Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
Remember, always follow the money trail and you will find the truth.
the basic engine is old, depending on how far back you want to go, but the firefox effort is relatively new.
You able to comprehend that the engine and the application are two related by ultimately different things?
Not when one of you are claiming it's mature and another saying, hey it's a young product. Make up your minds.
Explain to me the correlation. Are you saying those mozilla shirts and the logo GE posts are put out by anti-mozilla people? Or are you trying to say supporters of GW put out that hitler picture?
Just trying to follow the logic, which I don't see yet.
I'm sure you enjoyed posting that, but the RNC isn't printing T's with that ridiculous picture on them, like Mozilla has done with their commie logo. Time for you to deal with it.
Obviously there is no logic with that fruitcake. He was actually taking your side in the argument about Firefox being a new browser and didn't even realize it, LOL.
This thread reminds me of the Oracle "Unbreakable" ads.
Is there some kind of idiot award for posts going on on Free Republic that I am unaware of?
Having immediate access to source does make hacking easier. Or if you're claiming it doesn't, we can certainly get you one of the idiot awards.
Which also explains why it's such a buggy product. Communism hasn't worked yet.
Question for all Mozilla/Firefox fans: How does this propaganda make you feel? I bet you can talk to Jane Fonda and she can give you some wisdom on the subject.
I just can't believe it. I thought it was a gag, but it's a real logo the mozilla fans use. It's not something the anti-mozilla crowd uses to defame them.
It's just so amazing that so many conservatives (or so-called conservatives) can subscribe to this tripe.
Did you see this from today?
http://www.linuxworld.com.au/index.php/id;579036411;fp;2;fpid;1
"A serious security flaw surfaced on Tuesday that turns conventional security assumptions on their head -- affecting Firefox and Linux, but leaving Microsoft's Internet Explorer and Windows unscathed."
Wonder if Symantec somehow knew in advance.
They should print them off and carry them in their wallet for ID.
And you just won the blue-ribbon idiot award.
I see you're living up to your screen name. Of course having source code makes it easier to crack, no intelligent person would ever say otherwise. What the OSS fans say is it also makes it easier for the white-hats to patch the holes before the black-hats get to them because they have more eyes on the code than a closed source vendor would typically have (assuming the OSS code is popular enough).
So what we have here is a popular OSS product that is bug-ridden. Good thing it doesn't have a very large install base or the black hats would be exploiting it like worse than Win9x.
But even more amazing LinuxWorld actually backs up my point that Linux, Mac, Firefox, etc... aren't attacked as much simply because they don't have as large of an install base. I need to bookmark this, for the next time the OSS crowd says otherwise, or that one guy says there was a hack on a cell phone with only 3 users, so the hackers will exploit everything at the same rate.
Linux is also generally seen as a lower-risk platform than Windows, partly because it is less widely used on the desktop and therefore isn't targeted as often.
Yeah, did you also notice that newbie and shadow are simultaneously hiding under their crib since all this came out?
Well if you don't believe me that Windows and IE are attacked more because of the large install base, maybe you'll believe a source like LinuxWorld.
Linux is also generally seen as a lower-risk platform than Windows, partly because it is less widely used on the desktop and therefore isn't targeted as often. The security picture is changing, though, according to the Symantec report, with platforms like Linux and Mac OS X coming under increasing scrutiny by potential attackers.
Now should I go back to all those threads where you were claiming otherwise and I was disagreeing (trying to use logic) and bump those with this post? Or will you go back and review your comments and realize how wrong and misguided you were in your naive thinking?
This thread has to be hurting :-)
However, since it's N3WBI3, I'll go ahead and say he's hiding (after all he accused others of doing the same thing).
Because you're a logical, reasonable person. But how often have we had it that NEITHER of them was here for an entire day pushing their BS on us? Other than possibly weekends, I can't think of anytime recent.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.