Ironman273 Posted January 1, 2009 Share Posted January 1, 2009 Firefox tops list of 12 most vulnerable appsPosted by Ryan Naraine @ 10:41 am Mozilla?s flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform. According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008. These flaws exposed millions of Windows users to remote code execution attacks. The other applications on the list are all well-known and range from browsers to media players, to VOIP chat and anti-virus software programs. Here?s Bit9?s dirty dozen: full report (.pdf) for information on how the list was put together, including criteria for iSource: ZDNet4"]ZDNet[/url] Link to comment Share on other sites More sharing options...
Brandon Posted January 1, 2009 Share Posted January 1, 2009 ive had no problems Link to comment Share on other sites More sharing options...
thealexweb Posted January 1, 2009 Share Posted January 1, 2009 It's not the most vulnerable app, these are holes that have been closed, since it has no holes at the moment it is equally arguable that its the most secure app. Annoyed at post title, change to List of 12 most secured apps. Secured suggests work has been done to lock apps down to keep them secure. Link to comment Share on other sites More sharing options...
ThaCrip Posted January 1, 2009 Share Posted January 1, 2009 i aint to worried about using Firefox since they typically patch flaws quickly. Link to comment Share on other sites More sharing options...
Scorbing Posted January 1, 2009 Share Posted January 1, 2009 It's not the most vulnerable app, these are holes that have been closed, since it has no holes at the moment it is equally arguable that its the most secure app. Annoyed at post title, change to List of 12 most secured apps. Secured suggests work has been done to lock apps down to keep them secure. Mmmmm.....They seem to have forgotten Internet Explorer. IE is worst than Mozilla. Also. seems to me every major browser, except Opera, has an issue. You don't want viruses executed on Mozilla? Install the NoScript add-on. As simple as that. And if you are still doubtful, disable Javascript entirely and stay away from Warez and porn sites! Link to comment Share on other sites More sharing options...
Nicholas-c Veteran Posted January 1, 2009 Veteran Share Posted January 1, 2009 I think its more "The people trying to get your credit card have the source code of the program you are using" more than its holey and filled with security problems Link to comment Share on other sites More sharing options...
Denholm Posted January 1, 2009 Share Posted January 1, 2009 So what's left? Safari or Google Chrome? :unsure: Link to comment Share on other sites More sharing options...
Scorbing Posted January 1, 2009 Share Posted January 1, 2009 So what's left? Safari or Google Chrome? :unsure: Safari and Chrome both use the same Webkit engine so they will both have the same security issues. Link to comment Share on other sites More sharing options...
-T- Member Posted January 1, 2009 Member Share Posted January 1, 2009 So what's left? Safari or Google Chrome? :unsure: Ummm Opera? It's free, fast and awesome :D Link to comment Share on other sites More sharing options...
The Canadian Posted January 1, 2009 Share Posted January 1, 2009 Microsoft: Bit9, come here. Bit9: Microsoft, what do you want? Microsoft: Well, we have some cash to give you. Bit9: Why would you give us cash, what's the catch?! Microsoft: When you bring out your list, please do not put IE on there, but say Mozilla's Firefox has lots of issues. Bit9: Okay, we'll do it! Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted January 1, 2009 Veteran Share Posted January 1, 2009 What ordering system are they using, because their second most vulnerable item has more vulnerabilities than Firefox does. Link to comment Share on other sites More sharing options...
Blindlabel013 Posted January 1, 2009 Share Posted January 1, 2009 Ummm Opera?It's free, fast and awesome :D Link to comment Share on other sites More sharing options...
DigitalE Posted January 1, 2009 Share Posted January 1, 2009 Well, I use 1, 2, 3, 4, 5, and 10. I must be very vulnerable. Link to comment Share on other sites More sharing options...
Ci7 Posted January 1, 2009 Share Posted January 1, 2009 hahhaha Link to comment Share on other sites More sharing options...
I am Reid Posted January 1, 2009 Share Posted January 1, 2009 Microsoft: Bit9, come here.Bit9: Microsoft, what do you want? Microsoft: Well, we have some cash to give you. Bit9: Why would you give us cash, what's the catch?! Microsoft: When you bring out your list, please do not put IE on there, but say Mozilla's Firefox has lots of issues. Bit9: Okay, we'll do it! Why post something like this? Go get the facts and come back and prove the article is wrong. You can do that right? Why would they include messenger, but not IE? I know no one will even bother replying to my post, but thats fine, because I know you wont be able to provide the facts for what you claim, and by not responding just proves me right. Link to comment Share on other sites More sharing options...
arrrgh Posted January 1, 2009 Share Posted January 1, 2009 This kind of comparison is completely invalid for one simple reason: Different vendors have different disclosure practices. Since I'm most familiar with Mozilla and Firefox I use them as an example, Mozilla does full disclosure on all their security issues, IE/Opera/Safari only reveal security issues that were found by 3rd party researchers. Since over half of all Firefox security issues are found by in-house staff, it's logical to assume that other vendors find even more of their security issues (especially the ones that are closed source). Hence this kinda of comparison favors heavily vendors that have poor security policies. Link to comment Share on other sites More sharing options...
Denholm Posted January 1, 2009 Share Posted January 1, 2009 One small problem. Obama is a Mac user. :laugh: Link to comment Share on other sites More sharing options...
megamanXplosion Posted January 1, 2009 Share Posted January 1, 2009 Opera runs on Mac. Link to comment Share on other sites More sharing options...
Ci7 Posted January 1, 2009 Share Posted January 1, 2009 pacman eating big apple bit that brilliant :laugh: :D Link to comment Share on other sites More sharing options...
-Hiroshi- Posted January 1, 2009 Share Posted January 1, 2009 pacman eating big apple bit that brilliant :laugh: :D LOL! At least he's got a sense of humor. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted January 1, 2009 Veteran Share Posted January 1, 2009 According to Secunia, in 2008 the browsers had... Firefox 3: 8 Firefox 2: 10 IE6: 13 IE7: 11 I wonder what source Bit9 uses, and what sorting they use (Putting Firefox first seems arbitrary) Link to comment Share on other sites More sharing options...
DanManIt Posted January 1, 2009 Share Posted January 1, 2009 ^ Exactly, doesn't make sense Link to comment Share on other sites More sharing options...
tunafish Posted January 1, 2009 Share Posted January 1, 2009 Did you guys EVEN bother to read the .PDF file? I will take that as a NO. The applications on this list meet the following criteria. 1)Runs on Microsoft Windows. 2)Is well-known in the consumer space and frequently downloaded by individuals. 3)Is not classified as malicious by enterprise IT organizations or security vendors. 4)Contains at least one critical vulnerability that was: a. first reported in January 2008 or after, b. registered in the U.S.National Institute of Standards and Technology?s (NIST) official vulnerability database at http://nvd.nist.gov,and c. given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS). 5)Relies on the end user,rather than a central administrator,to manually patch or upgrade the software to eliminate the vulnerability,if such a patch exists. 6)The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.Note that in most cases,the vendors of these applications have issued patches or other instructions for eliminating the vulnerability. But the nature of these applications is such that the user is responsible for implementing the patch.Enterprise IT organizations can not reliably ensure these patches have been properly applied?if at all representing an inherent exposure in protecting the enterprise network. Finally,the applications on the list have been ranked according to the popularity of the application,number and severity of vulnerabilities, and difficulty of detection and/or patching by central IT. 3) Monitor the Internet for new vulnerabilities. 4) Monitor your PCs using soft- ware identification services. 5) Enforce application controls using Bit9 Parity. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted January 1, 2009 Veteran Share Posted January 1, 2009 So IE's excluded because it's built into Windows, and so can be updated via WSUS? Link to comment Share on other sites More sharing options...
tunafish Posted January 1, 2009 Share Posted January 1, 2009 Yes, the point of this report was to highlight applications that had security holes and are commonly used BUT cant be easy updated in a corp network Link to comment Share on other sites More sharing options...
Recommended Posts