Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Firefox More Secure? Tops ‘Most Vulnerable’ List

We’ve all heard our geekier friends say it, right? “You should use Firefox.” Well, I’ve some good news and bad news today, folks. Firefox users, version update 3.0.5 is now available. This update cures – among others things – 4 “critical” security flaws.
MFSA 2008-69 XSS¹ vulnerabilities in SessionStore
MFSA 2008-68 XSS¹ and JavaScript privilege escalation
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-60 Crashes with evidence of memory corruption

This good (and important) because Bit9, a trusted IT Security products vendor, ranks 2008’s “Most Vulnerable” Windows applications as:
1) Mozilla Firefox
2) Adobe Flash & Acrobat
3) EMC VMware Player,Workstation and other products
4) Sun Java Runtime Environment (JRE)
5) Apple QuickTime, Safari & iTunes
6) Symantec Norton (all flavors 2006-2008)
7) Trend Micro OfficeScan
8) Citrix (Cisco VPN Client, Blue Coat,WinProxy, SafeNet SoftRemote and HighAssurance Remote)
9) Aurigma, Lycos (Aurigma ActiveX FileUploader is used by Facebook PhotoUploader and MySpaceUploader)
10) Skype

To see the complete list, the criteria used in the assessment, the details, and the cures², click here.

I don’t think this is the “Number One” anybody wants to be. And, I want to be perfectly clear here — all browsers have flaws, and this isn’t “just a Windows problem”, it’s cross-platform.

There’s also the phenomenon of “Web 2.0” going on (give the people what they want) which puts the pressure on providers to give us more – more “interactive” content, more animations, more surveys and forms, more chat windows and widgets, more links and “feeds”, more Flash, more Java, more maps.. in short, more vulnerabilities.
To make your browser “safe”, you have to turn off (aka “block” and/or “disable”) all that stuff.

I use Firefox 3.0 (and am testing 3.1 Beta2 starting today), but I have NoScript -with all the switches thrown (see, How To Block iFrames*), Flashblock, and Ad Block Plus installed.
I also run IE 7, with SpywareGuard and SelectView installed.
And I run Avant and Opera occasionally as well.

Usually.. inside of of SandBoxie.

And.. to be honest, I still don’t “feel safe” surfing the Web. What does that tell you?

¹ Cross Site Scripting. One of the hacker’s favorite methods.
² I’ll give you a hint.. the cure is almost always a patch issued as an update.

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

December 17, 2008 - Posted by | advice, browsers, computers, cyber crime, Firefox, hackers, how to, IE 7, Internet, News, PC, security, software, tech, Windows

3 Comments »

  1. […] arturoafc54 wrote an interesting post today onHere’s a quick excerpt We’ve all heard our geekier friends say it, right? “You should use Firefox.” Well, I’ve some good news and bad news today, folks. Firefox users, version update 3.0.5 is now available. This update cures – among others things – 4 “critical” security flaws.MFSA 2008-69 XSS¹ vulnerabilities in SessionStoreMFSA 2008-68 XSS¹ and JavaScript privilege escalationMFSA 2008-65 Cross-domain data theft via script redirect error messageMFSA 2008-60 Crashes with evidence of memory corruption This good (and important) because Bit9, a trusted IT Security products vendor, ranks 2008’s “Most Vulnerable” Windows applications as:1) Mozilla Firefox2) Adobe Flash & Acrobat3) EMC VMware Player,Workstation and other products4) Sun Java Runtime Environment (JRE)5) Apple QuickTime, Safari & iTunes6) Symantec Norton (all flavors 2006-2008)7) Trend Micro OfficeScan Citrix (Cisco VPN Client, Blue Coat,WinProxy, SafeNet SoftRemote and HighAssurance Remote)9) Aurigma, Lycos (Aurigma ActiveX FileUploader is used by Facebook PhotoUploader and MySpaceUploader)10) Skype To see the complete list, the criteria used […] […]

    Like

    Pingback by Firefox More Secure? Tops ‘Most Vulnerable’ List | December 17, 2008 | Reply

  2. […] to the Opera mobile web report, social networking contributes…Hooeey.com – web 2.0 startup Firefox More Secure? Tops ‘Most Vulnerable’ List – techpaul.wordpress.com 12/17/2008 We’ve all heard our geekier friends say it, right? “You […]

    Like

    Pingback by Posts about Web 2.0 as of December 18, 2008 | The Lessnau Lounge | December 18, 2008 | Reply

  3. […] Credit: techpaul […]

    Like

    Pingback by 2008 Vulnerabilities List « TTC Shelbyville - Technical Blog | December 19, 2008 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: