# Today Mozilla Foundation reports



## getopt (Apr 20, 2017)

Mozilla Foundation reports a/o 2017-04-19:

You may need to click to expand for discovering the full beauty of this list


			
				http://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html said:
			
		

> CVE-2017-5433: Use-after-free in SMIL animation functions
> CVE-2017-5435: Use-after-free during transaction processing in the editor
> CVE-2017-5436: Out-of-bounds write with *malicious font* in Graphite 2
> CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
> ...



Well they discovered the bugs. And they fixed the bugs. Aren't they the heros of coders? 
But .... wait a moment ...

Doesn't this mean that we all did run a bogous software without knowing anything of it?

_Next line suitable for most readers:_
Some bugs might have existed before the publication of the bug report.

_Skip next line as reading might hurt those suffering from anxiety and/or paranoia and the like:_
Obviously the bugs have existed before the publication of the bug report and some of them existed long time before and some were exploited by third parties.


The truly advantage of the patching game is, that you can have a deep sleep enjoying sweet dreams of having installed secure software. This game is broken by design.

Firefox here is only the _example of the day_ while such is true for all huge software products which is true for all bloated browsers. So keep your flames starting browser wars here.

Shouldn't  a disclaimer like this be popped up after each update:

_Our product is known to the public for being secure and safe to use. We do work hard to erase this rumors. After updating/upgrading you are running the patched software with all the bugs we might fix on the next patchday including those we will not fix. Furthermore with updates/upgrades you receive our latest bugs which we might fix some day or never._


----------



## drhowarddrfine (Apr 20, 2017)

Vulnerabilities and bugs in software aren't always problems. Yes, they can be exploited but it might be only on Windows95 on alternating Thursdays before noon. Should they take up resources to fix that?

Some vulnerabilities exist but can't be exploited at all. Don't ask me for examples cause I don't recall any.

What good will a disclaimer do? What would one do differently? All software have bugs and, maybe, vulnerabilities.


----------



## fernandel (Apr 21, 2017)

I am using Seamonkey now (about four weeks) and from the first day pkg audit shows vulnerabilities. I did try Iridium browser but they are very slow with updates (it works very good). Xombrero which I like it is not more maintained... Netsurf is good but is not useful for everything what I want it...and looks like there are not so many choices in the BSD world for the other browsers.


----------

