Symantec: Mozilla browsers more vulnerable than IE

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

Symantec: Mozilla browsers more vulnerable than IE

Postby Shao Feng-Li » Sun Sep 25, 2005 3:48 pm

http://news.zdnet.com/2100-1009_22-5873273.html?tag=nl.e589

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report.

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.

According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied," the report's authors stated. Eighteen of these flaws were classified as high severity.

"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report noted.

The average severity rating of the vulnerabilities associated with both IE and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited."

The Mozilla Foundation did not immediately respond to requests for comment.

Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft generally releases patches only on a monthly basis.

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred," but added that it "expects this to change as alternative browsers become increasingly widely deployed."

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure." Instead, "client-side systems--primarily end-user systems--(are) becoming increasingly prominent targets of malicious activity."

Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated. It also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
User avatar
Shao Feng-Li
 
Posts: 5187
Joined: Sun Oct 12, 2003 12:00 pm
Location: Idaho

Postby blkmage » Sun Sep 25, 2005 5:21 pm

And for those who are interested, here is Mozilla's response: http://news.zdnet.co.uk/0,39020330,39219186,00.htm
User avatar
blkmage
 
Posts: 4529
Joined: Mon May 03, 2004 5:40 pm

Postby Locke » Sun Sep 25, 2005 5:50 pm

Oooh, Mozilla's got spunk. I like that.
Secret Bumping Club Member #10 - geocities.com/arphage/sbc.html

When you find yourself in the company of a halfling and an ill-tempered
Dragon, remember, you do not have to outrun the Dragon...
...you just have to outrun the halfling.
User avatar
Locke
 
Posts: 3691
Joined: Tue Oct 28, 2003 4:00 am
Location: SoCal

Postby Slater » Sun Sep 25, 2005 6:26 pm

lol browser wars.

IE: *attacks Mozilla*
Firefox: *retaliates with incendary bombs*
IE: *requests backup from WinXP SP3*
Firefox: *sends troops to guard security holes*
IE: *tries to take over the internet*
Firefox: *supporters of Firefox thwart IE's plans*
IE: *upgrades to IE version 28 build 5932, which isn't supposed to come out for another 8 and a half years*
Firefox: *laughs as users' computers can't handle load*
IE: *launches nukes*
Firefox: *launches ICBMs*

...
err... uh...
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby calbhach » Sun Sep 25, 2005 8:00 pm

Oooooh, yeah...I heard about this over at another forum I visit. I'm glad the people at Mozilla responded like that.


Adopted ~ The Melody Maker :)

Adopted by ~ CephasVII :D

Adopted as a pet by ~ 1BalloonPopper ^_^

Adopted pets ~ Marbles (1BalloonPopper) =D
User avatar
calbhach
 
Posts: 280
Joined: Thu May 29, 2003 9:03 pm
Location: I live in....a submarine! Whoosh~

Postby Arnobius » Sun Sep 25, 2005 8:30 pm

Well, I did get a virus that got through Firefox (luckilly PC Cillin caught it right away)... I don't like it's certificate handling. You click no when it asks if you want to accept it and half the time it seems like it installs the applet anyway.

However, to make IE like Firefox would take a lot of bloated third party software so the advantage goes to Firefox right now
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm

Postby Fsiphskilm » Sun Sep 25, 2005 9:43 pm

My my...
Last edited by Fsiphskilm on Mon Jan 16, 2017 8:17 pm, edited 2 times in total.
I'm leaving CAA perminantly. i've wanted to do this for a long time but I've never gathered the courage to let go.
User avatar
Fsiphskilm
 
Posts: 3853
Joined: Mon Nov 03, 2003 12:00 pm
Location: USA

Postby Slater » Sun Sep 25, 2005 9:45 pm

I've gotten lots of viri through Firefox, now that I think about it... but Norton caught them all.
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby Fsiphskilm » Sun Sep 25, 2005 9:52 pm

Well if
Last edited by Fsiphskilm on Mon Jan 16, 2017 8:17 pm, edited 1 time in total.
I'm leaving CAA perminantly. i've wanted to do this for a long time but I've never gathered the courage to let go.
User avatar
Fsiphskilm
 
Posts: 3853
Joined: Mon Nov 03, 2003 12:00 pm
Location: USA

Postby Slater » Sun Sep 25, 2005 9:57 pm

oh no, I don't get viruses by downloading. I get them by browsing.
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby shooraijin » Sun Sep 25, 2005 11:40 pm

Eh? I use Firefox on the desktop PC they force me to use at work, and I haven't had any such thing. What was the name of the virus(es) that was/were detected?
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby Slater » Sun Sep 25, 2005 11:54 pm

mostly worms like bloodhound. I guess that's what I deserve for surfing warez sites tho ^^;;;;;
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby shooraijin » Mon Sep 26, 2005 12:01 am

But Norton uses Bloodhound to indicate possible viruses detected by its heuristics ... ? That means they're either unnamed or misdetected, unless you're not using Norton.

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.html

Unless you mean this, which is a VB virus and so can't spread through Firefox, since it doesn't use VBA.

http://www.virusthreatcenter.com/virus.aspx?virus=42
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby Slater » Mon Sep 26, 2005 12:07 am

I really wasn't paying attention to details. I'd just be browsing through a site that was still loading and Norton would pop up saying "Oh hey, I deleted this virus thing for you." I remember seeing the name Bloodhound a lot, but I wasn't paying much attention, just glad the viruses were deleted.
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby shooraijin » Mon Sep 26, 2005 2:29 pm

It's a hard jump to say you're getting it through Firefox, though (to be fair, though, it's hard to say where you're getting it at all unless there's a virus known to spread through a particular application vulnerability). You might take note of what subtype of Bloodhound Norton is reporting, because based on how it seems to be getting around, you can cross some names off your list (for example, VBS-based viruses can't be communicated through Mozilla [unless you download and run them] because it has no Visual Basic scripting host).
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby Fsiphskilm » Mon Sep 26, 2005 6:02 pm

I kno
Last edited by Fsiphskilm on Mon Jan 16, 2017 8:17 pm, edited 1 time in total.
I'm leaving CAA perminantly. i've wanted to do this for a long time but I've never gathered the courage to let go.
User avatar
Fsiphskilm
 
Posts: 3853
Joined: Mon Nov 03, 2003 12:00 pm
Location: USA

Postby Arnobius » Mon Sep 26, 2005 6:51 pm

shooraijin wrote:Eh? I use Firefox on the desktop PC they force me to use at work, and I haven't had any such thing. What was the name of the virus(es) that was/were detected?

JAVA_BYTEVER.R

This got picked up when a site wanted to install an applet. Firefox asked if I wanted to accept the certificate, and I said no... and Firefox installed it anyway

At any rate it looks like this is the info on it: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA%5FBYTEVER%2ER&VSect=P
You do not have the required permissions to view the files attached to this post.
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm

Postby shooraijin » Mon Sep 26, 2005 9:42 pm

The acceptance of the certificate, as I understand it, only allows it to do certain privileged operations, and doesn't affect anything else. I don't use much Java in Firefox, but I don't think saying "no" completely prohibits the applet from running -- it just can't do operations that need advanced or secured credentials.

The ByteVerify malware exploits a flaw of the Microsoft JVM, so whether Firefox lets it run or not, it's still ultimately Microsoft's bug.
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby Kaligraphic » Mon Sep 26, 2005 11:24 pm

I know that, using Opera, I've seen alerts about IE browser exploits. It turns out to be the copy of the page cached by Opera. Turns out, though, Opera isn't exploit-compatible, so it doesn't work. The AV program just recognizes the signature because it matches the cached page, which is unmodified.

[fanboi=Opera]Of course, Opera is still the best[/fanboi], but if you're getting that kind of message, it may be the same kind of situation.
The cake used to be a lie like you, but then it took a portal to the deception core.
User avatar
Kaligraphic
 
Posts: 2002
Joined: Wed Jul 21, 2004 12:00 pm
Location: The catbox of DOOM!

Postby Shao Feng-Li » Tue Sep 27, 2005 12:01 pm

On my laptop I use Firefox and I don't have any virus protection at all. There's not a thing wrong with it.
User avatar
Shao Feng-Li
 
Posts: 5187
Joined: Sun Oct 12, 2003 12:00 pm
Location: Idaho

Postby Arnobius » Tue Sep 27, 2005 5:41 pm

shooraijin wrote:The acceptance of the certificate, as I understand it, only allows it to do certain privileged operations, and doesn't affect anything else. I don't use much Java in Firefox, but I don't think saying "no" completely prohibits the applet from running -- it just can't do operations that need advanced or secured credentials.

The ByteVerify malware exploits a flaw of the Microsoft JVM, so whether Firefox lets it run or not, it's still ultimately Microsoft's bug.

Makes sense I guess. Of course I think my Java is from Sun... I think the legal stuff between MS and Sun means JVM can't be gotten directly from MS, and supposedly is only for IE, so I'm not sure what the significance is for this on Firefox.

Well, Trend Micro nailed it anyway, so no harm done. Did catch me by suprise though.
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm

Postby Steeltemplar » Tue Sep 27, 2005 8:37 pm

Firefox is what I use and it's always been fantastic.

I think most of the guys in the tech shop I work in also use it.
Headbangers United

"There is no surer sign of decay in a country than to see the rites of religion held in contempt." - Niccolo Machiavelli

"But even as Josue and Caleb declared that the Land of Promise was good and fair, and that the possession of it would be easy and pleasant; so the Holy Spirit, speaking by all the Saints, and our Blessed Lord Himself assure us that a devout life is a lovely, a pleasant, and a happy life." - from An Introduction to the Devout Life, by St. Francis de Sales

Loyal subject of Sakura-hime, the RP Princess.
CR-chan's faithful PNC.
FF-chan's NiichanB.
User avatar
Steeltemplar
 
Posts: 1373
Joined: Wed Mar 09, 2005 10:32 pm
Location: United States of Whatever

Firefox Can Be Hijacked

Postby Arnobius » Tue Sep 27, 2005 8:57 pm

I had a site hijack Firefox (1.0.7) this evening. I think it was one of those popup security sites. No matter what I clicked it tried to scan my computer. I had to use Task Manager to shut Firefox down to escape.

Admittedly the score is 1 hijack for firefox and a whole bunch for IE, but I think people should be aware nothing is 100% safe.
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm

Postby shooraijin » Wed Sep 28, 2005 7:40 am

Give me the URL. I want to look at that. If legit, it should be reported. (You can PM me if you'd rather not post it in public; I'll be looking at it with a Mac first to read the HTML and/or JavaScript.)

EDIT: Also, Flash can be a variable. Even with pop-ups disabled, Flash applets can trigger new windows and/or run and do things. Firefox, or for that matter any browser, can't enforce behaviour on plug-ins because plug-ins run as native code, not within the browser's security model.
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby animegirl1 » Wed Sep 28, 2005 8:30 am

um i dont get all this technical stuff but yeah i have mozilla firefox
The Letter from God Dear child, Despite your silence, I have heard your soul weeping. Why have you been so unhappy? Have you forgotten my everlasting love for you? Child, you are mine. Why have you not called my name sooner? If you seek me, I will answer. I am your counselor, ready to instruct you and show you which path to take. When you come to me, I will embrace you and silence all your fears. Just remember that I am here to hold you close and dry your tears. I will always be right beside you. Not only am I your father, but your best friend. Do not be afraid to ask for my mercy and forgiveness. I know that its hard to live on earth, so I understand when you fall down once in awhile, ask me for help, and I will pick you up and carry you. No one loves you more than I do. When you feel alone, remember I am beside you. When you feel helpless, remember I offer myself to you. When you feel lost, remember I will lead you, and when you feel forgotten, remember that you are my child and I will love you unconditionally. It is never too late to come home. I will be here waiting, ready to embrace you. I will leave the light on for you. Forever with you, God

-------------------------------------------------------

i have proudly adopted:dytae jessie88 and edochick ^_^

98% of the teenage population does or has tried smoking pot. If you're one of the 2% who hasn't, copy & paste this in your signature.

:dance: :dance: :dance: :dance: :dance: :dance:
User avatar
animegirl1
 
Posts: 205
Joined: Sun Aug 07, 2005 6:27 pm
Location: texas

Postby Arnobius » Wed Sep 28, 2005 10:22 am

[quote="shooraijin"]Give me the URL. I want to look at that. If legit, it should be reported. (You can PM me if you'd rather not post it in public]
Ahh crud... that would have been the smart thing to do. At the time though, my main concern was putting a stop to it (In retrospect, disconnecting the DSL would have been smarter than the 3 finger salute). Unfortunately, I pretty well did everything short of wiping the hard drive to make sure there was nothing on my computer. So unless you know of some place that tends to get overlooked on Windows that would keep tabs on that after the History/Cache gets cleared out, I can't give the URL.

Hmm, the applet thing may have been a factor. it was one of those windows box things that appeared
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm

Postby shooraijin » Wed Sep 28, 2005 1:56 pm

Nothing comes to mind. If you do hit it again, though, let's get to the bottom of it. Maybe it's an annoyance that only looks like it's causing trouble, but if it's real, we should definitely make sure whatever flaw is behind it gets fixed.
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby Arnobius » Wed Sep 28, 2005 2:47 pm

shooraijin wrote:Nothing comes to mind. If you do hit it again, though, let's get to the bottom of it. Maybe it's an annoyance that only looks like it's causing trouble, but if it's real, we should definitely make sure whatever flaw is behind it gets fixed.

Right... next time I make a note and PM you

Sorry for dropping the ball there
User avatar
Arnobius
 
Posts: 2870
Joined: Thu Dec 02, 2004 11:41 pm


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 145 guests