Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Symantec: Mozilla browsers more vulnerable than IE
ZDNet News ^ | 9/19/2005 | Tom Espiner

Posted on 09/19/2005 7:01:42 PM PDT by Incorrigible

Symantec: Mozilla browsers more vulnerable than IE

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".

Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.

Not for commercial use.  For educational and discussion purposes only.


TOPICS: Business/Economy
KEYWORDS: firefox; mozilla; propaganda
Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120 ... 261-264 next last
To: Incorrigible
Sounds OK to me!

Hey, Symantec makes its money selling malware protection. MS is their bread and butter.

81 posted on 09/19/2005 8:32:48 PM PDT by LexBaird (tyrannosaurus Lex, unapologetic, yet compassionate carnivore)
[ Post Reply | Private Reply | To 60 | View Replies]

To: Jokelahoma
The one that knocks out more businesses, which would be Microsoft-based.

Take down a hand full of DNS servers running BSD and you can bring down the entire internet!

82 posted on 09/19/2005 8:33:10 PM PDT by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 80 | View Replies]

To: Wolfgang_Blitzkrieg
1.5, which is currently in beta 1, which I'm using right now. There have been 3200+ bugfixes to Gecko and Firefox that are in 1.5b1 right now. 1.5 final will likely have an additional 100 fixes, plus whatever regressions arise from the betas and RCs.
83 posted on 09/19/2005 8:36:05 PM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 75 | View Replies]

To: N3WBI3
And someone will, once they think they can get away with it and not get caught. That may be a case of knowing they'll be drawn, quartered, shot, poisoned, shot again, hanged, ground into a fine dust and sprinkled over dog squeeze were they ever to attempt something that high profile. Bringing down a few large corporations is fun. Bringing down DNS servers would be suicidal. :-)
84 posted on 09/19/2005 8:36:47 PM PDT by Jokelahoma (Animal testing is a bad idea. They get all nervous and give wrong answers.)
[ Post Reply | Private Reply | To 82 | View Replies]

To: cynwoody

Give to the code, and the code will give to you

85 posted on 09/19/2005 8:39:15 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 77 | View Replies]

To: Jokelahoma
Bringing down a few large corporations is fun.

Tell that to the punk who just got the book thrown at him..

86 posted on 09/19/2005 8:39:20 PM PDT by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 84 | View Replies]

To: Raycpa

See post #71


87 posted on 09/19/2005 8:50:15 PM PDT by eyespysomething ("The Constitution is the court's taskmaster and it's Congress' taskmaster as well" John G. Roberts)
[ Post Reply | Private Reply | To 18 | View Replies]

To: softwarecreator
The DNC's database--referred to by party insiders as "Demzilla," in recognition of the open-source Mozilla technology on which its platform is based--currently stores the records of 166 million U.S. voters...
88 posted on 09/19/2005 8:52:00 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 67 | View Replies]

To: softwarecreator

And Communism.orgs windows ASP technology allows them to make polls saying how bad America is..


89 posted on 09/19/2005 8:55:41 PM PDT by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 88 | View Replies]

To: Incorrigible

wow, what a load of crap.

the firefox is a relatively young browser, and the flaws are relatively minor. And when they're announced, they're fixed with incredible speed.

With MS, you tend do get "wow, that's really bad" kind of bugs (ActiveX- the worst idea ever?) - and they're usually denied first, put off second, and have a patch released 'eventually'.


90 posted on 09/19/2005 9:03:20 PM PDT by flashbunny (Do you believe in the Constitution only until it keeps the government from doing what you want?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Golden Eagle

Mozilla doesn't offer any database software.

It's called Demzilla because it's a large list, not because of its non-existent Mozilla software.


91 posted on 09/19/2005 10:20:23 PM PDT by Terpfen (http://www.pattonhq.com/unknowntext.html)
[ Post Reply | Private Reply | To 88 | View Replies]

To: Golden Eagle
See your spouting nonesense again


92 posted on 09/19/2005 11:03:22 PM PDT by packrat35 (The America hating bastards at the NYT must spend their entire life with their heads in the toilet)
[ Post Reply | Private Reply | To 85 | View Replies]

To: N3WBI3; Golden Eagle
I really don't think an OS cares about a users politics, but what really pi$$ed me off in the article that GE links to is this:

the marketing and technology agency behind the DNC's database technology, the group also places bids with Google and Yahoo!'s Overture on issue-oriented search keywords such as "minimum wage," "economy," and "education."

Yeah, Google and Yahoo are going to be really biased when it comes to reporting aren't they?

Thanks for the link GE, I may be thinking twice before I use these 2 search engines in the future.

93 posted on 09/20/2005 4:13:18 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 89 | View Replies]

To: N3WBI3
And Communism.orgs windows ASP technology allows them to make polls saying how bad America is..

And what do the demmies use?  I consider them more of a threat to the US than commies, nazis and muzzies.  But again, I don't put too much significance on what OS a political party uses.  I do have a problem with them making certain free Operating Systems mandatory for all government owned sites.  Although, in all fairness, that is not the fault of the OSS.

94 posted on 09/20/2005 4:19:49 AM PDT by softwarecreator (Facts are to liberals as holy water is to vampires.)
[ Post Reply | Private Reply | To 89 | View Replies]

To: Incorrigible
Raw numbers might be misleading (and the ZDNet article is not exactly full of clarity on this matter. IF Symantec's report speaks of Mozilla Browsers, it might be speaking of Mozilla Suite and Firefox...two browsers. BUT the report might be speaking of Firefox for WinXp (one browser), Linux, Mac OS X, then you have 3 browsers. The question is, are the Mozilla vulnerabilities in the article found in all versions? Or is that a few in the Win XP version, a few more in Mac OS X and a few more in the Linux release. Last time I checked, IE is only for Windows--meaning the number of vulnerabilities might be really lopsided toward the beast from Redmond.
95 posted on 09/20/2005 4:32:46 AM PDT by twntaipan (Tagline space for sale or rent.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softwarecreator
I do have a problem with them making certain free Operating Systems mandatory for all government owned sites.

I concur. The government should not be required to use a specific open source solution.

However, considering that it's our tax dollar that they're spending, all government documents should be available in a completely open, fully documented format.

That mean no MS SQL Server for government storage, no Word documents, and no Active Server Pages.

96 posted on 09/20/2005 4:33:54 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 94 | View Replies]

To: eyespysomething

thanks


97 posted on 09/20/2005 4:49:54 AM PDT by Raycpa
[ Post Reply | Private Reply | To 71 | View Replies]

To: Terpfen

It's called Demzilla, as my link indicated in honor of open source software, which the DNC and Howard Dean clearly support. Howard Dean referred to his own campaign as "open source politics", any atttempts to deny the relationship are futile.


98 posted on 09/20/2005 5:06:56 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 91 | View Replies]

To: softwarecreator
I do have a problem with them making certain free Operating Systems mandatory for all government owned sites. Although, in all fairness, that is not the fault of the OSS.

Sure it is, when the primary developers of GNU software and license owners of GPL software say it's their goal to make all proprietary software obsolete. If you're a paid sofware developer, ignore at your own risk.

99 posted on 09/20/2005 5:09:14 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 94 | View Replies]

To: packrat35

Sick picture. I expect about as much from you losers.


100 posted on 09/20/2005 5:10:36 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 92 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 61-8081-100101-120 ... 261-264 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson