Processing .....please wait.. 
The article has been forwarded.... 
Mozilla Firefox most vulnerable browser
By
siliconindia news bureau
Bangalore: Despite stereotypes, Mozilla's Firefox is significantly more vulnerable to web attacks than any of its rivals. About 44 percent of the 3,100 exploits tracked by researchers attacked the open-source browser, while only 15 percent of them would work in Internet Explorer.
According to the study conducted by web applications security vendor Cenzic, Safari is notably much closer to Firefox in vulnerability as 35 percent of exploits could affect the platform, while Opera's small market share left just six percent of attacks putting it at risk.
The Safari share is partly affected by Cenzic's inclusion of the mobile Safari browser on the iPhone and iPod touch, which triggered a "vast increase" in the number of available exploits for Safari as a whole. Jailbreaks for Apple's devices have sometimes relied on web exploits in the past to run arbitrary code and break code signing requirements for iPhone apps, reports Electronista. Apple has only recently been mending some of these exploits and in iPhone OS 3.1 forced jailbreak developers to switch away from a longstanding trick.
Of all attack types, SQL injections are the most common at 25 percent while cross-site scripting (17 percent), phishing (14 percent) and rogue web servers (12 percent) also have some of the greatest effect.
Open-source advocates have historically argued that Firefox should be more secure as the ability of authors to discover and fix bugs mid-cycle where others are often unaware of apps due to obscurity. Internet Explorer in the past has been criticized for tools like ActiveX, which have often given websites direct access to a user's PC, but has since had most of its vulnerabilities closed off both through the browser and through patching holes in Windows.
According to the study conducted by web applications security vendor Cenzic, Safari is notably much closer to Firefox in vulnerability as 35 percent of exploits could affect the platform, while Opera's small market share left just six percent of attacks putting it at risk.
The Safari share is partly affected by Cenzic's inclusion of the mobile Safari browser on the iPhone and iPod touch, which triggered a "vast increase" in the number of available exploits for Safari as a whole. Jailbreaks for Apple's devices have sometimes relied on web exploits in the past to run arbitrary code and break code signing requirements for iPhone apps, reports Electronista. Apple has only recently been mending some of these exploits and in iPhone OS 3.1 forced jailbreak developers to switch away from a longstanding trick.
Of all attack types, SQL injections are the most common at 25 percent while cross-site scripting (17 percent), phishing (14 percent) and rogue web servers (12 percent) also have some of the greatest effect.
Open-source advocates have historically argued that Firefox should be more secure as the ability of authors to discover and fix bugs mid-cycle where others are often unaware of apps due to obscurity. Internet Explorer in the past has been criticized for tools like ActiveX, which have often given websites direct access to a user's PC, but has since had most of its vulnerabilities closed off both through the browser and through patching holes in Windows.
Reader's comments(4)
1: @\\\"About 44 percent of the 3,100 exploits
tracked by researchers attacked the
open-source browser, while only 15 percent of
them would work in Internet Explorer.\\\"
First, Mozilla runs a program that gives users an incentive to find security bugs and report them.
http://www.mozilla.org/security/bug-bounty.ht ml
Second, the vulnerable code is not made publicly known and most are only potentially exploitable not already being exploited at the time.
http://www.mozilla.org/projects/security/secu rity-bugs-policy.html
Third, Exploits found does not equal unpatched vulnerabilities the latter of which Firefox has few.
http://web.archive.org/web/20080207192416/htt p://www.techweb.com/wire/security/193005335
First, Mozilla runs a program that gives users an incentive to find security bugs and report them.
http://www.mozilla.org/security/bug-bounty.ht ml
Second, the vulnerable code is not made publicly known and most are only potentially exploitable not already being exploited at the time.
http://www.mozilla.org/projects/security/secu rity-bugs-policy.html
Third, Exploits found does not equal unpatched vulnerabilities the latter of which Firefox has few.
http://web.archive.org/web/20080207192416/htt p://www.techweb.com/wire/security/193005335
Posted by: Thor - 13 Nov, 2009
2: @"About 44 percent of the 3,100 exploits
tracked by researchers attacked the
open-source browser, while only 15 First,
Mozilla runs a program that gives users an
incentive to find security bugs and report
them.
http://www.mozilla.org/security/bug-bounty.ht ml
Second, the vulnerable code is not made publicly known and most are only potentially exploitable not already being exploited at the time.
http://www.mozilla.org/projects/security/secu rity-bugs-policy.html
Third, Exploits found does not equal unpatched vulnerabilities the latter of which Firefox has few.
http://web.archive.org/web/20080207192416/htt p://www.techweb.com/wire/security/193005335
http://www.mozilla.org/security/bug-bounty.ht ml
Second, the vulnerable code is not made publicly known and most are only potentially exploitable not already being exploited at the time.
http://www.mozilla.org/projects/security/secu rity-bugs-policy.html
Third, Exploits found does not equal unpatched vulnerabilities the latter of which Firefox has few.
http://web.archive.org/web/20080207192416/htt p://www.techweb.com/wire/security/193005335
Posted by: Thor - 13 Nov, 2009
3: Cenzic: IE tops browser vuln list with
Firefox second
http://blog.internetnews.com/skerner/2009/03/ cenzic-ie-tops-browser-vuln-li.html
http://blog.internetnews.com/skerner/2009/03/ cenzic-ie-tops-browser-vuln-li.html
Posted by: mantrik - 12 Nov, 2009
4:@"Of all attack types, SQL injections are the
most common"
This has nothing to do with the browser, its a server-side vulnerability.
This has nothing to do with the browser, its a server-side vulnerability.
Shantanu Tushar replied to: mantrik
post - 12 Nov, 2009
post - 12 Nov, 2009
Disclaimer
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous,
or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.
- Indian utility will buy 150,000 water meters
- IBM unveils new POWER7 systems
- CA extends support for Open Source
- Now pay credit card dues as a loan
- MBAs line up for jobs in healthcare
- Yes Bank to deploy Servion's IVR
- Sony to unveil in-box wireless technology
- GPS based application struggling to expand
- Hindustan Copper shares rise 10 percent
- AB Minacs buys tech solutions firm Radifinity
- Auto driver turns web entrepreneur
- Students make electric appliances operable via sms
- Change management: BSNL employees to PM
- An IITian lights 10,000 homes in rural Bihar
- Indians are over committed, reluctant to differ
- Indian entrepreneurs sign deals like housewives
- China 5th, India nowhere in top 15 UN patent filings
- Biggies back with bonuses, startups suffer
- Over 15,000 NRI resumes lying with Indian HR firms
- Obama's invitation to 'Bihar's Rickshaw Man'
