Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Symantec: Mozilla browsers more vulnerable than IE
ZDNet News ^ | 9/19/2005 | Tom Espiner

Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible

Symantec: Mozilla browsers more vulnerable than IE

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".

Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.

Not for commercial use.  For educational and discussion purposes only.


TOPICS: Business/Economy
KEYWORDS: firefox; mozilla; propaganda
Navigation: use the links below to view more comments.
first previous 1-20 ... 201-220221-240241-260261-264 next last
To: N3WBI3
I can get apples from someone else, you can only get Mozilla from the boys wearing the red star.

Actually its open source... so yes, I can, get it from many other places..

Unless you are rolling your own browser based on extrapolation of the source code - you are getting your browser from Mozilla (just being able to see the source code does not change this reality)

241 posted on 09/21/2005 8:12:57 PM PDT by Last Visible Dog
[ Post Reply | Private Reply | To 235 | View Replies]

To: N3WBI3

As expected, you were wrong. I decided to look up your BS, it took me all of 3 minutes to debunk it. I should have known all along.

http://seattlepi.nwsource.com/local/bill26.shtml

A spokesman for the Bill and Melinda Gates Foundation suggests that the efforts are misdirected because its donations do not pay for abortions.

"When we give a grant, it is for very specific things," Trevor Neilson said. "We have never made a grant for abortion services."


242 posted on 09/21/2005 8:12:57 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 235 | View Replies]

To: Golden Eagle
I made a typo on the year late one night which I admitted.

LOL! I haven't done anything STOOPID like that in the 8 & half years that I've been here [at least not recently! ;-)]

ESPECIALLY not late at night! :-)

243 posted on 09/21/2005 8:13:39 PM PDT by an amused spectator (If Social Security isn't broken, then cut me a check for the cash I have into it.)
[ Post Reply | Private Reply | To 239 | View Replies]

To: Last Visible Dog
just being able to see the source code does not change this reality

As you're starting to see, he has a serious problem with reality.

244 posted on 09/21/2005 8:15:23 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 241 | View Replies]

To: an amused spectator

Thanks, if they want to pull up the link you'll see it was late on a Friday or Saturday night, I don't remember which but I think it was Saturday. Probably after I had been out on the boat all day, and while I love being out on the water, the only way I can overcome all day seasickness is by drinking, LOL.


245 posted on 09/21/2005 8:19:31 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 243 | View Replies]

To: N3WBI3
Perfect example this "newbie" guy was on here recently going on for weeks creating new threads with bogus titles claiming Microsoft was ending all Windows 2000 support. He still won't admit he was wrong, or more importantly that he knew it.

Dude, what's this all about? I mean, you're cert (or going to be) and you're teaching.

You don't seem like the type to get in OS food fights.

What's the deal with the Win2K threads?

246 posted on 09/21/2005 8:23:00 PM PDT by an amused spectator (If Social Security isn't broken, then cut me a check for the cash I have into it.)
[ Post Reply | Private Reply | To 239 | View Replies]

To: an amused spectator

Here's one of the threads weeks after he first started making the claim, called "MS issues final software update for Win2K". This thread was started by Shadowace, someone else perpetrating the lie n3wbie had already started a couple weeks before. Check some of this out, starting with n3wbie trying to claim "a hotfix != an update":

http://www.freerepublic.com/focus/f-news/1434031/posts?page=48#48


247 posted on 09/21/2005 8:32:49 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 246 | View Replies]

To: for-q-clinton
When they get more secure than IE, let me know.

Okay, you are hereby informed.

According to the OSS crowd IE is horrible, so it should be easy to beat it hands down in security.

It is. You may notice Mozilla bugs are generally less serious and fixed faster.

248 posted on 09/22/2005 11:06:07 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 152 | View Replies]

To: for-q-clinton
People will attack for a couple of reasons and the biggest is notoriety. So with a small user base you protect yourself via obscurity.

But successfully compromising a small but well-known (especially for security) userbase will definitely give that notoriety. For example, the first person to write a successful self-propagating OS X virus will be famous. The next person to write a successful self-propagating Windows virus will be obscure at best, mixed in with tens of thousands of others, unless the virus is wildly successful and causes extensive damage.

249 posted on 09/22/2005 12:54:38 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 209 | View Replies]

To: for-q-clinton
If you don't properly manage your systems (UNIX, Linux, Apple, Windows, etc...) you're in danger of getting hacked.

Giving us another advantage for OS X and Firefox. Both are by default perfectly usable by most people while being fairly secure. Windows needs serious tweaks to make it usable and somewhat secure. IE requires you to run in a very unusable mode in order to be fairly secure, or a less secure mode to be usable.

And then there's the multi-vector aspect of IE, since IE is at its heart a set of system libraries used by several other programs that can provide vectors to the flaws in the IE code.

250 posted on 09/22/2005 1:00:42 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 219 | View Replies]

To: for-q-clinton

"flash bunny,

Looks like N3WBI3 is claiming it is old. Do you concur? "

Either you are intentionally dishonest, or you don't have a clue as to what you are talking about.

The mozilla project has been around since 1998.

The firebird browser, which uses the mozilla engine, only officially came out late last year. The first 'official' release of 1.0 was last september.

Understand yet, or do you think by trying to confuse the people who don't know the difference between the engine and the application, you can show yourself to be the smart one?

Or, given my reading of you, you are one of the people who cannot comprehend the diffence between the 7 year old mozilla project and the just-over-a-year old firefox browser application?

Gobble gobble gobble.


251 posted on 09/22/2005 3:23:35 PM PDT by flashbunny (Do you believe in the Constitution only until it keeps the government from doing what you want?)
[ Post Reply | Private Reply | To 184 | View Replies]

To: antiRepublicrat
It is. You may notice Mozilla bugs are generally less serious and fixed faster.

LOL! Read the article again. But if that's what all this blathering about OSS is all about..."our bugs may be more but we have a couple fewer severe bugs than you do (at least while we have a small install base...lord help us if we ever actually catch on)"--I'll stick with the monkey on my back that I know as opposed to swapping it for a different monkey that may grow into a gorilla.

So how that just doesn't sound too appealing. "Choose OSS we may have more bugs, but most of them aren't as severe"

252 posted on 09/22/2005 3:39:52 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 248 | View Replies]

To: antiRepublicrat

You're still touting firefox? Wow! Read the article for once before posting. THis is too funny!


253 posted on 09/22/2005 3:41:41 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 250 | View Replies]

To: flashbunny; N3WBI3
Understand yet,

Obviously I don't understand. I'm trying to figure it out as N3WBI3 clearly said you were WRONG and now you're saying N3WBI3 was WRONG for saying you were.

I'm just going to the experts...so which one of you are the true expert?

254 posted on 09/22/2005 3:43:28 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 251 | View Replies]

To: for-q-clinton

forget it. Either you are dishonest or your mental capacity falls right around 'not able to tie his own shoes' level.


255 posted on 09/22/2005 3:45:44 PM PDT by flashbunny (Do you believe in the Constitution only until it keeps the government from doing what you want?)
[ Post Reply | Private Reply | To 254 | View Replies]

To: flashbunny
Either you are dishonest or your mental capacity falls right around 'not able to tie his own shoes' level.

Why is it that I'm the dumb one when it's you and your idol N3WBI3 at odds with one another. Personally I'd put my money on N3WBI3, but we'll see.

So you're still saying N3WBI3 was wrong when he said you were wrong? Is that right :-) ?

256 posted on 09/22/2005 5:12:39 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 255 | View Replies]

To: for-q-clinton
Read the article for once before posting.

I did. Most Firefox vulnerabilities aren't critical, while most IE ones are. Some are simply the consequence of supporting various standards (slightly upping the intelligence threshold required to spot spoofing). And Firefox vulnerabilities are fixed faster -- actually OSS has a better track record for fixing serious vulnerabilities than proprietary, especially Microsoft.

257 posted on 09/22/2005 8:37:49 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 253 | View Replies]

To: antiRepublicrat

Ok, then a challenge. I'm running IE...now attack my machine. I'll give you an IP of a machine with IE and your job is to exploit it. Good luck.

I'll bet a years salary you can't harm that machine.


258 posted on 09/23/2005 6:52:36 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 257 | View Replies]

To: for-q-clinton
I'll give you an IP of a machine with IE and your job is to exploit it. Good luck.

IE exploits usually don't work that way. The user has to browse to a malicious site, and it is common given the amount of spyware and trojans I find on the average Windows/IE box.

259 posted on 09/23/2005 8:02:48 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 258 | View Replies]

To: antiRepublicrat

Ok, so you can't exploit it remotely and you have to trick me into the site. So I'll give that a go. Send me a link to a website of your choice and let's see if you can hack my box. It should be easy since IE has so many critical bugs that aren't fixed yet.


260 posted on 09/23/2005 9:25:18 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 259 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 201-220221-240241-260261-264 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson