Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
That mean no MS SQL Server for government storage, no Word documents, and no Active Server Pages.
hmmm ... I see what you are saying and agree with your assessment. I know about MySQL and PHP to replace SQL Server and ASP, but what open source application would you suggest to replace Word, Excel or Powerpoint? I have a client who may be interested in this and I'd like to check it out. . Is "OpenOffice" available for Windows or is something else better?
Not really, it would affect those that develop proprietary OS. . I develop applications in many different languages and whether it is Linux or Windows wouldn't alter my life at all.. . I prefer working in MS Visual Studio, but it's not a requirement.
Read the article, severity is taken into account,longevity is quantified but not broken out by browser.
I have used Firefox pretty much from the initial release. I was doing my weekly checks this past weekend and found two pieces of spy-ware, one critical. This is the first time I have had spy-ware since switching. The crooks may be targeting Firefox as well now.
You must have missed the part about making ALL software free.
I guess I did, sorry, where did you post it? I can't see how ALL software could be free. 90% of the stuff I've done is custom and proprietary to companies such as Ford and GM ... it's not something you can download and "plug-n-play".
And MSFT is complicit on blocing the words freedom and democracy from their portal in china... They are all dirty..
Is MS doing it or is it something controlled through the portal's admins?
Yes Openoffice is available for Windows and MacOSX..
The only Office product I use on a daily basis is Access.
go to http://www.openoffice.org for open office. Its wonderful! I use it at home instead of Microsoft office and best of openoffice is free and open source. Everyone should give it a try. It has excel,Powerpoint and Word like programs
No tharts a purdy browser.
No, it isn't.
Please name the Mozilla product which Demzilla uses.
Have you installed the latest version. I don't have that problem anymore either here or on Ebay. I think it was fixed two versions ago.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.