Category: Security

Web Browsers Security. Opera, Internet Explorer, Safari, Firefox

By | July 12, 2007 | 29 Comments

After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.

Opera 9.x – Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)

Internet Explorer 7.x – Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.

Safari 2.x – Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.

Firefox 2.0.x – Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.

I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?

1. Opera 9.x – Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x – Most Insecure Web Browser?

Firefox “firefoxurl” URI Handler Registration Vulnerability

By | July 10, 2007 | 2 Comments

Secunia reported today about a new exploit for Firefox 2.0.0.4 (might affect previous builds as well).

A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.

Solution:
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.

Thor Larholm noted:

There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.