The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Symantec: Mozilla browsers more vulnerable than IE
Time: 15:16 EST/20:16 GMT | News Source: CNET | Posted By: John Quigley

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE. The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Write Comment
Return to News

  Displaying 1 through 25 of 329
Last | Next
  The time now is 7:25:42 AM ET.
Any comment problems? E-mail us
#1 By 3746 (24.215.62.156) at 9/20/2005 3:51:52 PM
let the browser flamewar begin

#2 By 2960 (68.101.39.180) at 9/20/2005 4:34:55 PM
Again?

Can we just paste in the responses from the last identical story?

TL

#3 By 13030 (198.22.121.120) at 9/20/2005 4:52:15 PM
"According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005."

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE."

"There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox."

Whoa! That makes a differnce in the totals: 28 for Firefox, 32 for IE.

All the Mozilla Foundation has to do is stop confirming vulnerabilities and then they'll be more secure than IE!

#4 By 7754 (216.160.8.41) at 9/20/2005 4:58:55 PM
LUA! LUA! LUA! It can't get here fast enough.

#5 By 32132 (207.81.85.238) at 9/20/2005 9:03:46 PM
#3 Actually, in 2005 Secunia lists 11 advisories for IE 6:

http://secunia.com/product/11/?period=2005#statistics

And 23 for Firefox:

http://secunia.com/product/4227/?period=2005#statistics

Mozilla admits to 53 Firefox security issues in 2005 - 13 critical, 11 high, 15 moderate:

http://www.mozilla.org/projects/security/known-vulnerabilities.html


53!!!!

This post was edited by NotParker on Tuesday, September 20, 2005 at 21:05.

#6 By 12071 (203.185.215.149) at 9/20/2005 9:35:07 PM
#3 "All the Mozilla Foundation has to do is stop confirming vulnerabilities and then they'll be more secure than IE!"
See how innovative Microsoft are! All this time they were ignoring all the security risks, not confirming the bugs so at the end they could claim how secure they really are!

#7 By 3653 (68.52.61.116) at 9/20/2005 10:07:19 PM
kabuki - do anything but address the FACTS/REALITY

#8 By 28388 (199.126.246.128) at 9/20/2005 10:26:43 PM
#7 Just use the software, Firefox still outshines IE in so many ways, with support for TABS, extensions like ADBLOCK, BUGMENOT, NOSCRIPT IMAGEZOOM and many others, my browsing experience has never been so rich. And pain free for over a year.

I cannot see how you can defend either, in most cases the patches have been provided in a timely fashion for both browsers, and most users have some form of software firewalls, script blockers and anti virus installed which mitigate most security concerns in both browsers. Unless of course you believe anyone produces bugfree software.

#9 By 2231 (68.100.199.62) at 9/20/2005 10:44:38 PM
Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."

He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"

#10 By 3653 (68.52.61.116) at 9/21/2005 1:03:18 AM
When comparing the security of firefox to ie... I believe I would choose to believe Symantec over the president of mozilla europe.

call me crazy

#11 By 12071 (203.185.215.149) at 9/21/2005 1:34:29 AM
#7 "do anything but address the FACTS/REALITY"
But if I did that then I'd come off sounding like you or Parkkker!

#10 "call me crazy"
crazy!

#12 By 11131 (64.132.138.66) at 9/21/2005 9:37:41 AM
Both of them have their bugs/vulnerablities, I will stick with the one that I like the best -- Firefox. I love the extensions (Adblock, FocastcastFox, etc...). And at least with Firefox I don't have to worry about some website using ActiveX holes to install spyware/malware on my computer.

Alister

#13 By 32132 (207.81.85.238) at 9/21/2005 10:26:49 AM
http://www.theregister.co.uk/2005/09/21/linux_firefox_security_bug/

"Security researchers have discovered a new vulnerability with Firefox that might allow hackers to seize control of Unix or Linux machines running vulnerable versions of the popular alternative browser software. The vulnerability can only be exploited on Unix or Linux based environments. Firefox users at risk are advised to upgrade to version 1.0.7 to guard against attack."

#14 By 32132 (207.81.85.238) at 9/21/2005 10:38:37 AM
#9 "In the period 2003 to 2005 ... "

Hmmm. Lets see. The president of Mozilla Europe uses the period 2003 to 2005 which predates Firefox for over 2 years and only counts Firefox vulnerabilities, not the other 100 or more security vulnerabilities in Mozilla -- despite knowing full well that Firefox is just a pretty face on the Mozilla code base?

What a dishonest weasel.

#15 By 37 (67.37.29.142) at 9/21/2005 1:51:45 PM
I see the opensource apologists are out in full force tripping over their tongues as usual. It's unfortunate that their favorite browser is ridden with security holes. And it's even worse when the companies marketing campaign lies about their own browser (they state that it's "secure").

How could you possibly defend such a poorly written product created by a company that promotes their product with lies and deception? Firefox is horrible.

This post was edited by AWBrian on Wednesday, September 21, 2005 at 13:52.

#16 By 61 (65.32.175.192) at 9/21/2005 6:51:04 PM
Stupid free Opera.

#17 By 12071 (203.185.215.149) at 9/21/2005 9:14:50 PM
#15 "How could you possibly defend such a poorly written product created by a company that promotes their product with lies and deception? "
'Pot.. Kettle.. Black..' - You should be able to answer that one yourself - you're consistently defending Microsoft!

#18 By 3653 (68.52.61.116) at 9/22/2005 2:05:11 AM
kabuki - true to form... still talking about IE. Still failing to address firefox.

IE7 will rule all

#19 By 15406 (216.191.227.68) at 9/22/2005 5:08:48 PM
Gee, look what happens when I have to actually work hard for awhile. I missed all the fun.

Yep, it's a nasty Firefox hole. Good thing they already fixed it before the hole was publicly announced. Good thing its users won't have to wait months for a fix to come out. Good thing that Firefox management didn't waste time slamming the exploit release while dodging questions about when a fix will be available.

Meanwhile, I finally got off my ass and ditched Lookout Express at home for Thunderbird, and I am impressed. No more spam. No more waiting 10 minutes for a small newsgroup with to catch-up. I can have a preview pane again without having my system owned by embedded script in an email.

#20 By 32132 (207.81.85.238) at 9/22/2005 6:38:07 PM
#22 "Good thing its users won't have to wait months for a fix to come out."

Too bad the patching mechanism is atrocious and 99% of FF users will stay unpatched. Especially after being lied to about Firefox being secure!

#22 "ditched Lookout Express at home for Thunderbird"

"Mozilla Corp.'s Thunderbird e-mail client for Linux suffers from the same serious vulnerability as its Firefox browser, a security firm said Thursday. The difference: Thunderbird has not been patched.

...

Secunia's only recommendation was a terse "Do not use Thunderbird as the default mail handler." "

http://informationweek.com/story/showArticle.jhtml?articleID=171100282

This post was edited by NotParker on Thursday, September 22, 2005 at 18:40.

#21 By 12071 (203.185.215.149) at 9/23/2005 12:22:21 AM
#23 Thank you for warning Latch about a potential bug in Thunderbird. Of course if you had bothered to learn how to read like I have asked you to do for what seems like several years now you would have understood that the bug you mention only affects Thunderbird when it is run on Unix/Linux. Given that Latch specifically mentioned Lookout Express, it's safe to assume he is running some version of Windows and hence his copy of Thunderbird in unaffected by the bug you mentioned. Oh, and there is a patch available on bugzilla - but I guess if you had mentioned all of that then you would have been left with nothing else to say!

#22 By 15406 (216.191.227.68) at 9/23/2005 9:56:11 AM
#23: users smart enought o run Firefox are smart enough to maintain their systems properly.

#24: Amen, brother. But don't be too hard on Parkkker. It's hard for him to pay attention to what he's reading when he's got one eye on the screen and the other eye on the Bill G poster on his wall.

#23 By 32132 (142.32.208.233) at 9/23/2005 1:43:36 PM
#25 "users smart enought o run Firefox are smart enough to maintain their systems properly. "

Not according to my webserver logs. The few suckers running Firefox are for the most part unpatched.

Maybe AW could tell us what their logs say.

#24 "Lookout Express"? I assumed you meant some open source rip-off of Outlook Express. Isn't that what Linux is all about - stealing other peoples ideas?

#24 "Oh, and there is a patch available on bugzilla "

And who cares about untested and unreleased patches?

#24 By 15406 (216.191.227.68) at 9/23/2005 1:43:54 PM
#23: And by the way, Paul Thurrott of WinInformant had this to add:

And the Mozilla Foundation argues that counting vulnerabilities is flawed since it measured these things differently from Microsoft, which combines multiple vulnerabilities into single disclosures. Mozilla, it says, is more transparent and open about its flaws, and fixes them more quickly. Turns out, the Mozilla Foundation is correct: Looking back over the past several months, one can see that Microsoft does indeed bundle flaws together in order to release few patches. I guess that's all part of the company's integration strategy.

#25 By 15406 (216.191.227.68) at 9/23/2005 1:50:15 PM
#26: users smart enough to maintain their systems are smart enough to stay away from anything you admin, assuming you're not just making it all up.

I assumed you meant some open source rip-off of Outlook Express. Isn't that what Linux is all about - stealing other peoples ideas?

By that brain-dead logic, MS has 'stolen' every single thing they've ever done. There were operating systems, email programs, web browsers, word processors, IM clients, etc, etc, etc long before MS made them. But please don't stop. You're keeping me in stitches with your every post.

Write Comment
Return to News
  Displaying 1 through 25 of 329
Last | Next
  The time now is 7:25:42 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *