Jump to content



Photo

Firefox tops list of 12 most vulnerable apps


  • Please log in to reply
47 replies to this topic

#1 Ironman273

Ironman273

    Neowinian Fanatic

  • 7,727 posts
  • Joined: 26-October 01
  • Location: Florida
  • OS: Windows 8.1 Pro (Home & Work)
  • Phone: Nokia Lumia 920

Posted 01 January 2009 - 00:04

[quote]Firefox tops list of 12 most vulnerable apps
Posted by Ryan Naraine @ 10:41 am

Mozilla’s flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform.

According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008. These flaws exposed millions of Windows users to remote code execution attacks.

The other applications on the list are all well-known and range from browsers to media players, to VOIP chat and anti-virus software programs. Here’s Bit9’s dirty dozen:

    Mozilla Firefoxox: In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.Adobe Flash and Adobe Acrobatat: Bit9 listed 14 flaws patched this year that exposed desktops of arbitrary remote code execution via buffer overflow,“input validation issues” and malformed parametersEMC VMware Player,Workstation and other productsoducts: A total of 10 bugs introduced risks ranging from privilege escalation via directory traversal, ActiveX buffer overflows leading to arbitrary code execution and denial of serviceSun Java JDK and JRE, Sun Java Runtime Environment (JRE) (JRE): Inability to prevent execution of applets on older JRE release could allow remote attackers to exploit vulnerabilities of these older releases. Buffer overflows allowing creation, deletion and execution of arbitrary files via untrusted applications. 10 patched vulnerabilities listedApple QuickTime, Safari and iTunesiTunes: In QuickTime, the list includes nine vulnerabilities that allow remote attackers to execute arbitrary code via buffer overflow, or cause a denial of service (heap corruption and application crash) involving malformed media files, media links and third party codecs. The Safari for Windows browser was haunted by three flaws that could be lead to arbitrary code execution and denial of service involving JavaScript arrays that trigger memory corruption. Apple’s iTunes software was susceptible to a remote improper update verification that allowed man-in-the-middle attacks to execute arbitrary code via a Trojan horse updaSymantec Norton products (all flavors 2006 to 2008)to 2008): Stack-based buffer overflow in the AutoFix Support Tool ActiveX exposed Windows users to arbitrary code executiTrend Micro OfficeScanficeScan: A total of four stack-based buffer overflows that opened doors for remote attackers to execute arbitrary coCitrix ProductsProducts: Privilege escalation in DNE via specially crafted interface requests affects Cisco VPN Client, Blue Coat WinProxy, SafeNet SoftRemote and HighAssurance Remote. Search path vulnerability, and buffer overflow lead to arbitrary code executiAurigma Image Uploader, Lycos FileUploaderUploader: Remote attackers can perform remote code execution via long extended image informatiSkypeSkype: Improper check of dangerous extensions allows user-assisted remote attackers to bypass warning dialogs.Cross-zone scripting vulnerability allows remote attackers to inject script via Internet Explorer web contrYahoo Assistantssistant: Remote attackers can execute arbitrary code via memory corruptiMicrosoft Windows Live (MSN) Messengeressenger: Remote attackers are allowed to control the Messenger application, “change state,” obtain contact information and establish audio or video connections without notification.
    [/list]See Bit9’s full report (.pdf) for information on how the list was put together, including criteria for iSource: ZDNet4"]ZDNet[/url]


#2 Brandon

Brandon

    Neowin RUNNER

  • 13,012 posts
  • Joined: 06-July 03
  • Location: USA USA!

Posted 01 January 2009 - 00:05

ive had no problems

#3 thealexweb

thealexweb

    Neowinian Senior

  • 7,298 posts
  • Joined: 23-September 07
  • Location: United Kingdom

Posted 01 January 2009 - 00:09

It's not the most vulnerable app, these are holes that have been closed, since it has no holes at the moment it is equally arguable that its the most secure app. Annoyed at post title, change to List of 12 most secured apps. Secured suggests work has been done to lock apps down to keep them secure.

#4 ThaCrip

ThaCrip

    Neowinian Senior

  • 3,434 posts
  • Joined: 28-November 04
  • Location: USA

Posted 01 January 2009 - 00:14

i aint to worried about using Firefox since they typically patch flaws quickly.

#5 Scorbing

Scorbing

    Halo Master

  • 6,520 posts
  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 01 January 2009 - 00:15

It's not the most vulnerable app, these are holes that have been closed, since it has no holes at the moment it is equally arguable that its the most secure app. Annoyed at post title, change to List of 12 most secured apps. Secured suggests work has been done to lock apps down to keep them secure.




Mmmmm.....They seem to have forgotten Internet Explorer. IE is worst than Mozilla. Also. seems to me every major browser, except Opera, has an issue. You don't want viruses executed on Mozilla? Install the NoScript add-on. As simple as that. And if you are still doubtful, disable Javascript entirely and stay away from Warez and porn sites!

#6 vetNicholas-c

Nicholas-c

    Apeture Scientist #74395

  • 13,654 posts
  • Joined: 17-February 06
  • Location: Staffordshire, UK

Posted 01 January 2009 - 00:16

I think its more "The people trying to get your credit card have the source code of the program you are using" more than its holey and filled with security problems

#7 Denholm

Denholm

    Twitter: MacAndy74

  • 1,495 posts
  • Joined: 09-October 08
  • Location: ∞

Posted 01 January 2009 - 00:20

So what's left? Safari or Google Chrome? :unsure:

#8 Scorbing

Scorbing

    Halo Master

  • 6,520 posts
  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 01 January 2009 - 00:41

So what's left? Safari or Google Chrome? :unsure:



Safari and Chrome both use the same Webkit engine so they will both have the same security issues.

#9 +-T-

-T-

    Trapmaster

  • 2,388 posts
  • Joined: 03-December 01
  • Location: Western Australia & Scotland

Posted 01 January 2009 - 01:39

So what's left? Safari or Google Chrome? :unsure:





Ummm Opera?





It's free, fast and awesome :D

#10 The Canadian

The Canadian

    Neowinian

  • 1,088 posts
  • Joined: 03-June 08
  • Location: Canada

Posted 01 January 2009 - 03:00

Microsoft: Bit9, come here.

Bit9: Microsoft, what do you want?

Microsoft: Well, we have some cash to give you.

Bit9: Why would you give us cash, what's the catch?!

Microsoft: When you bring out your list, please do not put IE on there, but say Mozilla's Firefox has lots of issues.

Bit9: Okay, we'll do it!

#11 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • 19,146 posts
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 01 January 2009 - 03:13

What ordering system are they using, because their second most vulnerable item has more vulnerabilities than Firefox does.

#12 Blindlabel013

Blindlabel013

    Neowinian

  • 975 posts
  • Joined: 26-June 02
  • Location: Saint Charles, MO

Posted 01 January 2009 - 03:13

Ummm Opera?





It's free, fast and awesome :D



Posted Image

#13 DigitalE

DigitalE

    Tree Climber

  • 4,836 posts
  • Joined: 24-March 05
  • Location: Iowa

Posted 01 January 2009 - 03:17

Well, I use 1, 2, 3, 4, 5, and 10. I must be very vulnerable.

#14 Ci7

Ci7

    Neowinian Senior

  • 8,208 posts
  • Joined: 21-June 08
  • OS: Windows 8
  • Phone: Sony XZ

Posted 01 January 2009 - 03:23


hahhaha

#15 I am Reid

I am Reid

    Neowinian Senior

  • 4,409 posts
  • Joined: 03-November 05
  • Location: Columbus, Ohio

Posted 01 January 2009 - 04:20

Microsoft: Bit9, come here.

Bit9: Microsoft, what do you want?

Microsoft: Well, we have some cash to give you.

Bit9: Why would you give us cash, what's the catch?!

Microsoft: When you bring out your list, please do not put IE on there, but say Mozilla's Firefox has lots of issues.

Bit9: Okay, we'll do it!


Why post something like this? Go get the facts and come back and prove the article is wrong. You can do that right? Why would they include messenger, but not IE?


I know no one will even bother replying to my post, but thats fine, because I know you wont be able to provide the facts for what you claim, and by not responding just proves me right.



Click here to login or here to register to remove this ad, it's free!