Flaws in Mozilla browsers soar: Taken from The Age Technolog

[Alex45]

http://www.theage.com.au/technology/

See article.
As yours sincerely has always maintained, the reason not many flaws have not as yet been made public is only because Firefox does not have nearly as many hundreds of millions of users as IE ,,,, thus, flaws are slow to come to light.

This article proves my assertion correct.

Kind regards

[raoul]

Quotes from the article:

"However, IE had a much higher number of critical vulnerabilities."

"the report had not taken into account the interval between the finding of a flaw in Mozilla-based browsers and the issue of a patch. At times, this has been as little as a day, while Microsoft has often taken well in excess of six months to patch flaws."

Sounds like a good advertisement for Firefox!
I know which one I'm going to use!!

Raoul

[bazcaz]

Symantec's latest security report. (Michael Crawford, 22/03/2005)

Firefox has gained a lot of attention as a secure web browser, however, new statistics show it is only marginally more secure than Internet Explorer, with half of Firefox's vulnerabilities reported as critical. This is the finding of Symantec's Internet Security Threat Report released today, which found that of the 21 vulnerabilities recorded in Firefox, eleven were found to be severe. Nine of the 13 vulnerabilities recorded in Internet Explorer between 1 July and 31 December 2004 were either critical or highly severe.
Symantec added that patching, changing passwords and not "opening attachments for the sake of it" would significantly reduce the element of risk and potential harm. The Internet Security Threat Report also found a steady rise in the number of Win32 viruses and worm variants, finding 7360 new viruses and worms in the latter part of 2004 - an increase of 65 percent compared to the previous six months. The number of attacks per day on individual organizations went up from an average of 10.6 to an average of 13.6 attacks per day. Symantec said they now see multiple variants of the one virus family, which they put down to as a malicious-code attacks between various groups as a way to tweak the code to bypass antivirus engines. The intention is still there to open ports and create spybots or whatever, but writing viruses to crash systems just for the sake of it is now less of a desirable outcome. It is now about controlling a system unbeknown to the user and using that system as a feed to get personal information!
The report noted that of all the security threats from malicious code, 54 per cent were "created to expose confidential information," up from 44 per cent in the first six months of the year and 36 per cent in the second half of 2003. Many of these viruses, known as Trojan horses, install a program that allows hackers to remotely access a computer and find passwords or monitor keystrokes. Trojans represented 33 per cent of the top 50 threats reported to Symantec. Symantec found 17,500 different types of viruses and worms as of December 31. Email remained the most prevalent threat from viruses but Symantec cited increased attacks on servers and web applications. Attacks hidden in embedded content in audio and video images are expected to increase. This is worrisome because image files are ubiquitous, almost universally trusted, and an integral part of modern-day computing. Other growing threats include spyware, which enables third parties to track computer activities, and spam, or unsolicited email, which can contain other threats. Spam increased from an average of 800 million messages per week to well over 1.2 billion spam messages per week by the end of the reporting period, making up more than 60 per cent of all email traffic observed by Symantec during this period.

[Paul]

Not quite what it seems - as usual.

Vulnerabilities are affecting new alternative browser distributions. During the last six months of 2004, 21 vulnerabilities affecting Mozilla browsers were disclosed, compared to 13 vulnerabilities affecting Microsoft Internet Explorer. Six vulnerabilities were reported in Opera.

From Symantec Press Release.

Secunia Advisories for Firefox listing patched and un-patched vulnerabilities.

cheers, Paul

[aussieboykie]

Maybe we need a separate Holy Browser Wars forum dedicated to all the proselytisers who frequent these discussion groups...?

Cheers, AB

Each to his own, says I.

[Paul]

And you can bugger off back to Sydney!

cheers, Paul

[bazcaz]

And you can bugger off back to Sydney!

cheers, Paul

Well at least we know where he is from.......not incognito like you Paul.....

[maureen]

The fish are biting

Maureen

[wilbert]

I'm gradually installing Firefox on the machines within our organisation. With the computer illiterate, I just find it easier to lie and tell them I've installed a security fix on their computer rather than go to the trouble of explaining the difference between browsers (or in some cases, what a browser is).

I think the number vulnerabilities in a browser/operating systems are of lesser concern than the number of attacks. If you look hard enough, all software will have a flaw of some sort or another.

As OSX is increasing in popularity, so are the number of attacks – this is the main reason Apple needed to release 11 security updates during the week; not a decision by Apple to run a security audit.

Linux and OpenOffice attacks will also increase as their popularity grows.

[aussieboykie]

The fish are biting

Maureen

Fortunately the fleas are not

On a less frivolous note, Firefox 1.0.2 is available for download.

Cheers, AB

P.S. When I said..

Each to his own, says I.

I really ought to have added.. Mine's a FireFox ..to make it clear which particular tub this proselytiser is thumping.

[Paul]

Firefox 1.0.2 passes all tests at Scanit.

At least on my installation.

cheers, Paul

[bazcaz]

Firefox 1.0.2 passes all tests at Scanit.

At least on my installation.

cheers, Paul

What a great link Paul, thanks.....22 out of 22 tests for IE 6.0

Your browser reports to be:

Browser name: MSIE
Version: 6.0
Platform: Windows NT 5.1

Browser Security Test Results
Dear Customer,

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

Yipee!!

[Paul]

Well done Bazcaz, and welcome to the secure world, for now anyway.

cheers, Paul

[Paul]

CSS (Style Sheets) vulnerability in Internet Explorer.

Information disclosure vulnerability in all browsers.

If you are running Firefox, upgrade to V1.0.2 now.
If you are running Internet Explorer, no patch at this stage, AFAIK.

cheers, Paul

[Alex45]

Dear Wilbert,

How do we know you are not telling us porky's as well ??? !!!

I'm gradually installing Firefox on the machines within our organisation. With the computer illiterate, I just find it easier to lie and tell them I've installed a security fix on their computer rather than go to the trouble of explaining the difference between browsers (or in some cases, what a browser is).

I think the number vulnerabilities in a browser/operating systems are of lesser concern than the number of attacks. If you look hard enough, all software will have a flaw of some sort or another.

As OSX is increasing in popularity, so are the number of attacks – this is the main reason Apple needed to release 11 security updates during the week; not a decision by Apple to run a security audit.

Linux and OpenOffice attacks will also increase as their popularity grows.

[Paul]

Leave poor Wilbert alone, his first post and you ask that one.

cheers, Paul

[wilbert]

It's okay Paul, I am a serial liar.

I might run for parliament.