Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
You might consider this behavior a bug, but there is really no way for Firefox to tell anything other than that it was halfway down before, and it is still halfway down after the refresh. The problem is the page is a lot longer now, so your position within the page seemed to have changed. The solution would be for there to be an option to have position be absolute as considered from the beginning of the page (i.e., keep my focus at the point that is 2000 bytes in) rather than a relative one as considered for the entire page. The way you prefer things to render is largely a matter of preference. Perhaps they'll make this an option in the future. I'd like it much of the time, though it could cause issues when rendering a page that has a lot of nested frames or tables.
The example you described is exactly what Firefox does. It's just one of two methods for page position refreshing, though. In this case, Firefox measures what position on the page you're at--50% down, for example--and if the page increases in size, then your position is changed even though you're still 50% down the page. What most people want is for the content added upon refresh to be added to the displayed page, but the readjusting based on previous page position to not occur.
I can see how it's annoying, but it doesn't really bother me: I would hope that such an option is introduced later, though.
It should refresh and put you back at that post.
-Freeper eyespysomething (post #71)
I read.
I'm not the one who has a problem with the page positioning, so it's not a big deal.
That's more or less what I thought. Symantec has a financial interest in keeping IE as the browser of choice for most users. The vast majority of the nasty things Symantec protects you from (And collects a fee for doing so!) are let into your machine by Microsoft products. MSFT is a goldmine for companies like Symantec. The last thing they want to see is a bunch of long-haired, dope-smoking, bare-footed, stinking of patchouli oil, hippie freaks spoiling their business model.
Your Barber Says You Need A Haircut bump.
Available for Windows, Solaris Sparc, Solaris x86 and Linux
OpenOffice.org file formats are pure XML, with the option of compressing it with gzip. Note that this is entirely unlike the new Microsoft XML format which is a Microsoft proprietary file format wrapped in XML.
In the absolute worst-case scenario with OpenOffice.org, an OpenOffice.org doc can be edited in any ASCII file editor. If you had a lot of docs to rescue, you could write a Perl script to strip out all of the XML, saving the text to ASCII, CVS or other simple format.
In the absolute worst-case scenario with Word or Excel, you rewrite your data from scratch.
Guess which one happened at a place where I worked?
I haven't done any XML work in anything other than a .Net environment, so I was not aware of this. Thanks for the heads-up. I'm supposed to work on a small project next month with PHP and XML, so I will have to look into this.
If you had a lot of docs to rescue, you could write a Perl script to strip out all of the XML, saving the text to ASCII, CVS or other simple format.
Nice. Someone was thinking correctly when they built this application. I can't even count the amount of data, reports or docs I've lost because of the formatting in MS.
Guess which one happened at a place where I worked?
Been there. I think excel is prety good for the most part, but like you I've had to attempt to rescue data that was impossible to retrieve. I worked on a project for a Ford affiliate where they used excel as their only data storage unit and backed up nothing. What a disaster.
I think that's backwards. If I remember correctly, had IE been easily separable, a remedy would have been more easy - according to the gov's contention. Microsoft's position was the browser is part of the OS, so we can't separate it.
Whether MS embededded it for purposes of the anti-trust suit, I don't know - I don't think they did. Their use of it at the trial was to keep IE on the desktop from all PC vendors (rather than make the choice optional), which would increase the merit of the government's monopoly charge, not decrease it.
Is that a real mozilla image or a spoof? It really is hard for me to tell. If it's real, WOW! If it's not LOL!
I'm glad the rats are using Mozilla. More points of attack for the hackers. LOL! Mozilla, what a joke. When they get more secure than IE, let me know.
According to the OSS crowd IE is horrible, so it should be easy to beat it hands down in security. So those idiots writing Mozilla must really be stupid. I sure would hate to have any software written by idiots that can't even write code more secure the IE.
If you need help learning how to use IE, ping me. Just paying back all the favors the OSS crowd has done me for offering to help me switch to firefox and/or linux. I guess it's time for me to help people switch to a more secure browser...like IE.
It's like shooting fish in a barrel.
Also they have the source code for Firefox. So it makes hacking it even easier. Boy I wish those white-hat (good guys) would hurry up and make firefox bulletproof, so I can realize the promised security that OSS and Firefox would give me. Good thing I couldn't uninstall IE; otherwise, I'd be left with a really crappy browser after I uninstall firefox. That's the last time I listen to an OSS guy promise me more security from OSS and dumping MS.
Perhaps you didn't read the article and were too quick to find a reply to make it not so bad...
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
Wow, I wouldn't touch that type of update until it was at least 2 minor updates later. With that many fixes there's bound to be more (possible severe) security bugs introduced.
I'm so confused. N3WBI3 was saying the engine behind it was really old and mature. So what is it? Is it young or old?
LOL! In other words, anything but Microsoft. What about Oracle? Funny how you didn't mention them. But since it is our money, the gov't should use what gives them the lowest cost required to achieve the mission. If that's OSS, great! If it's Oracle, Great! If it's MS Word, Great!
What isn't great is blanket statements that try to pigeon hole the gov't into using OSS software to get MS out of the picture.
Not in this case. Mozilla's sealed more security holes than the tech press knows exists. There were a few nightly builds where five or six security holes would be sealed all at once. The major problems with new Firefox builds are the regression bugs, but they solve those before general releases. Still waiting on them to fix a nasty focus bug related to the find-as-you-type feature, though: it was marked as fixed before, but seems to have regressed.
Trouble at home, Bill?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.