« Free Happy New Year Friendster Layouts/Themes/Skins/Backgrounds

Ipod Touch New Year Sale: Post Christmas Ipod Touch Sale »

Mozilla Firefox Most Vulnerable of 10 Most Vulnerable Softwares of 2008

December 28, 2008 · Filed Under Internet Security 

The news about Mozilla Firefox being the most vulnerable software of 2008 (Top 10 list of most vulnerable softwares review by expert) is expected. Many Firefox users have complained about Firefox vulnerabilities claiming that they got their passwords stolen and that Firefox cannot protect them from phising sites or when allegedly, Facebook was phishing info from its users during the Koobface Virus Attack).

Personally, I love Firefox. That is on a personal level. What I love are the availability of plugins, addons and extensions that help me work better online either as a blogger or as web developer. However, I have encountered countless Firefox crashes before. Sometimes, Firefox even closes when my internet connection is not available. This, among other abnormal behaviors of Firefox made it to the Top of the list of 10 Most Vulnerable Softwares of 2008. I can only agree. :-(

Here is the complete list of the 10 Most Vulnerable Softwares of 2008 according to Bit9 and various sources online:

  1. Mozilla Firefox: In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.
  2. Adobe Flash and Adobe Acrobat: Bit9 listed 14 flaws patched this year that exposed desktops of arbitrary remote code execution via buffer overflow,“input validation issues” and malformed parameters.
  3. EMC VMware Player,Workstation and other products: A total of 10 bugs introduced risks ranging from privilege escalation via directory traversal, ActiveX buffer overflows leading to arbitrary code execution and denial of service.
  4. Sun Java JDK and JRE, Sun Java Runtime Environment (JRE): Inability to prevent execution of applets on older JRE release could allow remote attackers to exploit vulnerabilities of these older releases. Buffer overflows allowing creation, deletion and execution of arbitrary files via untrusted applications. 10 patched vulnerabilities listed.
  5. Apple QuickTime, Safari and iTunes: In QuickTime, the list includes nine vulnerabilities that allow remote attackers to execute arbitrary code via buffer overflow, or cause a denial of service (heap corruption and application crash) involving malformed media files, media links and third party codecs. The Safari for Windows browser was haunted by three flaws that could be lead to arbitrary code execution and denial of service involving JavaScript arrays that trigger memory corruption. Apple’s iTunes software was susceptible to a remote improper update verification that allowed man-in-the-middle attacks to execute arbitrary code via a Trojan horse update.
  6. Symantec Norton products (all flavors 2006 to 2008): Stack-based buffer overflow in the AutoFix Support Tool ActiveX exposed Windows users to arbitrary code execution.
  7. Trend Micro OfficeScan: A total of four stack-based buffer overflows that opened doors for remote attackers to execute arbitrary code.
  8. Citrix Products: Privilege escalation in DNE via specially crafted interface requests affects Cisco VPN Client, Blue Coat WinProxy, SafeNet SoftRemote and HighAssurance Remote. Search path vulnerability, and buffer overflow lead to arbitrary code execution.
  9. Aurigma Image Uploader, Lycos FileUploader: Remote attackers can perform remote code execution via long extended image information.
  10. Skype: Improper check of dangerous extensions allows user-assisted remote attackers to bypass warning dialogs.Cross-zone scripting vulnerability allows remote attackers to inject script via Internet Explorer web control.

Two more products were include in the list (making it 12 Most Vulnerable Softwares of 200) and they are as follows:

  1. Yahoo Assistant: Remote attackers can execute arbitrary code via memory corruption.
  2. Microsoft Windows Live (MSN) Messenger: Remote attackers are allowed to control the Messenger application, “change state,” obtain contact information and establish audio or video connections without notification.

This also the reason why I am using other browsers like Flock, Google Chrome (another buggy software, I admit) and Opera. I’ve also tried Internet Explorer 8 Beta but I really don’t like it. Hence, I use multiple web browsers when I work online.

If you're new here, you may want to subscribe to my RSS feed for Free and get the latest updates and news on gadgets, cell phones, mp3 players, free downloadable softwares, computer tips, cell phone hacks, networking, game review and internet technology.

RELATED POSTS YOU SHOULD ALSO READ

Tags: Facebook Koobface Virus, Firefox 3.0.1 crashes, Firefox 3.0.1 Errors, Firefox is Vulnerable to Security Threats, Firefox Most Vulnerable Software of 2008, Web browser

Related Tags for this Article: vulnerable softwares, aurigma image uploader mozilla firefox problem, trend micro internet security 2008 softremote, top ten most vulnerable software, top 10 most vulnerable software in windows, mozilla firefox too heavy, most vulnerable feature of the internet, flock game buffer overflow, firefox is too heavy with videos, firefox crashing on facebook, counter script new moon for mozilla firefox, cisco vpn firefox crash, why cant i connect to internet with mozilla fox

Comments

2 Comments/Reviews on “Mozilla Firefox Most Vulnerable of 10 Most Vulnerable Softwares of 2008”

  1. Camper on December 28th, 2008 11:12 pm

    Mozilla is also too heavy. There’s a lot of addons, Yes. And that you got a lot of eye candies on it. Opera, as the first browser for Apple is good but it is too slow for me just like IE. Google Chrome… I don’t like it hehe. I still have Safari in my notebook despite the reviews. So far no problem with it. Fast, sleek and has a good display especially on fonts. As a web developer, yes i have all these browsers installed for testing purposes… but I already ruld out IE no matter what version it is. Almost all net cafes outside uses Mozilla Firefox.. and this is a bad news :D

    Camper’s last blog post..Notebooks vs. Netbooks 2009 Review

    [Reply]

    jessie Reply:
    January 1st, 2009 at 6:09 am

    Camper,

    Yes, that’s normal for most developers. I just really hope they can improve the security features of Firefox. About the addons, I’ve made sure the addons loading in Firefox is manageable. Too much addons will really kill the internal processes of the browser.

    jessie’s last blog post..Chocolates for the Holiday Season and Other Occasions

    [Reply]

Leave a Reply / Review of “Mozilla Firefox Most Vulnerable of 10 Most Vulnerable Softwares of 2008”




TopOfBlogs