Note:
It's always difficult to know how much of someone else's work to quote, but this is important. I don't think Firefox is any more vulnerable than Explorer, but it's being downloaded by a lot of people who think it's invulnerable. Whatever browser you choose you will have to patch and upgrade. You'll have to be vigilant and informed, because software's not perfect, isn't likely to ever be perfect, and only informed users can exert the pressure to make any software better. Ignorance means someone else controls and owns your computer. You're just the one who paid for it.Be informed. Don't keep paying in time, anguish or money.
Sermon ends here.
Alfred Ingram
[Updated: 9/16/2005 7:22PM] Now that Firefox has become the first viable contender to Microsoft Internet Explorer in years, its popularity has brought with it some unwanted attention. Last week's premature disclosure of a zero-day Firefox exploit came a few weeks after a zero-day exploit for Internet Explorer appeared on the Internet. Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months.
Update: A lot of people have complained that I didn't list the number of actual 'in-the-wild' attacks against the two browser platforms. The problem with this theory is that they either didn't read the entire article or they don't understand what I meant by 'published exploits' in the second chart in this blog. When I say published exploit, I mean a downloadable script or source code that can be used to attack real live browsers in the wild. These are not simple advisories that talk about certain theoretical exploits. Published exploits are basically freebies for professional hackers and script kiddies to use in the wild.… "
Here is a break down of recent vulnerabilities:
| Month | Firefox 1.x Vulnerabilities | IE 6.x Vulnerabilities |
| Sept 2005 | 1 | 0 |
| Aug 2005 | 0 | 4 |
| July 2005 | 10 | 1 |
| June 2005 | 2 | 1 |
| May 2005 | 3 | 1 |
| Apr 2005 | 9 | 3 |
| Mar 2005 | 15 | 0 |
| Total | 40 | 10 |
Note that this is not a count of the number of advisories because advisories can contain multiple vulnerabilities. This is a count of the actual number of vulnerabilities.
Here is a break down of recent published exploits:
| Month | Firefox Exploits | IE Exploits |
| Sept 2005 | 1 | 0 |
| Aug 2005 | 0 | 3 |
| July 2005 | 4 | 1 |
| June 2005 | 0 | 0 |
| May 2005 | 4 | 0 |
| April 2005 | 2 | 2 |
| Total | 11 | 6 |
http://blogs.zdnet.com/Ou/?p=103&tag=nl.e550
http://blogs.zdnet.com/Ou/wp-trackback.php?p=1
Posts
No comments:
Post a Comment