Dogfood report: Firefox autoupdate works

Marcus Meissner marcus at
Wed May 3 15:11:10 CDT 2006

On Wed, May 03, 2006 at 09:05:59PM +0100, Mike Hearn wrote:
> On 5/3/06, Marcus Meissner <marcus at> wrote:
> >Number of konqueror affecting security problems in the last 2 years
> >(by CVE entry): ca 10.
> >Number of firefox security problems in the last 2 years
> >(by CVE entry): ca 100.
> >
> >(Just go to and look for yourself.)
> I wonder how much of that is due to the differences in popularity vs
> the differences in engineering? (a disturbing number of Firefox
> exploits are based on its platform features like XUL/XBL). Konq just
> isn't as interesting a target for security "researchers".

Its more of feature bloatedness and codesize vs small (but full necessary
) featureset and clean programming ;)

The 5000 (?) US$ challenges might have helped to poke holes in it.

> Safari has quite a lot of exploits available for it too and it's based
> on KHTML ....

But they are not konqueror issues. The konqueror developer look at the
Safari fixes. ;)

> >One reason I hate Firefox.
> I've just come to accept that web browsers are exploit-zones all round
> - their entire purpose in life is to download and manipulate extremely
> complex data structures and code from the net at high speeds. Pretty
> much a textbook case of where you'd expect to find security problems.

Yeah similar to this strange emulator program where users actually
download .exe files and run them under Linux :)

> My dissertation is on splitting software into modules using a fast
> form of local RPC so they can be confined using AppArmor/SELinux ..
> the idea is you could try and split things like the renderer out of a
> web browser so it runs with no privileges (except perhaps minimal X
> server access). The architecture of Firefox, where the entire program
> basically runs inside the rendering engine, makes that rather tricky,
> but the same principles apply to things like image decoders.

helix-dbus-server is a good start (although for 64 <-> 32bit interop),
imgsep a nice idea, seccomp a too restricted idea ... and so on. ;)

Ciao, Marcus

More information about the wine-devel mailing list