Then they came for Windows ME...

Re:

[Jaysyn]

And I helped shove them into the incinerators....

Re:

[SmilingBoy]

They also recommended against the original Google Chrome Beta:

https://www.bsi.bund.de/ContentBSI/Presse/Pressearchiv/Kurzmit2008/090908chrome_htm.html [bsi.bund.de]

And they also recommended against Opera 10.50:

http://www.buerger-cert.de/newsletter_suche.aspx?param=HGf116Hsnmjdg%2B95Lx4xLVfgHeBWpfgcdyqiMrbjzdH9yQ4jIcV6TY4STnzgjITQ%2BhD3uF8Dgn3F1%2BDy1Synkw%253d%253d#anchor1 [buerger-cert.de]

So, nothing to see here.

Re:

[clone53421]

Yes, because Opera has never had this sort of vulnerability! [opera.com]

German government warns:

[dushkin]

* against the use of Opera!
* against the use of Chrome!
* against the use of internets!

Re:

[clone53421]

Really! Well, here you go then:

Opera 10.50 Security Vulnerability [ghacks.net]

A security vulnerability in Opera 10.50 and previous versions of the web browser was uncovered by security research company VUPEN Security. The issue is caused by a buffer overflow error when the user visits a website with malformed HTTP headers. ... the vulnerability can be exploited by attackers to crash the browser and execute code on the computer system.

It is recommended to only access trustworthy websites until a patch is released or sw

Beta/Nightly

[Bert64]

Surely anyone who is concerned about this vulnerability could simply run one of the nightly builds until the official update is released?

Re:

[sowth]

Or just stay with the 3.5.x series [mozilla.org]. Problem is, I don't see where they even link to it on their website. Even the 3.5.8 release notes [mozilla.com] page seems to link to 3.6 for downloads...

Older versions have unpatched vulnerabilities?

[buchanmilne]

The article says:

It is only the current version that is affected, but given that prior releases have different vulnerabilities, reverting to an older version of the browser is ill-advised.

However, the older releases page [mozilla.com] states that 3.5 will receive security updates until August 2010.

So, since 3.5 was not affected by this specific vulnerability, what vulnerabilities are unpatched in the current 3.5 release (3.5.8)?

If the Beeb or the German government knows something Firefox doesn't know, maybe they should tell us so that people still using/shipping (in the case of most linux distros) 3.5 can upgrade to 3.6? Or, if they *don't* know better, maybe they should stick to fact and

Re:

[sowth]

This is what I was wondering, however the firefox site does point to the experimental 3.6 version last time I checked. When I upgraded to 3.5.8, I had to find the ftp site to download it. WTF? I know they want testers, but seriously, that is crap.

The mozilla project isn't so immature they need lots of people testing their new experimental code. I could see them putting a note on the main page saying "Hey, some of you try out our experimental version 3.6, it has new wiz bang technologies! (not ready for pr

Re:

[Spad]

Because reverting to older versions increases the chances of accidentally getting part of, say the 3.5.x branch, that isn't 3.5.8 and does have unpatched vulnerabilities. Remember that we're not really talking about /. users here - we already know about the current vulns, patches, workarounds and alternatives - but "regular" users of Firefox who are used to just clicking on the "Firefox x.x Free Download" link on the getfirefox.com frontpage.

And the risk is???

[bradbury]

If I'm reading this correctly, the vulnerability is in WOFF fonts (what is a WOFF font?) and possibly allows some heap corruption. How do these various "exploits" actually get the Firefox code to execute out of the heap? I.e. one presumably has to either scribble on some known call-back function address in the heap, or somehow scribble on the stack (so Firefox/Seamonkey functions return to the exploit code in the heap) and isn't the data in the heap non-executable (at least under Linux)? I would expect t

Re:

[ewrong]

A WOFF font is a Web Open Font Format font.

http://hacks.mozilla.org/2009/10/woff/ [mozilla.org]

It's basically an extension of the @font-face rule with it's own compression and meta tagging. Please don't tell my designers about it.

And this is why I use IE

[Toreo asesino]

Mozilla clearly have no idea about....... ....wait a minute....it's not a Microsoft product we're talking about?!

THIS IS SUCH A NON ISSUE! The German government are clearly over-reacting here.

General warning

[weicco]

This is general warning not to use any software that has known and/or unknown bugs in it. This warning goes moot when every known and/or unknown issue is solved.

Why doesn't...

[John Hasler]

...unchecking "Allow pages to choose their own fonts" block this?

(Or "Stop using Microsoft Windows", but I won't mention that.)

working exploit

[viralMeme]

Is there a link to a working exploit ?

Germany warns against using internet... (eom)

[ukemike]

Germany warns against using internet.

Re:

[Beelzebud]

Firefox rocks too, and it doesn't serve as ad tracking software for Google.

Re:Google Chrome.

[muckracer]

> That's true, as long as you turn off Google as the default search, disable cookies

And don't forget about LSO cookies (Flash directory), that do NOT get deleted by FF's cookie deletion on exit. Extra add-on is needed (BetterPrivacy) to do so.

Oh...and MozDevs...please restore the 'Clear History on Exit' window on browser exit. Thanx!

Re:

[heffrey]

I think you'll find that Chrome's record with regards security is no better than IE8 or FF.

Also, as far as rocking, I still can't get over the way it rides roughshod over installation standards and copies program files to your user profile. Until they get that sorted I won't touch it.

Re:

[RobbieCrash]

I'm undoubtedly missing something, but why is installing a program in my personal folder a bad idea? It allows non-elevated installs, has no access to files outside of the user dir unless granted, allows each user to have a totally separate installation so fucking one up doesn't fuck up everyone else's, no registry entries aside from ones to HKCU, uninstalls don't mess everyone else's life up, no reboots on uninstall... I don't get it?

Re:

[heffrey]

It's a complete non-starter on a computer with multiple user accounts. How do you update it? Do you really want to update every single version separately? Really? What about corporate environments?

Firefox installer isn't great for corporate Windows environments either because it isn't delivered as an MSI package. Why on earth the FF people can't follow a nearly 10 year old platform packaging standard is beyond me. Yes you can get FF MSI packages from 3rd parties but that has its own problems and barri

It ain't over till the fat lady sings

[Hognoxious]

Opera. As any fule kno, Germans are really keen on opera. They have some that go on for weeks.

Re:

[clarkkent09]

Well they warned against IE and Firefox. On Windows that narrows it down to Chrome and Opera. I'm just waiting for one more announcement so I'll know which one is the winner.

(btw please don't show off your knowledge of esoteric browsers by listing them here. those are the four biggest ones by far)

Re:

[mario_grgic]

Chrome, Opera and Safari, but there are other browsers besides the standard 5.

Re:

[icannotthinkofaname]

Yeah, but Safari is made by Apple, Chrome is made by Google, they use the same rendering engine, and so if I need to swear loyalty to one of those companies, I'd rather it be Google than Apple.

Re:governments warn us about exploits

[Rockoon]

..and if you have actually used it on Windows, you know that its really bad.

Unresponsive, with a non-conforming UI, and the installer carries a payload of other apple software.

Re:

[John Hasler]

> ...the BBC (not quite a geek-oriented news source) makes no mention at all
> of Firefox being FLOSS.

Probably because they don't know. To them it is a product of Mozilla, Inc, one of several companies that offer "alternative" browsers.