Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible
Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.
The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.
Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.
The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."
The Mozilla Foundation did not immediately respond to requests for comment.
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."
Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.
Not for commercial use. For educational and discussion purposes only.
In otherwords all the features that are built into firefox..
Nope, but installing MS toolbar will eliminate these problems, at least it has proven reliable for me.
PS: I am a Detroit Tiger fan (and ½ Polish) so thanks for putting Al's pic up. A little sports store in Hamtramck used to have his pic prominently displayed on the wall when I was a kid and I never forgot him.
Ill let you guess how old the engine for firefox is...
Im not saying they wont find bugs what I am saying is that the bugs they have found are less severe and fixed faster. I have stated a fact..
FF is quickly getting onto the radar of the hackers and the vulnerabilities will grow more severe as they pry deeper and deeper in mozilla's holes.
You have stated an opinion..
[Insert gratuitous v.d. joke here]
Nah, one look at their Earnings Report, marketshare and total users will do that all by itself.
And I am pretty sure they will be built into IE7 so that kind of takes the strength out of your argument.
I use Firfox becuase of the better speed on my dialup and its nice graphics and flexibility.
I also love the fact that in the "Favorites" folder it keeps the original site symbols instead of IE pirating them and converting them all into Microsoft generic folders.
Firefox is more theme versatile (Hate cats but love the red cats green flavor theme). It is also not bound so intregally into the OS. Big problem---delete Firefox and download it again.
I also use IE and some times use both browsers simultaneously.
That said, I also think that Microsoft has been maligned a bit unfairly. Of course all the hackers are going to attack the most widely-used browser. Microsoft has been timely and consistent with providing patches.
Hey nobody has ever said they make bad business decisions..
Stick with Firefox.
Reported vulnerabilities mean very little. Vulnerabilities themselves do nothing - it's only until they are exploited does security become threatened and, trust me, almost all browser attacks are directed at IE.
Also, I would not put it beneath infosec companies to hire "security researchers" to find vulnerabilities and report them just to drum up this kind of false perception. The reason is obvious.
It also takes the "oss does not innovate" out of the MS shills sails...
Yes, but very few people bothered to waste their time hacking into a browser that only a few would use. And Netscape after 4.0 royally sucked, so Mozilla was pretty much forgotten.
Again, it comes to how widespread the use of the browser is.
Amen brother, amen.
So do I on a regular basis. I like certain features on each of them.
And I agree with IE being embedded too deeply into the OS, it's something MS made a big mistake in doing.
If they didn't, Bill and Steve were afraid Janet Reno was going to send tanks and incendiary grenades into Building 8!
Sounds OK to me!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.