Mozilla-based browsers increasingly targeted by hackers

jimnms · 03-21-2005, 07:04 PM

The growing popularity of Mozilla-based Web browsers appears to be attracting the attention of the malicious hacking community.

Between July 1, 2004, and Dec. 31, 2004, the number of documented vulnerabilities affecting the Mozilla browser and Mozilla's Firefox browser was higher than the number of vulnerabilities affecting Microsoft's Internet Explorer, according to the latest Internet Security Threat Report from Symantec Corp released today.

The report, which provides an update of Internet threat activity worldwide every six months, noted 13 vulnerabilities affecting Internet Explorer. That compared to 21 vulnerabilities affecting the Mozilla and Mozilla Firefox browsers during the survey period.

Internet Explorer, however, still had a higher proportion of serious vulnerabilities, with nine of the 13 flaws rated as highly severe. By comparison, 11 of the 21 Mozilla browser flaws were deemed highly severe, and just seven of Firefox flaws were seen as highly severe. The Internet Explorer flaws also took longer to fix -- an average of 43 days, compared to 26 days for Mozilla browsers.

"We are starting to see Firefox and Mozilla get more attention from attackers, and that is likely to continue," said Alfred Huger, senior director of engineering at Symantec. "People who are writing Trojans and worms that get distributed via Web browser vulnerabilities are looking for the highest yield."

Historically, Internet Explorer has been the most targeted browser because of its widespread use, but that could begin to change as Mozilla browsers gain popularity, he said. Since 1997, Symantec has documented 313 vulnerabilities for Internet Explorer, and less than 100 for Mozilla browsers.

Full Story

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

DA · 03-23-2005, 03:16 PM

it was nice while it lasted...

jimnms · 03-23-2005, 06:42 PM

What do you mean "while it lasted?" MS only patches their products once a month if that often. Mozilla.org patches their products whenever they fix something.

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

duge · 03-23-2005, 07:00 PM

I alway's use netscape as my browser, I think it may be a little better about thing's like those but not sure, anyway I like Netsacpe better myself

jimnms · 03-24-2005, 11:38 AM

Quote:

Originally posted by duge:

I alway's use netscape as my browser, I think it may be a little better about thing's like those but not sure, anyway I like Netsacpe better myself

Netscape is based off of an older build of Mozilla. You'd be better off by switching to Mozilla.

_____
Learn from the mistakes of others, you won't live long enough to make all of them yourself.

DA · 03-24-2005, 03:23 PM

i mean hackers will atack mozilla the same way they attack ie. mozilla ppl wont be able to keep pace.

Malamber · 03-26-2005, 10:25 AM

Because Internet Explorer uses a large feature set of shared objects provided by the operating system itself, the number of attack vectors it contains will always be larger than that of Mozilla. With the increased usage of Mozilla-based browsers, is only logical that increased attention will be made to the vectors that are available to exploit. Given all of this, the security of Mozilla is predicted to be consistently better. Granted, no browser is completely safe. even Mozilla is susceptible to cross-site scripting attacks.

Malamber

donbrid · 03-26-2005, 11:04 AM

Hi,

FWIW, Mozilla just released Firefox 1.0.2. It addresses some of the vulnerbility isses.

BTW, I'm new here. Great website.

03-21-2005, 07:04 PM	#1
jimnms Senior Member Join Date: Jan 2003 Location: Mississippi Posts: 2,673	Mozilla-based browsers increasingly targeted by hackers The growing popularity of Mozilla-based Web browsers appears to be attracting the attention of the malicious hacking community. Between July 1, 2004, and Dec. 31, 2004, the number of documented vulnerabilities affecting the Mozilla browser and Mozilla's Firefox browser was higher than the number of vulnerabilities affecting Microsoft's Internet Explorer, according to the latest Internet Security Threat Report from Symantec Corp released today. The report, which provides an update of Internet threat activity worldwide every six months, noted 13 vulnerabilities affecting Internet Explorer. That compared to 21 vulnerabilities affecting the Mozilla and Mozilla Firefox browsers during the survey period. Internet Explorer, however, still had a higher proportion of serious vulnerabilities, with nine of the 13 flaws rated as highly severe. By comparison, 11 of the 21 Mozilla browser flaws were deemed highly severe, and just seven of Firefox flaws were seen as highly severe. The Internet Explorer flaws also took longer to fix -- an average of 43 days, compared to 26 days for Mozilla browsers. "We are starting to see Firefox and Mozilla get more attention from attackers, and that is likely to continue," said Alfred Huger, senior director of engineering at Symantec. "People who are writing Trojans and worms that get distributed via Web browser vulnerabilities are looking for the highest yield." Historically, Internet Explorer has been the most targeted browser because of its widespread use, but that could begin to change as Mozilla browsers gain popularity, he said. Since 1997, Symantec has documented 313 vulnerabilities for Internet Explorer, and less than 100 for Mozilla browsers. Full Story _____ Learn from the mistakes of others, you won't live long enough to make all of them yourself.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

03-23-2005, 03:16 PM	#2
DA Senior Member Join Date: Jul 2001 Location: beaumont tx usa Posts: 32,390	it was nice while it lasted...

03-23-2005, 06:42 PM	#3
jimnms Senior Member Join Date: Jan 2003 Location: Mississippi Posts: 2,673	What do you mean "while it lasted?" MS only patches their products once a month if that often. Mozilla.org patches their products whenever they fix something. _____ Learn from the mistakes of others, you won't live long enough to make all of them yourself.

03-23-2005, 07:00 PM	#4
duge Senior Member Join Date: Nov 2003 Location: Indiana Posts: 4,446	I alway's use netscape as my browser, I think it may be a little better about thing's like those but not sure, anyway I like Netsacpe better myself

03-24-2005, 03:23 PM	#6
DA Senior Member Join Date: Jul 2001 Location: beaumont tx usa Posts: 32,390	i mean hackers will atack mozilla the same way they attack ie. mozilla ppl wont be able to keep pace.

03-26-2005, 10:25 AM	#7
Malamber Member Join Date: Feb 2004 Location: Atlanta, GA Posts: 39	Because Internet Explorer uses a large feature set of shared objects provided by the operating system itself, the number of attack vectors it contains will always be larger than that of Mozilla. With the increased usage of Mozilla-based browsers, is only logical that increased attention will be made to the vectors that are available to exploit. Given all of this, the security of Mozilla is predicted to be consistently better. Granted, no browser is completely safe. even Mozilla is susceptible to cross-site scripting attacks. Malamber

03-26-2005, 11:04 AM	#8
donbrid Junior Member Join Date: Mar 2005 Location: Midlothian, VA, USA Posts: 18	Hi, FWIW, Mozilla just released Firefox 1.0.2. It addresses some of the vulnerbility isses. BTW, I'm new here. Great website.