Bugs Swell In Browsers in 2006
During the first six months of 2006, hackers found 47 bugs in Mozilla's open-source browsers and 38 in Internet Explorer, says Symantec in its twice-yearly published "Internet Security Threat Report". This is significantly higher than the previous six months when there were 17 Mozilla and 25 IE bugs.
A similar doubling of bugs appeared in Apple's 'Safari' browser, which increased to 12 in the first half of 2006 from 6 in the second half of 2005. Opera was the only browser that had the number of bugs dropped from 9 to 7 during the same period.
Although attackers' most popular targeted choice is Internet Explorer, no browser is invulnerable. 31 percent of attacks aimed at more than one browser and 20 percent directed at Mozilla's 'Firefox'.
The crooks discovered the bogus commands, which they sent over the Net to infect weak machines. The attacks popularly used 'buffer overflow' technique and took over the PCs without the users surfing the Web, reading e-mails, or clicking on links.
According to Marc Maiffret, chief technology officer with 'Eye Digital Security Inc.', browser bugs are relatively easy to locate and exploit. In an instant message, he said people realized that striking the applications on the desktop is an easier method to break into business and consumer activities and steal things compared to server flaws.
With regard to bug fixing, the 'open-source project' got the highest marks although Mozilla had more bugs than IE. On an average, it fixed the bugs within a day of discovery, the quickest of all measured browsers. Opera was second in rank, taking about two days. With a 5-day patching work, Safari was third. Following Safari was Microsoft that averaged 9 days for every patch.
A surfer's choice of a browser does not imply its automatic immunity from browser-based attacks. Most attacks are aimed at Internet Explorer, which is economically viable for malware authors because IE is used by almost 85 percent surfers today. However, no one is completely safe, making it essential that web surfers all over the world practice dubious computing. In addition, before using a browser, it should be correctly configured.
Related article: Bug Hunters and Their ‘Responsible Disclosures’
» SPAMfighter News - 30-09-2006