Topic: Firefox has more holes than IE - Report  (Read 3060 times)

0 Members and 1 Guest are viewing this topic.

Offline Monty

  • Lt. Junior Grade
  • *
  • Posts: 123
  • Gender: Male
Firefox has more holes than IE - Report
« on: March 22, 2005, 08:39:41 am »
http://www.theinquirer.net/?article=22008

Quote
MOZILLA-BASED BOWSERS have more holes than Internet Explorer, Symantec said in its seventh half-yearly Internet Security Threat Report, published yesterday.

The report said Symantec had found 21 vulnerabilities in browsers such as Firefox, compaed with 13 in IE. A spokesman told the Aussie paper The Age that malicious attacks on Firefox were bound to increase as the brower becomes more popular.

Apple’s browser, Safari, was hole-free during the six months to the end of 2004, the company reckoned. But OS X was leaky as a sieve, notching up 37 high-severity vulnerabilities during the period.

Most malicious attaks emanate from the US, which was responsible for 30 percent of those counted by Symantec. China and Germany notched up eight percentage points each, to rank joint second.

The UK emerged as the country with the highest percentage of worldwide bot-infected computers. Just over a quarter of all bots sneaked into UK computers with the US (24.6 per cent) and China (7.8 per cent) in second and third place. Considering the relative sizes of these countries, that’s a pretty scary figure.

Symantec spokesman, Nigel Beighton, said Britain’s bot glut, "is directly linked to the rapid roll-out of broadband in this country."

"Unfortunately, new broadband users may not be fully aware of the additional safety precautions that need to be taken when using an always-on high-speed Internet connection," he said. µ

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: Firefox has more holes than IE - Report
« Reply #1 on: March 22, 2005, 09:20:45 am »
And people don't want to believe me when I advocate Windows and IE.

If you really want to secure up windows, contact me and I will send some settings that will close 7 to 8 of the remaining holes in IE.. the holes are in the Active X control settings and is completely configurable.
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Firefox has more holes than IE - Report
« Reply #2 on: March 22, 2005, 10:04:52 am »
Hey Pesty,

If you don't already know, I though you might like to know a new MBSA is out: http://support.microsoft.com/default.aspx?scid=kb;en-us;320454


Jerry
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: Firefox has more holes than IE - Report
« Reply #3 on: March 22, 2005, 11:16:25 am »
I hav 1.2.1, and have been waiting for the 2.0.. 2.0 is still internal beta at Microsoft, but should be available by june.
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Firefox has more holes than IE - Report
« Reply #4 on: March 22, 2005, 07:17:37 pm »
Then there is the other Inquirer article.  Link to story

Quote
Firefox users better protected than Internet Explorer users

IE users "unsafe" for 98 per cent of 2004

By Paul Hales: Tuesday 22 March 2005, 14:12
INTERNET EXPLOER USERS spent much more time during 2004 with holes in their security pants, compared to securely-clad Firefox users, web consultancy, ScanIT, reckons.

The consultancy says Microsoft's IE was "unsafe" for 98 percent of 2004, while rival browser Mozilla was "unsafe" for only 15 percent of the time.


Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Firefox has more holes than IE - Report
« Reply #5 on: March 22, 2005, 07:25:25 pm »
Then there is the other Inquirer article.  Link to story

Quote
Firefox users better protected than Internet Explorer users

IE users "unsafe" for 98 per cent of 2004

By Paul Hales: Tuesday 22 March 2005, 14:12
INTERNET EXPLOER USERS spent much more time during 2004 with holes in their security pants, compared to securely-clad Firefox users, web consultancy, ScanIT, reckons.

The consultancy says Microsoft's IE was "unsafe" for 98 percent of 2004, while rival browser Mozilla was "unsafe" for only 15 percent of the time.





Golly, Nem, almost 12 hours! What took you so long? D~

Jerry
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Firefox has more holes than IE - Report
« Reply #6 on: March 22, 2005, 07:46:36 pm »

Golly, Nem, almost 12 hours! What took you so long? D~

Jerry

Long days and short nights are starting to catch up compounded by last weeks allergy episode.  :(

That and making sure that I can get into GW5 with a few battles VS AI to scrape the rust off my Romulan playing skills.  :)
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Monty

  • Lt. Junior Grade
  • *
  • Posts: 123
  • Gender: Male
Re: Firefox has more holes than IE - Report
« Reply #7 on: March 23, 2005, 02:52:35 pm »
And people don't want to believe me when I advocate Windows and IE.

If you really want to secure up windows, contact me and I will send some settings that will close 7 to 8 of the remaining holes in IE.. the holes are in the Active X control settings and is completely configurable.


Hey pestalence,

could you perhaps post a topic on the subject - i can see it being a useful sticky topic reference.

I don't use IE(much) but I would be interested to see what advice you have on the subject.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Firefox has more holes than IE - Report
« Reply #8 on: March 23, 2005, 07:34:50 pm »
Firefox 1.02 and Thunderbird 1.02 are out.

Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Link to Firefox Download

Fixed in Thunderbird 1.0.2
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
Link to Thunderbird Download
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."