Symantec: Mozilla browsers more vulnerable than IE
Published: 19 Sep 2005 14:00 BST
Mozilla Web browsers are currently potentially more vulnerable to attack than Microsoft's Internet Explorer (IE), according to a Symantec report out on Monday; the same report also found that today's hackers are still focusing their efforts on IE.
Mozilla browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, insisted earlier this year that Mozilla browsers were fundamentally more secure than IE, and would not face as many problems as IE even as their marker share grows. But Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied". Eighteen of these were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," according to the report.
The average severity rating of the vulnerabilities associated with both Internet Explorer and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited".
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft only generally releases patches on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred", but added that it "expects this to change as alternative browsers become increasingly widely deployed."
The Mozilla Foundation had not responded to requests for comment at the time of writing.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure". Instead, "client-side systems — primarily end-user systems — [are] becoming increasingly prominent targets of malicious activity".
Web browser vulnerabilities are becoming a preferred entry point into systems, according to the report.
The report also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Update: After this story was published, Mozilla responded to Symantec's claims and defended its security record. Click here to read more.
Did you find this article useful?
108 out of 193 people found this useful
- Share this article:
Full Talkback thread
13 comments
-
More lies and damned lies. Read all about the nons... bod the builder -
Look at their own statistics, current situation:
F... Anonymous
-
Horsefeathers! guy with tie
-
yeeeaaaaa right...wow ...symantec...i will never r... Magnus Grander
-
Symantec is rite mozilla sucks ive noticed it... Anonymous -
Only illiterate MSCE technicians prefer... Mark -
**Quote by Mark***
----------------... Jolo
-
I think there's a difference between breaking an e... Arthur B.
-
Why do you give these losers any press? The stuff... Kent Sievers
-
It's about time security firms make people aware o... Gerald Hanweck
-
Rubbish.... Reports have been missread AGAIN. Ryan Jones
-
Rubbish - crap as usual.... I've had more problems... Ryan Jones
-
What a comment... utter crap lol.
Symantec is just... Anonymous
