Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Symantec: Mozilla browsers more vulnerable than IE
ZDNet News ^ | 9/19/2005 | Tom Espiner

Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible

Symantec: Mozilla browsers more vulnerable than IE

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".

Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.

Not for commercial use.  For educational and discussion purposes only.


TOPICS: Business/Economy
KEYWORDS: firefox; mozilla; propaganda
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 261-264 next last
To: softwarecreator
I'll download and try.

Not good enough. A guy with your skills should be donating your time to help work out all the issues. You'll get the pleasure of knowing you helped force all other proprietary developers into donating their time as well.

121 posted on 09/20/2005 9:30:33 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 114 | View Replies]

To: Terpfen
No, it isn't.

Yes it is, I already gave you a link saying the name Demzilla was a tribute to open source. Let's hear your laughable excuse for why it isn't.

122 posted on 09/20/2005 9:32:17 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 117 | View Replies]

To: Golden Eagle
haha ... don't think so.

If people want to do it for free, go for it.  Besides, most are done in C++ or Java, 2 of my least favorite programming languages.  Now if someone wants them done in MS languages (except Visual C++ which I hate) let me know.  =)

123 posted on 09/20/2005 9:36:32 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 121 | View Replies]

To: Golden Eagle

I read your link. It says the same thing that you do: that the list is somehow based on Mozilla technology.

What neither you nor the article say is which specific technology. Mozilla does not make database software. It's possible that the DNC uses Seamonkey, Firefox, or Camino to browse a web index of the database, but that's not anywhere close to being "based on Mozilla technology" any more than it would be being "based on Microsoft technology" if they were using IE.

Please name the Mozilla product being used in Demzilla. Otherwise, please stop citing a no-name news source in support of the idea that Firefox is the result of a leftie conspiracy to get us to ditch our capitalist retail software.


124 posted on 09/20/2005 9:36:57 AM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 122 | View Replies]

To: Terpfen; Golden Eagle
I already gave you a link saying the name Demzilla was a tribute to open source

He's right and he provided the proof ... hard to argue against.

125 posted on 09/20/2005 9:37:51 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 122 | View Replies]

To: softwarecreator
Neither him nor the article name the Mozilla product/technology being used. It's hard to say Demzilla is based on Mozilla technology since Mozilla does not provide database software. Kind of hard to run something as large as a political donor list from an HTML page.
126 posted on 09/20/2005 9:39:56 AM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 125 | View Replies]

To: W3BMAST3R101
Bloodbath at IBM - 13,000 Fired

IBM Discloses 15,000 Layoffs


127 posted on 09/20/2005 9:40:52 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 110 | View Replies]

To: Terpfen

I said what the article said, Demzilla is a tribute to open source, like Mozilla. It's specifically based on Linux, Apache, and MySQL. Squirm some more if you want, but connections between the DNC/Howard Dean and OSS are quite obvious.


128 posted on 09/20/2005 9:43:53 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 126 | View Replies]

To: Golden Eagle
I see what you mean, but it is, it appears, geared towarded "bundeled" software for the average user, which is pretty much given away in MS and Linux or available for free download.

The custom software I do cannot be open source unless the company I build it for wants to release it under an open license.  By that time, I will be paid and I don't care what they do with it.  If they want to pay me $60 or more an hour for proprietary software and then give it away, that's none of my business.

129 posted on 09/20/2005 9:46:00 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 120 | View Replies]

To: softwarecreator
hard to argue against.

Huh?

Are you actually claiming that when a freeper points to a third-party claim about a fourth-party website without any backup that we should take it as gospel?

What is this fabled "Mozilla technology?" Name it, please. Then we can continue any debate.

130 posted on 09/20/2005 9:47:19 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 125 | View Replies]

To: Golden Eagle

Oh, so it went from being based on Mozilla tech to simply being a tribute, as evidenced by Howard Dean... who wasn't DNC chairman when the list was set up and the name was coined in recognition of a company that no one had heard of until last year! It all makes sense now.


131 posted on 09/20/2005 9:48:48 AM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 128 | View Replies]

To: Terpfen
Kind of hard to run something as large as a political donor list from an HTML page

MySQL is probably the DB they are using and it may have originally been built for specific use by a mozilla browser.  Years ago I used to have to build web applications that had some diferent pages depending upon the browser the user had.  Netscape and IE both had formatting and font differences and Mozilla did not support Active X.

132 posted on 09/20/2005 9:51:02 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 126 | View Replies]

To: ShadowAce
Are you actually claiming that when a freeper points to a third-party claim about a fourth-party website without any backup that we should take it as gospel?

Okay, good point.  I'll have to go back and re-read that article to see what they specifically mean.

133 posted on 09/20/2005 9:53:06 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 130 | View Replies]

To: an amused spectator
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor.

HP won't admit any defects unless you submit a reproducible demonstration. Once submitted, you will get ONLY the patch necessary to clear the defect you can demonstrate. That stupid approach is a major reason why I steer customers away from HP-UX based systems. It's too expensive to play their little reindeer games.

134 posted on 09/20/2005 9:54:56 AM PDT by Myrddin
[ Post Reply | Private Reply | To 21 | View Replies]

To: Golden Eagle

Man, glad I am not working for IBM.


135 posted on 09/20/2005 9:54:59 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 127 | View Replies]

To: John W
Well said.


136 posted on 09/20/2005 9:56:55 AM PDT by M1-A2 ( "Never offend people with style when you can offend them with substance." --Sam Brown)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Incorrigible

On a related note, the Opera browser is now free, with no ad banner and no registration fee. It has tabbed browsing and many other features. Check it out at www.opera.com.


137 posted on 09/20/2005 10:04:08 AM PDT by RightFighter
[ Post Reply | Private Reply | To 1 | View Replies]

To: softwarecreator

GE just confirmed that they don't use Mozilla tech at all--it went from being named Demzilla due to their use of Mozilla software, to being named Demzilla as a tribute to OSS.

These tech threads really give me a headache sometime.


138 posted on 09/20/2005 10:06:20 AM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 132 | View Replies]

To: Terpfen
These tech threads really give me a headache sometime.

Plus reading an article about democrats, specifically Howard Dean.

Where's the Tylenol?

139 posted on 09/20/2005 10:08:26 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 138 | View Replies]

To: softwarecreator

Don't know about the Tylenol: I've got Excedrin migraine myself.


140 posted on 09/20/2005 10:11:05 AM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 139 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 261-264 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson