Topic: Firefox has more holes than IE - Report (Read 3054 times)

Monty · « **on:** March 22, 2005, 08:39:41 am »

http://www.theinquirer.net/?article=22008

Quote

MOZILLA-BASED BOWSERS have more holes than Internet Explorer, Symantec said in its seventh half-yearly Internet Security Threat Report, published yesterday.

The report said Symantec had found 21 vulnerabilities in browsers such as Firefox, compaed with 13 in IE. A spokesman told the Aussie paper The Age that malicious attacks on Firefox were bound to increase as the brower becomes more popular.

Apple’s browser, Safari, was hole-free during the six months to the end of 2004, the company reckoned. But OS X was leaky as a sieve, notching up 37 high-severity vulnerabilities during the period.

Most malicious attaks emanate from the US, which was responsible for 30 percent of those counted by Symantec. China and Germany notched up eight percentage points each, to rank joint second.

The UK emerged as the country with the highest percentage of worldwide bot-infected computers. Just over a quarter of all bots sneaked into UK computers with the US (24.6 per cent) and China (7.8 per cent) in second and third place. Considering the relative sizes of these countries, that’s a pretty scary figure.

Symantec spokesman, Nigel Beighton, said Britain’s bot glut, "is directly linked to the rapid roll-out of broadband in this country."

"Unfortunately, new broadband users may not be fully aware of the additional safety precautions that need to be taken when using an always-on high-speed Internet connection," he said. µ

Pestalence_XC · « **Reply #1 on:** March 22, 2005, 09:20:45 am »

And people don't want to believe me when I advocate Windows and IE.

If you really want to secure up windows, contact me and I will send some settings that will close 7 to 8 of the remaining holes in IE.. the holes are in the Active X control settings and is completely configurable.

toasty0 · « **Reply #2 on:** March 22, 2005, 10:04:52 am »

Hey Pesty,

If you don't already know, I though you might like to know a new MBSA is out: http://support.microsoft.com/default.aspx?scid=kb;en-us;320454

Jerry

Pestalence_XC · « **Reply #3 on:** March 22, 2005, 11:16:25 am »

I hav 1.2.1, and have been waiting for the 2.0.. 2.0 is still internal beta at Microsoft, but should be available by june.

Nemesis · « **Reply #4 on:** March 22, 2005, 07:17:37 pm »

Then there is the other Inquirer article. Link to story

Quote

Firefox users better protected than Internet Explorer users

IE users "unsafe" for 98 per cent of 2004

By Paul Hales: Tuesday 22 March 2005, 14:12
INTERNET EXPLOER USERS spent much more time during 2004 with holes in their security pants, compared to securely-clad Firefox users, web consultancy, ScanIT, reckons.

The consultancy says Microsoft's IE was "unsafe" for 98 percent of 2004, while rival browser Mozilla was "unsafe" for only 15 percent of the time.

toasty0 · « **Reply #5 on:** March 22, 2005, 07:25:25 pm »

Quote from: IKV Nemesis on March 22, 2005, 07:17:37 pm

Then there is the other Inquirer article. Link to story

Quote
Firefox users better protected than Internet Explorer users

IE users "unsafe" for 98 per cent of 2004

By Paul Hales: Tuesday 22 March 2005, 14:12
INTERNET EXPLOER USERS spent much more time during 2004 with holes in their security pants, compared to securely-clad Firefox users, web consultancy, ScanIT, reckons.

The consultancy says Microsoft's IE was "unsafe" for 98 percent of 2004, while rival browser Mozilla was "unsafe" for only 15 percent of the time.

Golly, Nem, almost 12 hours! What took you so long? D~

Jerry

Nemesis · « **Reply #6 on:** March 22, 2005, 07:46:36 pm »

Quote from: toasty0 on March 22, 2005, 07:25:25 pm

Golly, Nem, almost 12 hours! What took you so long? D~

Jerry

Long days and short nights are starting to catch up compounded by last weeks allergy episode.

That and making sure that I can get into GW5 with a few battles VS AI to scrape the rust off my Romulan playing skills.

Monty · « **Reply #7 on:** March 23, 2005, 02:52:35 pm »

Quote from: Pestalence on March 22, 2005, 09:20:45 am

And people don't want to believe me when I advocate Windows and IE.

If you really want to secure up windows, contact me and I will send some settings that will close 7 to 8 of the remaining holes in IE.. the holes are in the Active X control settings and is completely configurable.

Hey pestalence,

could you perhaps post a topic on the subject - i can see it being a useful sticky topic reference.

I don't use IE(much) but I would be interested to see what advice you have on the subject.

Nemesis · « **Reply #8 on:** March 23, 2005, 07:34:50 pm »

Firefox 1.02 and Thunderbird 1.02 are out.

Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Link to Firefox Download

Fixed in Thunderbird 1.0.2
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
Link to Thunderbird Download

News: