We've all heard our geekier friends say it, right? "You should use Firefox." Well, I've some good news and bad news today, folks. Firefox users, version update 3.0.5 is now available. This update cures - among others things - 4 "critical" security flaws.
MFSA 2008-69 XSS¹ vulnerabilities in SessionStore
MFSA 2008-68 XSS¹ and JavaScript privilege escalation
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-60 Crashes with evidence of memory corruption
This good (and important) because Bit9, a trusted IT Security products vendor, ranks 2008's "Most Vulnerable" Windows applications as:
1) Mozilla Firefox
2) Adobe Flash & Acrobat
3) EMC VMware Player,Workstation and other products
4) Sun Java Runtime Environment (JRE)
5) Apple QuickTime, Safari & iTunes
6) Symantec Norton (all flavors 2006-2008)
7) Trend Micro OfficeScan
8) Citrix (Cisco VPN Client, Blue Coat,WinProxy, SafeNet SoftRemote and HighAssurance Remote)
9) Aurigma, Lycos (Aurigma ActiveX FileUploader is used by Facebook PhotoUploader and MySpaceUploader)
10) Skype
To see the complete list, the criteria used in the assessment, the details, and the cures², click here.
I don't think this is the "Number One" anybody wants to be. And, I want to be perfectly clear here -- all browsers have flaws, and this isn't "just a Windows problem", it's cross-platform.
There's also the phenomenon of "Web 2.0" going on (give the people what they want) which puts the pressure on providers to give us more - more "interactive" content, more animations, more surveys and forms, more chat windows and widgets, more links and "feeds", more Flash, more Java, more maps.. in short, more vulnerabilities.
To make your browser "safe", you have to turn off (aka "block" and/or "disable") all that stuff.
I use Firefox 3.0 (and am testing 3.1 Beta2 starting today), but I have NoScript -with all the switches thrown (see, How To Block iFrames*), Flashblock, and Ad Block Plus installed.
I also run IE 7, with SpywareGuard and SelectView installed.
And I run Avant and Opera occasionally as well.
Usually.. inside of of SandBoxie.
And.. to be honest, I still don't "feel safe" surfing the Web. What does that tell you?
¹ Cross Site Scripting. One of the hacker's favorite methods.
² I'll give you a hint.. the cure is almost always a patch issued as an update.
Share this post : |
No comments:
Post a Comment