Firefox the most vulnerable browser.

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Before you start thinking ATNO has gone mad, I'm not making it up

http://www.net-security.org/secworld.php?id=8489

Quote:
Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • mk27
  • Proficient
  • Proficient
  • User avatar
  • Posts: 334

Post 3+ Months Ago

Hmm...I wonder if this is just because it is the most widely used browser, just like windows wins hands down for viruses -- because people who write viruses write them mostly for windows.

Which brings up an interesting question about what the "web browser" vulnerabilities are, since they are distinguished from SQL injection, "web server vulnerabilities", etc. Methinks they would have to be a combination of firefox AND windows, since this is based on a count of potential exploits (3100 of them). So, surprise, surprise, of those 3100 exploits, some significant number will target the most popular OS via the most popular browser.

Also, this does not measure actual attacks -- 450 of those "vulnerabilities" could be exploits only tried and identified once.

Really, it is an interesting data set to gather, but I am sure it is presented in this way ("Which browser is most vulnerable!") just to garner some attention, because factoring in those two circumstances (the OS, and how often an exploit is actually used) could make a HUGE difference. Also, there is the potential damage an exploit can do, etc.

IMO, "SQL Injection" is just one kind of exploit, but according to that table it accounts for 25% of web mischief -- three times as much as all the browser exploits combined. So does that mean "SQL injection" is 25% of the 3100 attacks? If there are 7-800 "different" kinds of SQL injection according to this "study", I am beginning to think this is kind of a near meaningless busy-body type report.
  • digitalMedia
  • a.k.a. dM
  • Genius
  • User avatar
  • Posts: 5149
  • Loc: SC-USA

Post 3+ Months Ago

This is a bit of a surprise. I would imagine, however, that the folks at Mozilla will react with priority to close any security gaps.

I'm going to guess there will be a lot of people that will argue with this report. Either way, I believe good browsing habits are paramount to security.

mk27 wrote:
Hmm...I wonder if this is just because it is the most widely used browser...

:scratchhead:
You must read completely different stats than I do. Out of all the sites I host, FF never goes beyond 25%.
  • mk27
  • Proficient
  • Proficient
  • User avatar
  • Posts: 334

Post 3+ Months Ago

digitalMedia wrote:
You must read completely different stats than I do. Out of all the sites I host, FF never goes beyond 25%.


According to W3C FF accounts for 45-50% of browser use:

http://www.w3schools.com/browsers/browsers_stats.asp
  • digitalMedia
  • a.k.a. dM
  • Genius
  • User avatar
  • Posts: 5149
  • Loc: SC-USA

Post 3+ Months Ago

W3schools isn't representative of the browsing public at large. C'mon.

Quote:
W3Schools is a website for people with an interest for web technologies. These people are more interested in using alternative browsers than the average user. The average user tends to use Internet Explorer, since it comes preinstalled with Windows. Most do not seek out other browsers.


http://en.wikipedia.org/wiki/Usage_shar ... b_browsers
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Here are the browser stats for Ozzu. Keep in mind ozzu has a technical minded audience like W3Schools which is probably why things are similiar.

Attachments:
ozzu_browser_stats_20091111.jpg

Ozzu Browser Stats from Oct-Nov, 2009

  • mk27
  • Proficient
  • Proficient
  • User avatar
  • Posts: 334

Post 3+ Months Ago

digitalMedia wrote:
W3schools isn't representative of the browsing public at large. C'mon.


Their stats are not based on visits to W3C! It looks to me like the difference might stem from the fact that they count "the last 25000 visits to all sites" as opposed to the last 25 gazillion visits anywhere, in which case 20% of those will be to Coca-cola, etc. But anyway, point taken.

It does raise the question of what people use their browser for and how these exploits take place. Again, if "SQL Injection" accounts for 25% of 3100 different "exploits" then it is easy to see how you could have one basic exploit with 500 variations, and use that to generate stats.

And, again, I imagine for linux users 99% of the firefox "exploits" are irrelevant.

So the study is interesting in that it identifies the growth rate of the number of identified exploits, but "the conclusion" vis different browsers seems an absurd stretch. If exploit #372 is used millions of times daily, exploit #766 that was identified once six months ago carries as much statistical weight.
  • digitalMedia
  • a.k.a. dM
  • Genius
  • User avatar
  • Posts: 5149
  • Loc: SC-USA

Post 3+ Months Ago

mk27 wrote:
Their stats are not based on visits to W3C!


I don't think W3schools and W3C are affiliated. So, their stats aren't based on W3C traffic in any case. ;)
Quote:
Refsnes Data is a Norwegian software development and consulting company focusing on

Client / Server Databases
Data Warehousing
Internet Database Applications
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

It wouldn't surprise me. People think they're invincible when using Firefox because of the way Firefox boasts about being secure. Meaning they do stupid things and ignore the good browsing habbits dM mentioned.

Firefox, the Titanic of browsers.
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

joebert wrote:
Firefox, the Titanic of browsers.


Thats funny, I like that. I wonder too if firefox has more vulnerabilities just because people are purposefully looking for them. Mozilla says "Firefox is the safest" and some pimple faced computer nerd says "we'll see about that!" so it gets special attention just because of those claims, almost like a challenge to crack it. When a new version of IE comes out microsoft just says it is safer rather than the safest on the web.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Not to go too far off topic, but to settle the market share debate, it depends on a lot of things. This summary of a white paper produced by Janco shows, IE with a market share of 67.98% compared to second place firefox at 19.22%

http://e-janco.com/browser.htm

Janco has been monitoring browser market share since 1997. However unlike w3schools or ozzu who's target audience is more techie type people:

Quote:
A summary of Janco’s white paper can be found on IT-Toolkits (http://www.it-toolkits.com/browser.php), the Janco web site (http://www.e-janco.com/browser.php), and the IT Productivity Center’s web site (http://www.itproductivity.org/browser.php).

Janco has collected consistent data on browser activity since September 1997. The data is captured from commercial sites that focus on business-to-business activity. The full white paper with excel spreadsheets is available for $249.
  • mk27
  • Proficient
  • Proficient
  • User avatar
  • Posts: 334

Post 3+ Months Ago

ATNO/TW wrote:
Not to go too far off topic,


:roll:

The line in red would seem to indicate something, since the web is not exclusively a commercial environment -- vis, these statistics are for commercial developers and do not reflect the totality of things. Do news site count as "commercial sites that focus on business-to-business activity"? What about social networking sites? Probably not, but both of those account for a large portion of web traffic, I would guess.

Anyway, I wasn't trying to be contentious, I was just under the impression that in the past half a dozen years IE had lost most of it's market share to FF. Obviously that is not really true, so I stand corrected.

IMO the moral here (regarding both topics) is to beware of "statistics abuse" and over generalization.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I have an iPhone related site where the primary audience is Safari.
  • digitalMedia
  • a.k.a. dM
  • Genius
  • User avatar
  • Posts: 5149
  • Loc: SC-USA

Post 3+ Months Ago

Yeah, the only usage stats that are important to me are from sites that I host and work on. I don't really care if anyone wins the browser war.
  • devilwood
  • Silver Member
  • Silver Member
  • User avatar
  • Posts: 436

Post 3+ Months Ago

On all my sites the stats stay very close for browser usage. Most of my sites are small, local businesses and range from southeast US up to North Carolina and on up to Michigan.

IE - ~ 80% - 85%
FF - ~ 15%
Various others ~ 2% - 10%

Seems like everytime I do a new site and a few months go by to build some stats and I look at the stats, I'm never surprised.

Personally, I'm really enjoying Chrome. I'm getting just unbelievable performance out of it.

I agree the point of this topic is that most of the people I know that use FF always boast the things "they heard" about its security and in fact it's got it's fair share of problems like all the other browsers. dM said it with good surfing/browsing/download habits is the ticket.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, luckygal, according to that article I posted the link to, currently Opera is the least vulnerable browser, followed closely by Internet Explorer. Opera is also a very fast, secure and customizable browser. I would say more so than Firefox, and I suspect Joebert will back me up on that. It is probably your current safest bet on a browser.

In terms of IE, I think everyone got the willies over it because of all the unpatched vulnerabilities in IE6, and the overall bad design of IE7. However, with the advent of IE8, I am much more comfortable with it overall, in fact can even say for the first time I even like it. I used to use FF exclusively, but now I give IE8 nearly equal time, and always have both browsers open and after reading this article and a few others have started paying more attention to Opera and Chrome as well.
  • dyfrin
  • Expert
  • Expert
  • User avatar
  • Posts: 503
  • Loc: WI

Post 3+ Months Ago

In the report I don't see any of the reported vulnerabilities.

I would like to see if these vulnerabilities were from what add-ons could do to the browser, rather than the base browser.
  • kc0tma
  • o|||||||o
  • Web Master
  • User avatar
  • Posts: 3318
  • Loc: Trout Creek, MT

Post 3+ Months Ago

I think the safest browser is between your ears (your brain). Really, any browser including IE6 can be safe as long as you use common sense. If you are checking the ballance of your bank account but it just doens't look right, it probably isn't and you should get out asap. No browser will be totally phishing-proof, and that seems to be one of the big bad problems on the web these days.
  • advisortrevor
  • Born
  • Born
  • advisortrevor
  • Posts: 3

Post 3+ Months Ago

Yes that is true ... But it is one of the fastest and the safest as well...
  • advisortrevor
  • Born
  • Born
  • advisortrevor
  • Posts: 3

Post 3+ Months Ago

Yes it the most Vulnerable but the best as well ....
  • TopTraffic
  • TopTraffic.org
  • Bronze Member
  • User avatar
  • Posts: 46
  • Loc: Canada

Post 3+ Months Ago

Mozilla is used by advanced Internet users ...
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

TopTraffic wrote:
Mozilla is used by advanced Internet users ...


I can't agree with that. That statement isn't even logical. In fact it is non sequitur ("it does not follow"). My girlfriend uses it, and she is not an advanced internet user. She is what I would deem an "average" or "typical" home internet user. In addition several of the employees at work use it, primarily because I've asked them to and no other reason. They wouldn't have known it even existed if I hadn't installed it on the machines.
  • digitalMedia
  • a.k.a. dM
  • Genius
  • User avatar
  • Posts: 5149
  • Loc: SC-USA

Post 3+ Months Ago

TopTraffic wrote:
Mozilla is used by advanced Internet users ...


I'm not sure that's true. I find it's used by people who are connected to web development and programming. But that also includes folks who think Access databases are the height of technology.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I think advanced Internet users generally use things other than browsers more than they use browsers.

Post Information

  • Total Posts in this topic: 24 posts
  • Users browsing this forum: No registered users and 35 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.