ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Firefox not safe at all

(1/5) > >>

Curt:
How did this report stay unnoticed for 3 weeks? Did "you" choose to put the monocular in front of the blind eye, or what? Or is it, that "we" have chosen not to trust the result of the report? Well, anyway, I have eagerly been waiting for 8 hours to see who would post about this and have some wise words to say. But no-one have spoken, yet, so I guess I will have to do it, even though I have very little real knowledge about the subject - so I will pass it on as 'an info'.


Today CyberNet's email could tell this old news from December 15, 2008:

Firefox tops list of 12 most vulnerable apps
Firefox Considered Most Vulnerable App
Many people I know use Firefox because they’re told it’s the most secure browser, but this report says otherwise. In fact it puts it at the top of the list for being the most vulnerable app of 2008.
Others on the list include Flash, Skype, Norton, and QuickTime.-CyberNet
--- End quote ---

On this list, number one is not the best, but the worst:

#1 Mozilla Firefox: 
In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.-ZDNet
--- End quote ---

Read for yourself: >>> http://blogs.zdnet.com/security/?p=2304 <<<

The report was made by Bit9 (http://www.bit9.com/ "The Pioneer and Leader in Application Whitelisting"). Bit9 are partners with Symantec.

Bit9's report, pdf, 274 kb:

Vulnerable_Apps_DEC_08.pdf (274.79 kB - downloaded 400 times.)



 :tellme:
 :tellme:
 :tellme:

Josh:
With popularity comes insecurity. Why do you think linux is still so "secure" ;-)

Carol Haynes:
I'm sure this 'bogus report' was mentioned somewhere else on these forums when it was published.

Have you noticed anything missing on that list?

There is only one MS application listed and then in last place.

It doesn't even mention Internet Explorer which has consistently PROVED itself to be one of the most security compromised apps that MS have ever put out.

The report wasn't sponsored by any chance was it?

Gothi[c]:
I think they should measure insecurity by the number of UNPATCHED vulnerabilities.

Any piece of software will have tons and tons of bugs, many of which will lead to security vulnerabilities.

Assuming you're writing extremely clean code, for every 1000 lines, there will be at least 1 bug. The software listed in the post above is huge and has orders of magnitude more lines of code in it. The fact that these things are getting patched is a good thing imho.

And as mentioned above, the more high-profile your software is, the more eyes will be looking at it and find flaws in it... This is a good thing and leads to more secure code in the end.

housetier:
I am not even commenting on that "report".

Navigation

[0] Message Index

[#] Next page

Go to full version