Slashdot Mirror

← Back to Domains

Domain: cvedetails.com

Stories and comments across the archive that link to cvedetails.com.

Comments · 233

  1. Re:Obvious solution: by yuvcifjt · · Score: 1 · on US Government Crackdown Threatens Kaspersky's American Dream (reuters.com)

    It's a widely propagated myth by Linux evangelists, but in fact, all stats show that Linux kernel is far more vulnerable and unsecure as compared to Windows, including various Windows components/services (but excluding software like Internet Exploder). If you include software (such as IE) which is hardly used, then sure, Windows might come to more vulnerabilities.

    And what's more, Microsoft patch vulnerabilities far faster (within a couple of month), compared to Linux, which may take up to 2 years before releasing a patch.

    I don't mean to rub it in, but it's quite remarkable that if we only count the Linux KERNEL (not including any of the distro's and other Linux OS components) between 2009 and 2017, had 1402 vulnerabilities; while Windows 7 (inc all components) had 792 vulnerabilities - i.e. 77% more vulnerabilities in Linux kernel compared to the entire Win7 OS!

  2. Re:Obvious solution: by yuvcifjt · · Score: 1 · on US Government Crackdown Threatens Kaspersky's American Dream (reuters.com)

    It's a widely propagated myth by Linux evangelists, but in fact, all stats show that Linux kernel is far more vulnerable and unsecure as compared to Windows, including various Windows components/services (but excluding software like Internet Exploder). If you include software (such as IE) which is hardly used, then sure, Windows might come to more vulnerabilities.

    And what's more, Microsoft patch vulnerabilities far faster (within a couple of month), compared to Linux, which may take up to 2 years before releasing a patch.

    I don't mean to rub it in, but it's quite remarkable that if we only count the Linux KERNEL (not including any of the distro's and other Linux OS components) between 2009 and 2017, had 1402 vulnerabilities; while Windows 7 (inc all components) had 792 vulnerabilities - i.e. 77% more vulnerabilities in Linux kernel compared to the entire Win7 OS!

  3. Re:I hope you enjoy your apple/android duopoly by Anonymous Coward · · Score: 0 · on Windows Phone Dies Today (theverge.com)

    I prefer either of those options compared to the alternative from microsoft... They have such a good track-record in terms of security.

    http://www.cvedetails.com/vuln...
    There you have a list of code-execution issues in Microsoft products... Most of them are remotely exploitable!!!
    Only 49 remotely exploitable issues reported since 2017-05-12...

  4. Re:Is there even a word for this level of stupidit by JustNiz · · Score: 1 · on Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears (telegraph.co.uk)

    Here's a start:
    https://www.cvedetails.com/vul...

  5. Re:SSDD by Anonymous Coward · · Score: 0 · on 'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com)

    If you are able to get a binary running on a windows-machine == machine owned.
    If you are able to get a binary running on a linux-system == perhaps owned depending on if you have some exploit to use.

    Windows 10: (Just check the number of *remotly exploitable* issues there is)
    https://www.cvedetails.com/vul...

    Linux:
    https://www.cvedetails.com/vul...
    And if you dig down a lot of issues are related to qualcomm and android.

    https://www.cvedetails.com/ver...
    https://www.cvedetails.com/ver...

  6. Re:SSDD by Anonymous Coward · · Score: 0 · on 'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com)

    If you are able to get a binary running on a windows-machine == machine owned.
    If you are able to get a binary running on a linux-system == perhaps owned depending on if you have some exploit to use.

    Windows 10: (Just check the number of *remotly exploitable* issues there is)
    https://www.cvedetails.com/vul...

    Linux:
    https://www.cvedetails.com/vul...
    And if you dig down a lot of issues are related to qualcomm and android.

    https://www.cvedetails.com/ver...
    https://www.cvedetails.com/ver...

  7. Re:SSDD by Anonymous Coward · · Score: 0 · on 'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com)

    If you are able to get a binary running on a windows-machine == machine owned.
    If you are able to get a binary running on a linux-system == perhaps owned depending on if you have some exploit to use.

    Windows 10: (Just check the number of *remotly exploitable* issues there is)
    https://www.cvedetails.com/vul...

    Linux:
    https://www.cvedetails.com/vul...
    And if you dig down a lot of issues are related to qualcomm and android.

    https://www.cvedetails.com/ver...
    https://www.cvedetails.com/ver...

  8. Re:SSDD by Anonymous Coward · · Score: 0 · on 'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com)

    If you are able to get a binary running on a windows-machine == machine owned.
    If you are able to get a binary running on a linux-system == perhaps owned depending on if you have some exploit to use.

    Windows 10: (Just check the number of *remotly exploitable* issues there is)
    https://www.cvedetails.com/vul...

    Linux:
    https://www.cvedetails.com/vul...
    And if you dig down a lot of issues are related to qualcomm and android.

    https://www.cvedetails.com/ver...
    https://www.cvedetails.com/ver...

  9. Re:Duh. That's what happens when Sun is involved by Cyberax · · Score: 1 · on Java 9 Delayed Due To Modularity Controversy (infoworld.com)

    Suppose that listFiles() is within a trusted package and was left with public access so it's granted appropriate permissions from SecurityManager. The fact that it was left with public access _is_ a bug, of course. The problem is that it's too easy to make such mistakes and it takes only one to bring down the whole system. And if you think such mistakes are rare, here's a partial CVE list: https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , and so on.

  10. Re:Duh. That's what happens when Sun is involved by Cyberax · · Score: 1 · on Java 9 Delayed Due To Modularity Controversy (infoworld.com)

    Suppose that listFiles() is within a trusted package and was left with public access so it's granted appropriate permissions from SecurityManager. The fact that it was left with public access _is_ a bug, of course. The problem is that it's too easy to make such mistakes and it takes only one to bring down the whole system. And if you think such mistakes are rare, here's a partial CVE list: https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , and so on.

  11. Re:Duh. That's what happens when Sun is involved by Cyberax · · Score: 1 · on Java 9 Delayed Due To Modularity Controversy (infoworld.com)

    Suppose that listFiles() is within a trusted package and was left with public access so it's granted appropriate permissions from SecurityManager. The fact that it was left with public access _is_ a bug, of course. The problem is that it's too easy to make such mistakes and it takes only one to bring down the whole system. And if you think such mistakes are rare, here's a partial CVE list: https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , and so on.

  12. Re:Duh. That's what happens when Sun is involved by Cyberax · · Score: 1 · on Java 9 Delayed Due To Modularity Controversy (infoworld.com)

    Suppose that listFiles() is within a trusted package and was left with public access so it's granted appropriate permissions from SecurityManager. The fact that it was left with public access _is_ a bug, of course. The problem is that it's too easy to make such mistakes and it takes only one to bring down the whole system. And if you think such mistakes are rare, here's a partial CVE list: https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , https://www.cvedetails.com/cve... , and so on.

  13. Except the data doesn't back it up by TheLongshot · · Score: 1 · on 'WannaCry Makes an Easy Case For Linux' (techrepublic.com)

    Looking at the CVE database, the top three OSs with the most vulnerabilities on the list are Linux distributions.

    https://www.cvedetails.com/top...

    Just because there was a high profile attack doesn't inherently make one OS more insecure than another.

  14. Re: This opinion isn't new and is still wrong. by kpainter · · Score: 0 · on 'WannaCry Makes an Easy Case For Linux' (techrepublic.com)
    I suggest you spend a little time looking at this website.

    http://www.cvedetails.com/top-...

    So far for 2017, Linux has 128 code execution vulnerabilities whereas Microsoft has 71. If any of you Mac people are feeling smug right now, Apple has 137. All software has bugs.

  15. Re:The NSA should Compensate.... by Billly+Gates · · Score: 1 · on Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide (threatpost.com)

    Here is a list right now of Linux

  16. Re:Not a terrible thing by Anonymous Coward · · Score: 0 · on The iPhone 7 Has Arbitrary Software Locks That Prevent Repair (vice.com)

    Apple's garden is walled. It keeps the users in, but also keeps the bad things out.

    Keep telling yourself that fanboi.

    Apple iOS Security Vulnerabilities

    iOS Exploits

  17. Re:Microsoft Web Server? by phantomfive · · Score: 3, Informative · on Millions of Websites Affected By Unpatched Flaw in Microsoft IIS 6 Web Server (pcworld.com)

    Nginx wasn't around when the website was created.
    It doesn't matter how secure your OS is if you're running a vulnerable web server. If you open telnet on OpenBSD, you can consider yourself pwned.
    Nginx has a better record that IIS, but you know, it's not perfect. Maybe you can run a proxy in front of it to defend against security vulns.

  18. HUGE number of vulnerabilities in Flash by Futurepower(R) · · Score: 2 · on What Killed Adobe Flash? (daringfireball.net)

    There are so many vulnerabilities in Flash that it has seemed possible that Adobe is selling vulnerabilities, as the 2nd story linked below says. The only other theory is that Adobe Systems programmers have been getting no testing or other management.

    Articles keep criticizing Flash, Flash, Flash. They should criticize "Adobe Systems Management".

    It seems possible that Microsoft and other companies learned from Adobe Systems how much users were weak to abuse.

    Stories:

    Adobe Flash Player: List of security vulnerabilities. "Total number of vulnerabilities: 1,006".

    Huge Adobe Flash security vulnerability revealed after hacking group's documents leaked. (July 8, 2015) "The huge weakness was revealed as part of documents leaked after a cyberattack on Hacking Team, a government-sponsored spying group, that seems to have been using it to break into computers."

    Adobe Flash vulnerabilities -- a never-ending string of security risks (June 29, 2015)

    Kill Flash now. Or patch these 36 vulnerabilities. "One bug being exploited right now in the wild." (June 16, 2016)

    Adobe deploys security update to fix 52 vulnerabilities in Flash. (July 13, 2016) "Some of the critical flaws could lead to remote code execution on your PC."

    Most Exploited Vulnerabilities: by Whom, When, and How. (Dec. 29, 2016) "The Adobe Flash Player comprised six of the top 10 vulnerabilities triggered by the exploit kits in a period from November 16, 2015, to November 15, 2016."

  19. Re:Neither true nor meaningful by pr0fessor · · Score: 1 · on Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk)

    http://www.cvedetails.com/top-...

    Android may be #17 on this all time list but Sun Solaris is also on the list... Last year (2016) Android was #1 for the most new vulnerabilities. Sadly a lot of lower end android phones never or rarely get updates.

    from symantec

    In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware indisguise. Additionally, grayware apps, which aren’t malicious by design but do annoying and inadvertently harmful things like track user behavior, accounted for 36 percent of all mobile apps.

    https://www.symantec.com/conte...

  20. Re: Neither true nor meaningful by fullmetal55 · · Score: 2 · on Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk)

    As RayMorris replied previously, bleeping computer uses https://www.cvedetails.com/top... as their source.

    yes Android had the most CVEs for 2016, but in previous years it was nowhere near as bad, to an alltime placement of 17th.

    So you are both right. depending on how you look at the numbers. now, if you look at "total number of vulnerabilites" that the GP said, yeah not even close Raymorris is right for "total number" for ones discovered in 2016, yeah. but look at 2015... or 2014... it was a bad year.

  21. The same primary source your article cites by raymorris · · Score: 1 · on Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk)

    Actually the exact same source cited by your Bleeping Computer article.
    https://www.cvedetails.com/top...

    Which is largely a list of "most popular software", of course. The numbers in that list are approximately meaningless.

  22. Re:The couting fiasco by Anonymous Coward · · Score: 0 · on Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com)

    The website itself has a lot more information on it, including rating each vulnerability from 0-10 (0 being really minor stuff, and 10 being the worst, most critical vulnerabilities), and then showing weighted averages. That ends up putting all of the adobe products at the 'top' (scores are all like 9.5 and higher - which is a *bad* thing, because 1: they have a lot of vulnerabilities and 2: they are shifted heavily towards critical vulnerabilities). Here's one of the pages as an example. Obviously there's a huge difference between Flash Player (973 vulnerabilities, 84% of which are 9+) and the Linux kernel (1,564 vulnerabilities, but only 4% are 9+).

    Maybe it's not the best metric around, but it at least shows some comparison between different products. A score of 0 would be the best, and mean you have no vulnerabilities. But even Linux, after 25+ years of work, is still only a 5.6. Most Windows versions are around an 8. Most adobe products are 9.5+. So that basically confirms how people naturally felt about those products. So you can gauge the relative safety of other products by comparing it to what you've seen come out about Linux, Windows, and Adobe vulnerabilities over the year.

    The core idea is to demystify how 'secure' different products are. Anyone can slap on a badge/sticker/whatever on their website claiming "We're super secure, we use SSL!!!!" But they won't tell you the SSL they're using is vulnerable to heartbleed.

    And considering how prevalent "Legacy" systems are, I think it's perfectly valid to roll up previous versions together with current versions. Using the site linked above, you can delve down to the year(s) that are relevant to you. They have data on hundreds of thousands of products, so there's no way they're putting that in a single chart that would fall into a news article.

  23. Statistics by HaaPoo · · Score: 2 · on Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com)

    I like how statistics works, by looking at this chart i can say Apple is on the top: http://www.cvedetails.com/vend...

  24. Comparison of Common Vulnerabilities and Exposures by Jon+Abbott · · Score: 4, Interesting · on Windows 10 Informs Chrome and Firefox Users That Edge is 'Safer' (venturebeat.com)

    Here are CVE details for each browser:

    Edge: https://www.cvedetails.com/pro...
    Chrome: https://www.cvedetails.com/pro...
    Firefox: https://www.cvedetails.com/pro...

    It looks like each of them has had their fair share of significant security flaws. Does anyone track how quickly flaws are patched for each?

  25. Comparison of Common Vulnerabilities and Exposures by Jon+Abbott · · Score: 4, Interesting · on Windows 10 Informs Chrome and Firefox Users That Edge is 'Safer' (venturebeat.com)

    Here are CVE details for each browser:

    Edge: https://www.cvedetails.com/pro...
    Chrome: https://www.cvedetails.com/pro...
    Firefox: https://www.cvedetails.com/pro...

    It looks like each of them has had their fair share of significant security flaws. Does anyone track how quickly flaws are patched for each?

  26. Comparison of Common Vulnerabilities and Exposures by Jon+Abbott · · Score: 4, Interesting · on Windows 10 Informs Chrome and Firefox Users That Edge is 'Safer' (venturebeat.com)

    Here are CVE details for each browser:

    Edge: https://www.cvedetails.com/pro...
    Chrome: https://www.cvedetails.com/pro...
    Firefox: https://www.cvedetails.com/pro...

    It looks like each of them has had their fair share of significant security flaws. Does anyone track how quickly flaws are patched for each?

  27. Re:RTFA, please. by F.Ultra · · Score: 1 · on Multiple Linux Distributions Affected By Crippling Bug In Systemd (agwa.name)

    Here is one: https://www.cvedetails.com/cve...

  28. Re:Surf fully sandboxed by cfalcon · · Score: 1 · on How Security Experts Are Protecting Their Own Data (siliconvalley.com)

    > what browser exploits are there that don't target Java, Flash, or a Microsoft browser?

    Anything that exploits Javascript on Chrome (or Firefox, or blah blah blah)...

    Just Ctrl+F here for "javascript":

    https://www.cvedetails.com/vul...

  29. Re:Chalk one up for iOS by Solandri · · Score: 3, Interesting · on 900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com)

    iOS actually has a lot more vulnerabilities than Android. Most of the folks in the press are just enamored by Apple, so they downplay stories about flaws in iOS, while publicizing stories about flaws in Android to try to warp reality to fit their biases.

  30. Re:Really? by darkain · · Score: 2 · on Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host (itnews.com.au)

    Take your pick: https://www.cvedetails.com/vul...

  31. Re:My first first? by macs4all · · Score: 1 · on Army Special Operations Command Ditching Android For iPhone, Says Report (gizmodo.com)

    IOS Currently has 900 unique CVEs released: https://www.cvedetails.com/vul...

    Android has 430 unique CVEs release: https://www.cvedetails.com/vul...

    But doesn't that list usually only contain vulnerabilities that have been ADDRESSED?

  32. Re:My first first? by macs4all · · Score: 1 · on Army Special Operations Command Ditching Android For iPhone, Says Report (gizmodo.com)

    IOS Currently has 900 unique CVEs released: https://www.cvedetails.com/vul...

    Android has 430 unique CVEs release: https://www.cvedetails.com/vul...

    But doesn't that list usually only contain vulnerabilities that have been ADDRESSED?

  33. Re:Just horrible! by phantomfive · · Score: 4, Insightful · on Ask Slashdot: What's The Best CMS?

    Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers,

    Unless you consider seven new vulnerabilities in the last 20 days to be secure, you are horribly, horribly wrong. There was a remote SQL injection found in November.

    Security is not something you can bolt on after the fact, you have to build it in to the very base of your system. When you're getting SQL injections, it's not because your code is popular, it's because the programmers suck. Fast updates are not a replacement for security.

  34. Re:SQL injection? by Anonymous Coward · · Score: 4, Informative · on Hundreds of Drupal Sites Targeted With Fake Ransomware (softpedia.com)

    You are missing something, more precisely you are missing the fact that Drupal was written in PHP. If you want to iterate over an array in PHP you will probably write something like this:
      foreach($array as $key => $data) { ... }

    A construct like that was used in Drupal to construct an SQL query with a list of named parameters, the values for which were then supplied later. You'd get an SQL clause like this:
    ... IN (:idlist_1, :idlist_2, :idlist_3) ...

    And the values would be filled in and escaped by the SQL backend later. Array indices are numbers, so it's all perfectly safe, right? The thing is, PHP contains a critical security bug in that it doesn't enforce declaring the distinction between arrays and maps. So if an attacker can somehow trick the code into executing on a map, $key might be a string containing arbitrary SQL commands which will be executed as is.

    Note that in many languages this cannot happen because an array is not a map, but PHP is unsafe by default here. Yes, if you know about this issue you can work around it, for example by inserting a call to array_values, but the language should really be changed to make it distinguish arrays and maps, and to make impossible to use maps as arrays. It is especially unforgivable since PHP was designed for the web and to be easy to use by novice programmers.

    Link to CVE page.

    Link to earlier /. discussion.

  35. Re:Let's look at the stats by MacDork · · Score: 1 · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    I think the unbiased view is that Firefox is clearly more secure than any browser other than Chrome

    Doesn't Chrome ship pre-installed with Adobe Flash?

  36. Re:This is a big bitchslap to Mozilla by Burz · · Score: 1 · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    Few of those relate to Priv or Info vulns. Instead of listing every entry the same, here is a more accurate chart:
      http://www.cvedetails.com/vuln...

    And Xen is based on qemu

    Um... Xen is not based on qemu, it uses qemu's device model and BIOS for HVM guests. Xen emphasizes PV guests for general operation and security, and that's what Qubes uses by default. OTOH, HVMs are a hassle to use even in Qubes and they are known to have security issues on all x86 platforms. So... excuse you, lol.

    Remove the stuff in the above list that is DoS, HVM-dependant, non-x86, needs qemu running in dom0, etc., and there is hardly anything there to hyperventilate over. Secure configurations of Xen do not operate qemu HVM features from the privileged (dom0) domain, they use unprivileged stub domains instead. One "severe" CVE in 2015 was related to qemu, but it affected almost no one (certainly not Qubes users) because of this fact.

    I'll also repeat what I said about Xen vs monolithic kernel-based security back in November:

    Linux has racked up 3X the number of CVEs over 5.0 so far this year, compared to Xen. And of those, Xen had zero with a score of 8.0 or higher -- while Linux had a staggering six. Xen has had only two of these (both 8.3) ever, so looking back to Jan. 2015 is being very, very kind to Linux. I think what the CVE charts are showing is an inherent mitigation effect due to structural features of type-1 hypervisor.

    OpenBSD, which doesn't support many desktop-related features, is a rarely-encountered odd duck; Not sure it fits into this conversation. FWIW, Qubes has an abstraction layer that allows Xen to be replaced with other isolation mechanisms. Among all the Qubes discussion about possible alternatives, I see no mention of using an OpenBSD host (although some people express interest in it as a non-GUI guest for proxy vms etc). It would be interesting to see someone try it.

  37. Let's look at the stats by MSG · · Score: 4, Interesting · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    I see a lot of comments about Firefox's security but no references so far. So, let's look at cvedetails code execution counts:

    2016:
    Edge: 6
    Chrome: 0
    Safari: 0
    Firefox: 3

    2015:
    Edge: 19 (Nov 12 - Dec 31, a projected rate of 142 per year)
    Chrome: 8
    Safari: 101
    Firefox: 83

    2014:
    Chrome: 4
    Safari: 65
    Firefox: 55

    So while Firefox is getting a lot of hate here today, I think the unbiased view is that Firefox is clearly more secure than any browser other than Chrome, which has by far the best record. I struggle to imagine an objective reason to exclude Firefox from any evaluation while including Safari. Edge hasn't been out very long, but based on the very small amount of data we have so far, it looks significantly worse than Firefox.

    https://www.cvedetails.com/pro...
    http://www.cvedetails.com/prod...
    http://www.cvedetails.com/prod...
    https://www.cvedetails.com/pro...

  38. Let's look at the stats by MSG · · Score: 4, Interesting · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    I see a lot of comments about Firefox's security but no references so far. So, let's look at cvedetails code execution counts:

    2016:
    Edge: 6
    Chrome: 0
    Safari: 0
    Firefox: 3

    2015:
    Edge: 19 (Nov 12 - Dec 31, a projected rate of 142 per year)
    Chrome: 8
    Safari: 101
    Firefox: 83

    2014:
    Chrome: 4
    Safari: 65
    Firefox: 55

    So while Firefox is getting a lot of hate here today, I think the unbiased view is that Firefox is clearly more secure than any browser other than Chrome, which has by far the best record. I struggle to imagine an objective reason to exclude Firefox from any evaluation while including Safari. Edge hasn't been out very long, but based on the very small amount of data we have so far, it looks significantly worse than Firefox.

    https://www.cvedetails.com/pro...
    http://www.cvedetails.com/prod...
    http://www.cvedetails.com/prod...
    https://www.cvedetails.com/pro...

  39. Let's look at the stats by MSG · · Score: 4, Interesting · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    I see a lot of comments about Firefox's security but no references so far. So, let's look at cvedetails code execution counts:

    2016:
    Edge: 6
    Chrome: 0
    Safari: 0
    Firefox: 3

    2015:
    Edge: 19 (Nov 12 - Dec 31, a projected rate of 142 per year)
    Chrome: 8
    Safari: 101
    Firefox: 83

    2014:
    Chrome: 4
    Safari: 65
    Firefox: 55

    So while Firefox is getting a lot of hate here today, I think the unbiased view is that Firefox is clearly more secure than any browser other than Chrome, which has by far the best record. I struggle to imagine an objective reason to exclude Firefox from any evaluation while including Safari. Edge hasn't been out very long, but based on the very small amount of data we have so far, it looks significantly worse than Firefox.

    https://www.cvedetails.com/pro...
    http://www.cvedetails.com/prod...
    http://www.cvedetails.com/prod...
    https://www.cvedetails.com/pro...

  40. Let's look at the stats by MSG · · Score: 4, Interesting · on Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com)

    I see a lot of comments about Firefox's security but no references so far. So, let's look at cvedetails code execution counts:

    2016:
    Edge: 6
    Chrome: 0
    Safari: 0
    Firefox: 3

    2015:
    Edge: 19 (Nov 12 - Dec 31, a projected rate of 142 per year)
    Chrome: 8
    Safari: 101
    Firefox: 83

    2014:
    Chrome: 4
    Safari: 65
    Firefox: 55

    So while Firefox is getting a lot of hate here today, I think the unbiased view is that Firefox is clearly more secure than any browser other than Chrome, which has by far the best record. I struggle to imagine an objective reason to exclude Firefox from any evaluation while including Safari. Edge hasn't been out very long, but based on the very small amount of data we have so far, it looks significantly worse than Firefox.

    https://www.cvedetails.com/pro...
    http://www.cvedetails.com/prod...
    http://www.cvedetails.com/prod...
    https://www.cvedetails.com/pro...

  41. Re: Another day, another Android security hole by JustAnotherOldGuy · · Score: 1 · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    That one's fixed too.

    Thank goodness there will never again be another vulnerability in IOS.

  42. Re: Another day, another Android security hole by JustAnotherOldGuy · · Score: 1 · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    Your point is irrelevant. Apple fixes its bugs and provides updates to devices that are over 4 years old.

    BLASPHEMY!! No Apple product has ever had a security vulnerability, now or in the future. It's impossible. Apple is perfect and godlike, and death to the unbelievers!

  43. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  44. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  45. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  46. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  47. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  48. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  49. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.

  50. Re:Another day, another Android security hole by JustAnotherOldGuy · · Score: 2, Informative · on LG G3 'Snap' Vulnerability Leaves Owners At Risk of Data Theft (betanews.com)

    This is, again, why I have an iPhone

    Yes, because no iphone has ever had a security vulnerability, now or in the future. It's impossible, IOS is simply impossible to hack, spoof, or do anything bad to, ever. It just can't be done, there is no way to do it. No one has ever hacked an IOS device and no one ever will. Ever. It's just completely out of the question. The words "vulnerability" and "IOS" should never even be found in the same paragraph, let alone the same sentence. IOS has never had a security vulnerability and never will, updates are strictly there to add exciting new features. Everyone knows that.