topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 12:45 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Firefox not safe at all  (Read 17625 times)

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Firefox not safe at all
« on: January 07, 2009, 01:09 PM »
How did this report stay unnoticed for 3 weeks? Did "you" choose to put the monocular in front of the blind eye, or what? Or is it, that "we" have chosen not to trust the result of the report? Well, anyway, I have eagerly been waiting for 8 hours to see who would post about this and have some wise words to say. But no-one have spoken, yet, so I guess I will have to do it, even though I have very little real knowledge about the subject - so I will pass it on as 'an info'.


Today CyberNet's email could tell this old news from December 15, 2008:

Firefox tops list of 12 most vulnerable apps

Firefox Considered Most Vulnerable App
Many people I know use Firefox because they’re told it’s the most secure browser, but this report says otherwise. In fact it puts it at the top of the list for being the most vulnerable app of 2008.
Others on the list include Flash, Skype, Norton, and QuickTime.
-CyberNet

On this list, number one is not the best, but the worst:

#1 Mozilla Firefox
In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.
-ZDNet

Read for yourself: >>> http://blogs.zdnet.com/security/?p=2304 <<<

The report was made by Bit9 (http://www.bit9.com/ "The Pioneer and Leader in Application Whitelisting"). Bit9 are partners with Symantec.

Bit9's report, pdf, 274 kb:

* Vulnerable_Apps_DEC_08.pdf (274.79 kB - downloaded 397 times.)

2009-01-07.gif

 :tellme:
 :tellme:
 :tellme:

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #1 on: January 07, 2009, 01:16 PM »
With popularity comes insecurity. Why do you think linux is still so "secure" ;-)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #2 on: January 07, 2009, 01:21 PM »
I'm sure this 'bogus report' was mentioned somewhere else on these forums when it was published.

Have you noticed anything missing on that list?

There is only one MS application listed and then in last place.

It doesn't even mention Internet Explorer which has consistently PROVED itself to be one of the most security compromised apps that MS have ever put out.

The report wasn't sponsored by any chance was it?

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 873
    • View Profile
    • linkerror
    • Donate to Member
Re: Firefox not safe at all
« Reply #3 on: January 07, 2009, 01:27 PM »
I think they should measure insecurity by the number of UNPATCHED vulnerabilities.

Any piece of software will have tons and tons of bugs, many of which will lead to security vulnerabilities.

Assuming you're writing extremely clean code, for every 1000 lines, there will be at least 1 bug. The software listed in the post above is huge and has orders of magnitude more lines of code in it. The fact that these things are getting patched is a good thing imho.

And as mentioned above, the more high-profile your software is, the more eyes will be looking at it and find flaws in it... This is a good thing and leads to more secure code in the end.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #4 on: January 07, 2009, 02:52 PM »
I am not even commenting on that "report".

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #5 on: January 07, 2009, 03:07 PM »
It is an interesting approach to security though - which apps have know issues? Surely it is the unknown issues that are the problem!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Firefox not safe at all
« Reply #6 on: January 07, 2009, 03:13 PM »
You need to comment on patched as well as unpatched bugs - a lot of users don't upgrade their software (even if auto-update is turned on). That said, where is Internet Explorer in the "report"? The fact that it's entirely missing makes me assign no credibility whatsoever to it.

Also, when looking at vulnerabilities, count is nothing - severity of the vulnerabilities is everything. And the severity labels that various security firms give aren't always correct, imho. Sure, a cross-site scripting bug is bad, and it might even be "severe". But it's a shitload less critical than something that can lead to automated remote code execution.

Hint: IE has had a lot of remote code execution, FireFox has had a lot less. But of course the attack vector is often flash or java (java, not javascript) which works pretty much the same in all browsers.

Bottom line: FireFox is still a bunch more secure than IE, and because it still doesn't have market dominance it isn't targeted as much as IE either, giving an even bigger advantage.

It is an interesting approach to security though - which apps have know issues? Surely it is the unknown issues that are the problem!
Yes and no. "Unknown" issues means that generally only a few people know of the bugs - the kind of people who're interested in keeping this knowledge to themselves, so they can attack really specific systems. Once exploits are used for zombie botnet purposes, they get known really fast - and it's the automated zombie-harvesting attacks we need to worry about.
- carpe noctem
« Last Edit: January 07, 2009, 03:16 PM by f0dder »

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #7 on: January 07, 2009, 05:41 PM »
What a joke. Can we change the topic to 'IE Zealot Trashes Firefox For No Apparent Reason'?

Ehtyar.

Hirudin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 543
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #8 on: January 07, 2009, 05:54 PM »
I must say, putting quotes around the word "report" thoroughly amuses me.

Sorry I don't have anything meaningful to add to the topic.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #9 on: January 07, 2009, 07:37 PM »
Sorry I don't have anything meaningful to add to the topic.
Well neither did I, but that's no excuse to reserve your opinion :P

Ehtyar.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #10 on: January 10, 2009, 01:51 AM »
Well, many of IE's patches address multiple threats, many of Firefox's patches are against theoretical threats, Microsoft only counted IE7 against Firefox 2 & 3 in the study, plus the amount of time the threats had the browser exposed for IE is much greater - one was ID's seven years prior and was just patched in 2008.

What Microsoft claimed is called FUD.   ;)

Jim

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #11 on: January 10, 2009, 02:07 AM »
All products are vulnerale. the USER is the main exploit entry.

No matter how safe your browsers are, if you constantly visit porn sites, chances are you will infect an virus.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #12 on: January 10, 2009, 04:06 AM »
All products are vulnerale. the USER is the main exploit entry.

No matter how safe your browsers are, if you constantly visit porn sites, chances are you will infect an virus.
Presuming you meant to say "chances are you will be infected by a virus", you are quite right. Well said.

Ehtyar.

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #13 on: January 10, 2009, 04:32 AM »
All products are vulnerale. the USER is the main exploit entry.

No matter how safe your browsers are, if you constantly visit porn sites, chances are you will infect an virus.
Presuming you meant to say "chances are you will be infected by a virus", you are quite right. Well said.

Ehtyar.

Sorry, My English is bad   :-[

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #14 on: January 10, 2009, 04:41 AM »
Nothing to worry about here, no one will criticize your English :)

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Firefox not safe at all
« Reply #15 on: January 10, 2009, 10:44 AM »
All products are vulnerale. the USER is the main exploit entry.

No matter how safe your browsers are, if you constantly visit porn sites, chances are you will infect an virus.
Depends on what kind of pr0n sites you visit 8)
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #16 on: January 12, 2009, 02:59 PM »
Even being an IE fan, I'd have to call that "report" total BS. And if Symantec was doing a crappy software list...I can think of a few of their own products that should have been on the top of that list...

jity2

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 126
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #17 on: January 29, 2009, 07:13 AM »
Hi,
Maybe try this paying online service (there is a 15 days trial ). I use the free version (no transfert possible with it - you can maybe send to yourself an email with the documents attached... or use web service like yousendit...)
« Last Edit: January 29, 2009, 08:36 AM by jity2 »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #18 on: January 29, 2009, 08:01 AM »
Hi,
Maybe try this paying online service (there is a 15 days trial ). I use the free version (no transfert possible with it - you can maybe send to yourself an email with the documents attached... or use web service like yousendit...)

did you forget a link there jity2, also,
I havent been following this thread (just read the first few & last few posts) but it this related ?
Tom

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #19 on: January 29, 2009, 08:09 AM »
It is related insofar as it is made of words from the English language that form sentences. Other than that I do not see a connection between firefox, that "report", donationcoder.com

jity2

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 126
    • View Profile
    • Donate to Member
Re: Firefox not safe at all
« Reply #20 on: January 29, 2009, 08:35 AM »
oups! with my apologizes! Thank you ! I thought I was answering to another donationcoder message!
https://www.donation...ndex.php?topic=16758
« Last Edit: January 29, 2009, 08:38 AM by jity2 »