Posted 31 August 2009 - 05:30 PM
If you exclude add-ons, plugins, userscripts in Greasemoney (check their forum for cookies stealing login) then I dont think you will find any code/link infecting system through Firefox just by surfing. You want a link to a so called drive-by doing that without user intervention? Well good luck searching. Firefox cant even run an exe-file without an add-on! Think there will be better luck with IE6 on old XP, preferably unpatched and set up for trouble too.
The security bugs they keep finding and fixing could actually be sort of drive-by. But there is a long way from a crashing Firefox in a lab to real life malware. What many popular tech sites happen to forget, but hysteria also keep developers sharp if not annoyed so may be a good thing. Strange crashes could still be considered security flaws. They dont wait until whatever has been proven to work for real. If you want to see details go to Bugzilla site but they do not disclose the most severe security bugs. Search for "proof of concept" or something. Find out who fix bugs and follow them. Think you will be highly dissapointed if looking for something spectacular. You need a broader definition of "just surfing" or drive-by for results. Add a little clicking from user and there is no end to potential problems. All those fake scanner sites work great on Firefox but has not really much to do with Firefox.