Using a bloatey closed source browser made by an empire sized company who's only interested in pinching all your money.

If you want a secure browser you need to use open source. It's totally secure (FACT!)

I for one welcome our open sauce overlords.

Firefox's secuirity has always had more holes than swiss cheese. You would have to be an idiot to rely on it's security, with it's track record.

The only browser with 0 vunrabilities, and a track record of fixing vunrabilities in a very short time (days), is Opera. www.opera.com

The bonus is, it's also the fastest and best browser too...

Open source bad

ra ra ra,

Security in obfuscation

ra ra ra,

Penguins deserve to die

ra ra ra,

Bill & Steve are Gods.

FF3 does kinda look like IE7...

And they've changed the default behaviour of window.open'slocation value so you can't hide it any more - most annoying!

So... I guess they could now try smash their own record again with the millions of people now having to update their release.

Time to break out the party hats once more!

Hahahahaha

IE7 FTW!

FF is the suxorzs!!!!11!11

etc etc.

(only because you can 110% guarantee that the same would be said by FF fanboys if it was IE)

Never fly in a v1 aircraft needs to be adapted to never be the first to run an unpatched release candidate.

Why don't these security pros work on software BEFORE it's released, I am sure that this bug didnt ONLY JUST arrive in the 3.0.0 release, if it's there after the deadline then surely it's there BEFORE also?

So I think a little bit of glory seeking is happening here, which to be honest, its a bit rough coming form these guys who are supposedly into finding flaws and making children sing, dance in the streets whilst we all drink milk and live happily ever after.

They waited until the maximum impact time before announcing, thanks guys! you're indeed done the world a great favour by exposing us all to a problem you most likely knew about 3 months ago and instead of giving mozilla the idea to fix it BEFORE, you wait until everyone can be damaged and then say "oh, btw, we found this killer flaw in your software"

Bunch of muppets.

Shouldn't the story title be 'The Register takes every opportunity to slate Firefox'?

touched a nerve, perhaps?

For what seems to be either zealot induced or sheer laziness they have changed the way that multiple tabs open.

In the old firefox you could have a bookmark folder and in it 'open all in tabs'. The default behavior was to get rid of all your existing tabs and open a new bunch from the folder bookmarks. This was ideal for people like me who have bookmark folders of related content that it is useful to open at the same time, such as 'news' or 'weather' .

The old system had an option so that you could make the new tabs additive - i.e. add onto any existing tabs you had open - as compared to the default of opening a new set and ditching the old. This additive option meant your tab line got progressively bigger but suited some people. (I think Opera does the same thing)

The new version has changed the default to 'additive tabs' and has disabled the option to replace tabs.

This is a major operational change and quite insensitively done. At the very least they could have changed the default from 'replacing' to 'exclusive' but kept the option of either. However some zealot has decided to force it's personal preference on quite a few millions of users.

We are not amused Mozilla!

Hardly a day zero bug then. More like a Firefox 2 bug.

"Oooh! Look at us! We found a day zero bug!"

Well, only if you count finding a Firefox 2 bug, waiting to see if it's present in Firefox 3, then waiting for the official relase day to crow about it. Talk about self-aggrandisement.

"sauce"?

ooh, thats made me hungry...

I hope they continue to find the bugs and rip the life out of FF, serves them right. I hope it had loads of people complaining and asking for fixes. People should ask for their money bac...oh wait, it was free so you've lost nothing by ginving it a go. At least all the bugs in the way, it will get attention and fixes, it might actually stand a good chance of being better than, oh I dunno...ANYTHING CLOSED LIKE IE OR BLOODY OPERA!

is both the number of downloads quoted by the BBC webiste, AND the number of times Firefox 3 has crashed on me this morning alone!

How about you break out the little plastic men and give us a visualization of what a Firefox download party would be like? For some reason it only brings disturbing images to my mind...

Paris? Well she knows how to party.

i look like Opera Winfrey

It's a shame these so called security researchers didn't tell anyone about these problems before it was released, maybe the problems could have been fixed before 7 million people downloaded insecure software. If I were employing a security firm I'd think twice about hiring anyone who would delay releasing information in the interest of maximum media coverage.

You get what you pay for...?

After 5 rounds of Betas and 2 Release Candidates, this still manages to happen? This browser has been in the works for over 2 years -- I must say I'm surprised AND disappointed. For the record, I'm still using FF 3b5 and find it extremely stable on both my Mac (10.4.10) and PC (WinXP Pro), but Camino 1.6.1 still gets the most use on my Macs.

Finding a 0-day exploit in open source software is like getting over 10% in an exam you had the full set of answers for a month beforehand.

When the source is available it's pretty obvious all these companies do is find vulnerabilities, keep quiet about them and just tell people about them on release day.

What useful, responsible companies that actually care about security would do is tell them how to fix the problem.

But then, that doesn't win them media whoring attention like they've gained here and elsewhere.

I love how people are yapping about FF3 being "full" of bugs. The story mentions two, one of which is an ongoing one from FF2. I would call that pretty far from full. Nice to see people jump on the bandwagon that these 'flaw finders' were hoping to create when they held back knowledge of these bugs until after 8 million people had installed it.

Still, people love their petty rivalries. If it's not Mac v Windows v Linux, it's Opera v Firefox v IE or Playstation v XBox v Wii...

Someday we'll all just use the stuff we prefer and not act like it makes us better than someone who chose differently.

It would be great if 30 year old kids didn't post with their biased opinion...ever. They posted like 7 times about how incredible Opera is. Yeah then why does it NOT load half the pages i want to go to. I tried Opera for about 2 weeks, and whenever a certain page didn't load i had to switch over and use FF or IE7. Don't sit there and pretend any browser is perfect, ESPECIALLY not Opera, this guy has to be kidding. I also agree with Chris Thomas, I have no idea how such a "huge flaw" can go unnoticed after 5 alphas, 5 betas, and 3 release candidates. I could care less seeings as it hasn't affected me yet, when it does....I'll care. Until then, shut your mouth about Opera, or any other browser you're promoting.

Well said Aetyr *Clap clap!*

Lets hope the likes of Webster is reading this, it's really boring when people do the "Their choice is better" crap.

It is odd how some people buy a popular product, in the belief they are buying into a unique experience/exclusive club, eg, iPod. The reality is, products that are very popular are simply ‘common’. This shows the power of marketing with respect to people, dare I say it, with little imagination. I am certainly not saying that all products that are popular are necessarily poor products, but there certainly is a trend towards that.

Xbox360, poor but popular product

Firefox, poor but popular product

iPod, poor but popular product

Anything made by Ford, poor but popular product

@Spearbox

I hope you have a lot of money then, otherwise your sex life must really suck! :O)

@Odd AC

Yeah, that explains Microsoft's product's quality!

Hehe, well not really, I paid for it all through anniversaries, birthday presents, parties, valentines eve's, general gifts and so forth. Oh and joint bank/ISA/savings accounts.... /shudder

That costs a lot more than a hooker. Takes more effort and time too!

/me gets suitcases ready and looks at the door... :P

It's just a browser people, get over it.

http://xkcd.com/198/

Errr...considering that IE still has the lion's share of the market...and that it's shite...you chose Firefox as the "poor but popular product" you wanted to whinge about?

Running FF3 on Xubuntu and WinXP. Both installations even share the same profile folder. Crashes? Bugs? Problems of any sort? Nope. It just works exactly like the old one while whapping out pages a lot faster. Even my add-ons work in both operating systems!

I hate to disappoint all the FF bashers that have suddenly come out of the woodwork, but from where I'm sat FF still kicks arse.

Rubbish, you will use the software I deem to be the best and if you use anything else your thick!

Anyway everyone know the ZX Speccy is Waaaayyy better than the BBC Micro B.

I personally like FF3. I'm sure they will plug the holes soon. This browser is fast and lean. IE7 is just a dog compared to FF3.

Yawn.

What would wake me up is if somebody told me about a completely bug-free program (apart from anything I've written of course :-) )

Since only one other person has mentioned it, this is a Firefox 2 bug that happens to still be present in Firefox 3.

If Tipping Point had released information on this last week as a Firefox 2 bug, it would hardly be news.

Hence they waited until the official release of Firefox 3 to determine if it was still present (not that the betas and RCs couldn't have told them the same thing), so they could roll out the "first to find a bug in Firefox 3" carpet.

http://www.geekstogo.com/2008/06/18/firefox-3-vs-opera-95/

all the benefites of FF3, none of the bloat, memory sucking and security nightmare that runing anything Mozilla entails.

You also get that warm feeling that you are not a clueless sheep following the masses off a cliff...

<< The only browser with 0 vunrabilities[sic.], and a track record of fixing vunrabilities[sic.] in a very short time (days), is Opera.>>

Somehow, I feel that there is a logical inconsistency somwhere in there.

FFS, Am I the only one who is sick and tired of all this bollocks about what is good or bad with computers? If its not operating systems, its programming languages. Now it’s browsers.

You would think that a person intelligent enough to operate a computer, or god forbid, be an admin for a network, would also be intelligent enough to know that an OS/Language/Browser are all tools. They all have their own strengths and weaknesses. Try them and choose the one that’s the best for you. Or even use more than one!

Any poster that says stuff like ‘Personally I use BLAH and it just works’ should be taken out and shot because it’s just a smug, self-satisfied way of saying ‘I haven’t had any problems I know about yet. But if one came up and bit me on the arse, I’d be too dim to know what to do.’

If you really want to advocate your choice of OS/Language/Browser then take the time to say where one failed you and why you thought the choice you made was better. You would be surprised, most people would take the time to explain a workaround or solution to your problem, rather than ignoring your flame bait.

At least that way, some people can respond in a productive manner to the points being made.

In the spirit of this, I took a look at Opera 9.5 but I was discouraged because the Widgets seemed to be mostly games and clocks. I was looking for stuff like Firefox’s AdBlock, FlashGot and NoScript. But when I could not find equivalents, I decided not to try.

There you go. It’s not hard. Now I have the opportunity of getting posts from Opera users that can tell me if Widgets exist that do what I want, or why I would not need them.

Go on, give it a go. Or if you just want to quote second hand crap you don’t understand, get religion or go into politics.

P.

I'm gonna die, I'm gonna die!

Oh, hang on, it's just the wife saying bedtime. Silly me.

Must go back with system restore to IE8 beta 39. Or just surf on, dude?

Is it half term already?

I'm sure the holes will be patched very soon (though I must say I prefered the look and feel of FF2)

OK, "they" changed it. But get over it, you can change it back! There's 400+ extensions out there, allowing you to customize FF to look exactly as you like. And I'm talking about point-and-click installations, not GreaseMonkey scripts.

For tabs, these three (combined) will make them do ANYTHING you could possibly want:

- Tab Mix Plus 0.3.6.1.080416: http://tmp.garyr.net (that is the one which supports the particular option you want)

- ColorfulTabs 3.1: http://binaryturf.com/ (make's it all a lot more viewable)

- - - - -

I use about 50 extensions, and like the "classic compact" theme-- it's more Firefox-2-ish. My favorite extension is GreaseMonkey, but it takes a little bit of practice to write scripts. These 3, in contrast, are pretty much install-and-go, pick your "options", done!

What could be possibly worse than those nasueating fanbois ranting on about their favourite browser, console, os? Could anything be worse? Well yes it can. It's those bloody people who constantly moan about them. You know, the loner type that belongs to no club and has no friends. The type that somehow believes that complaining about fanbois makes them more of a man. Well, I have news for them. Get back in your gimp suit and only come out when you are told to.

Used Opera for years and never, never had a problem with it. Goes to all the sites I want it to, does all the bits I need it to, has bit-torrent & download manager inbuilt, is a superb browser, easy to use, easy to customize infact I can't fault it. Opera ROCKS baby...

Surely this is the problem (quote from the article): "The vulnerability was submitted to TippingPoint through the vendor's controversial Zero Day Initiative, which provides financial rewards to researchers who discover new flaws, just five hours after the release of Firefox 3.0."

As has been pointed out in previous comments, the reporter of the bug very probably spotted it somewhere in the pre-release builds and kept quiet until zero day for the money and/or the celebrity value of reporting a zero-day bug.

If they're going to offer money, and in a way it's a good thing because it shows that they do value security in FF enough to incur this cost, then surely a better way to do it would be to open a window a few days before release for this initiative. OK, it could play havoc with announced release dates if someone reports a critical bug and the release has to be delayed (but in some cases it might be possible to still preserve the release date by putting out the flawed release candidate as the basic binary but having it immediately download a critical security patch to fix the vulnerability before it would start up).

The benefit would be that glory-grabbers would now look stupid and/or selfish if they waited until zero day to report since that would show that they missed finding the bug a few days earlier when they could have got money for it and helped protect the wider community. The only opportunities left for zero-day reporting would be stuff that was genuinely missed in pre-testing or just enemies of FF that want to mess up their releases.

That should have said 0 CURRENT vulnerabilities, no browser is ever likely to have never had a security bug.

All those things are there, perhaps you are not smart enough to find them..

I mean is right clicking on a page and selecting Block Content REALLY too hard for you?

Tom's Hardware has weighed in with their review.

http://www.tomsguide.com/us/Firefox-3-review,review-1099.html

I agree that most Opera widgets are kind of toys. But then, much of the functionality that FF plug-ins provide is already built into Opera. I'm still using Opera 9.27 - I usually wait a week or two before upgrading.

In Opera you can get much the same functionality at the plug-ins you mentioned by:

AdBlock: Right-click > Block content, then select the items you want blocked.

NoScript: Set your preferences globally (F12, or Tools > Preferences). Then on sites you want to override global preferences, right-click on the page and select Edit site preferences. You can then edit preferences for pop-ups, cookies, content (plugins, Java, sound, animation), display (enabling frames/iframes, styling of scroll-bars/forms, using custom style sheet), scripting (how JavaScript interacts with the page, selecting a custom JavaScript to run), network (where you can select such options as enabling international web addresses, referrer logging, redirection, selecting browser ID etc)

FlashGot: Not sure what it can do that Opera's built in file manager manager can't do.

I must confess that I have been an Opera user since version 2.4 when it was a "paid for" product. Over the years, I've seen most of the innovations developed by Opera go on to be implemented on other browsers (sometimes implemented better, sometimes not). I do have other browsers installed, but I guess I have developed a way of working that best suits Opera - I use its built in email and news reader functionality, and I do make full use of its true MDI interface rather than just the tabbed interface which is now its default setting.

Zzzzzzzzzzzzzzzz

the attraction of Firefox, save for it's not a Microsoft product.

Opera, Konqueror, SeaMonkey, yep, but the more I used FF, the less I liked it. Now that it's so popular it's become targeted and vulnerabilities surface regularly.

Well, I just checked and my system tells me FF3 has been installed on my PC (actually, it would be all of them - once I've decided things are OK, I tend to install onto all my systems) since 2008/04/22 19:09:49 and I've had no issues with it at all.

I certainly find it far superior to MS's offering. I hear their new browser is going to be "more standards compliant" but will have a "broken mode" switch to enable all those badly designed websites (those only designed to work on previous versions of IE) to display correctly-ish.

The penguin because now I've managed to the TV tuner, Video editing and everything else to work in Linux now, I hardly ever have any reason to boot into Vista, XP, or W2K now. I think it will soon be time to recover all that disc space.

Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9) Gecko/2008061017 Firefox/3.0

The thing is broken, riddled with CSS rendering and JavaScript bugs and locks/falls over and crashes on a frequent basis which is dead sad as I have been a vocal advocate for FF for years now and have converted many to using it.

Frankly, and I hate to say this, Safari is actually rather good and even IE8 Beta is better behaved than FF3.

Glum face 'cos FF is no longer my favorite browser. Sad to tell ...

"That costs a lot more than a hooker. Takes more effort and time too!"

Unfortunately, you ARE right... :-(