I figured it would only be a matter of time before it started heading the route of Internet Explorer in terms of lack of security. Here is the article.
Those who choose to live with a tab-less browser like IE can disable ActiveX to eliminate many huge security risks that stem from this hyper-dangerous code interface (Firefox doesn't even support ActiveX).
"We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," Mozilla Foundation said in a statement published on Mozillazine.org.
I haven't added any other sites to my whitelist, I just deal with the question that comes up. This makes me think I'm not affected by the second FF bug.
The first bug and the many yet-to-be discovered bugs like it are best avoided by not going to strange web sites.
If you want nekkid women, get them in print instead as that appears to be safe so far... :O)
I still feel a lot more secure with FF than with IE. Even MS seems to have realized the massive size of the IE bug cauldron, and is coming out with IE7 this year, with new code with draconian measures to protect the user. It will even have tabs it seems...
just turn off "allow web sites to install software" and all is ok until 1.04 comes along ..
========
Also turn off Java and Java Script. The word "cracked" was used as an answer to those who constantly let their guard down and tout Firefox's "bulletproof" nature. Perhaps not the best choice of words. For me IE is practically crippled with what I have as security settings. Eventually I will probably do the same with Firefox.
Incidently,
I disabled Java and "Allow web sites to install software" when I first installed Firefox just because I didn't trust it's security. I also clear temp files, cookies, history, etc roughly every 30 minutes in both browsers, and ALWAYS after leaving an intentional spam magnet like Yahoo.
it looks like it's not really a FF bug but just an exploit someone found that could work on any browser. Any browser supports frames & any browser supports java script, so any broswer could be hit.
I've always had auto download turned off anyway. I don't like things being dl'd w/o my permission. :) At least with FF I don't need to have my firewall block it because windows always uses it for automated crap. :)
Of course IE7 will have tabs. It's based of mozilla. bout time MS used a recent version of mozilla for IE instead of the one they used a decade ago. :)