Slashdot Mirror

← Back to Domains

Domain: secunia.com

Stories and comments across the archive that link to secunia.com.

Comments · 2,642

  1. Re:Security through obscurity? by whitehatlurker · · Score: 1 · on Firefox Exploit Adds Fuel to Browser Security Feud
    While the parent notes the release of the best web browser as a no-charge, no-ad browser, it misses the point that it was also a security patch. (For a fairly minor problem, but still.)

    The problem is not that security is being handled by obscurity in some browsers. The problem is that some browser vendors are not as aggressive in patching security problems as other vendors are.

  2. Re:Screw it...now I'm moving to Opera by brianlj · · Score: 1 · on Firefox Exploit Adds Fuel to Browser Security Feud

    "The only secure web browser is less..."

    The Secunia website lists open security issues for:

    http://secunia.com/product/4932/ Opera (0 issues),
    http://secunia.com/product/4227/ Mozilla 1.x (3 issues) and
    http://secunia.com/product/11/ IE (19 issues).

    It's also interesting to look at the past history of issues and maybe take a peek at those pie charts near the bottom of the page.

    Mmmm... Pie!

  3. Re:Screw it...now I'm moving to Opera by brianlj · · Score: 1 · on Firefox Exploit Adds Fuel to Browser Security Feud

    "The only secure web browser is less..."

    The Secunia website lists open security issues for:

    http://secunia.com/product/4932/ Opera (0 issues),
    http://secunia.com/product/4227/ Mozilla 1.x (3 issues) and
    http://secunia.com/product/11/ IE (19 issues).

    It's also interesting to look at the past history of issues and maybe take a peek at those pie charts near the bottom of the page.

    Mmmm... Pie!

  4. Re:Screw it...now I'm moving to Opera by brianlj · · Score: 1 · on Firefox Exploit Adds Fuel to Browser Security Feud

    "The only secure web browser is less..."

    The Secunia website lists open security issues for:

    http://secunia.com/product/4932/ Opera (0 issues),
    http://secunia.com/product/4227/ Mozilla 1.x (3 issues) and
    http://secunia.com/product/11/ IE (19 issues).

    It's also interesting to look at the past history of issues and maybe take a peek at those pie charts near the bottom of the page.

    Mmmm... Pie!

  5. Mozilla programmers == M$ PR by Anonymous Coward · · Score: 0 · on Mozilla Hits Back at Browser Security Claim

    If it is so swift at responding to security, then why did it take 7 years to notice and fix a critical vulnerability? Furthermore, if the developers care so much about security, then why the organization allows certain people in the bug group to censor security flaws within Mozilla's projects, thus making users vulnerable to browser bugs for YEARS? Is it one of those M$ scheme designed to destroy the hard-earned reputations of the browser?

    It is one thing to have old bugs, but it is another matter when Mozilla developers being hypocritical when they allow such moronic security practice to take place. Long live IE!!!

  6. Black day for Unix Firefox users by teslatug · · Score: 5, Informative · on Korean Mozilla Binaries Infected

    A new flaw affecting Firefox users under Unix allows webmasters to craft a URL that when run from an application like Evolution can execute any command. The flaw stems from the use of backticks in the shell script used to launch Firefox. Read more about it here on the Secunia advisory. Version 1.0.7 fixing the flaw is already out.

  7. Wrong by Tharald · · Score: 2, Informative · on Mozilla Hits Back at Browser Security Claim

    This is actually not right at all. Exactly at the time of the symantec report, FF had ONE exploit that was more critical than IE. In general they have less severe exploits, and A LOT less unpatched exploits. Check out the following links: Secunia IE vulnerabilities Secunia FF vulnerabilities As you can see, FF has 3 unpatched vulnerabilities, while IE has 19, the highest rated of these being more severe than FFs. I would say it is quite clear that FF has less unpatched vulnerabilities.

  8. Wrong by Tharald · · Score: 2, Informative · on Mozilla Hits Back at Browser Security Claim

    This is actually not right at all. Exactly at the time of the symantec report, FF had ONE exploit that was more critical than IE. In general they have less severe exploits, and A LOT less unpatched exploits. Check out the following links: Secunia IE vulnerabilities Secunia FF vulnerabilities As you can see, FF has 3 unpatched vulnerabilities, while IE has 19, the highest rated of these being more severe than FFs. I would say it is quite clear that FF has less unpatched vulnerabilities.

  9. Re:Oh, I could add a few more to the list by Anonymous Coward · · Score: 0 · on Mozilla Hits Back at Browser Security Claim
    Firstly and secondly, that's what Secunia is for.

    Thirdly, it is highly unlikely that MS wants to leave bugs unconfirmed because it may make the person who discovered it feel ignored and release the exact details to the public without MS having a patch ready.

    Next paragraph, so what? IE's bugs are also non-cross-platform (if they're running under WINE, your computer's pretty safe, and I don't remember seeing IE for MAC listed as one of the vulnerable versions of IE in recent memory.

    Again, I point you to Secunia which provides pretty reliable and independant data on the severity and amount of bugs in different applications (not just browsers). The statistics are fine if they are done properly, it's just Symantec spreading FUD.
    And that is my point. If the possible variance in the number of actual bugs (reported or otherwise) gets to be comparable to the number of bugs reported, then the reports mean nothing. The actual number of bugs encountered could range from zero to infinity and the stats would still be "correct".
    Huh? If the variance, which means spread in the context you used it, in case you didn't know, is the same as number of bugs reported, then the possible values are from 0 to 2 times the number of bugs reported. Also the numbers still do mean something, but again. - your confusing Mozilla/MS acknowledged issues with issues that have been presented and then independantly verified.

    That's the only statistic you can really have about software vulnerabilities. You can only compare how many (and their severities) have been discovered (regardless of whether or not the vendor acknowledges it, but if an independant third-party acknowledges it).

    Why should the vendor care how many bugs may exist that it hasn't acknowledged? It only makes them look bad.
  10. secunia by Anonymous Coward · · Score: 1, Interesting · on Mozilla Hits Back at Browser Security Claim

    What about the Secunia Secuirty advisories.

    http://secunia.com/product/4227/

    Cant see them running to fix some of those issues?

  11. Re:Good by AscendantOat · · Score: 1 · on Opera Free as in Beer

    The biggest Opera security problem recently was the news-making cross-platform popup origin spoofing vulnerability. Secuna released a security advisory to the general public on 6/21/2005. Opera fixed it with Opera 8.01 on 6/16/2005, five days before the report was released. Firefox, on the other hand, took until 7/12/2005 to fix it in Firefox 1.0.5, three weeks after the advisory's public release.

    Also, this vulnerability was the biggest security fix in Opera 8.01; Firefox 1.0.5 fixed 9 vulnerabilities that were more severe.

  12. Re:Another repost... almost word for word this tim by PepeGSay · · Score: 2 · on IE More Secure Than Mozilla?

    "Malicious popups"?? "Crashing browler only"??

    Yeah right. Please! Stop! I'm laughing so hard it hurts.

    2003-2005
    http://secunia.com/graph/?type=imp&period=all&prod =4227
    2005 Alone
    http://secunia.com/graph/?type=imp&period=2005&pro d=4227

  13. Re:Another repost... almost word for word this tim by PepeGSay · · Score: 2 · on IE More Secure Than Mozilla?

    "Malicious popups"?? "Crashing browler only"??

    Yeah right. Please! Stop! I'm laughing so hard it hurts.

    2003-2005
    http://secunia.com/graph/?type=imp&period=all&prod =4227
    2005 Alone
    http://secunia.com/graph/?type=imp&period=2005&pro d=4227

  14. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  15. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  16. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  17. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  18. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  19. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  20. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  21. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  22. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  23. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  24. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  25. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  26. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  27. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  28. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  29. Criticality and Vulnerability Window by Bob9113 · · Score: 2, Informative · on IE More Secure Than Mozilla?

    Aside from the question raised in many posts about whether the fact that Firefox is open source leads to faster and fuller disclosure, the following is an email I sent this past weekend regarding this article.

    Lots is being made the past few days about the number of security holes found in various browsers. Just to try to keep the discussion from descending to complete irrelevance, here's the stats that actually matter:

    Solution Status (has it been fixed?):
    http://secunia.com/graph/?type=sol&period=all&prod =11
    http://secunia.com/graph/?type=sol&period=all&prod =4227

    Criticality (how bad is it if I get hit?):
    http://secunia.com/graph/?type=cri&period=all&prod =11
    http://secunia.com/graph/?type=cri&period=all&prod =4227

    Unpatched Criticality (what can happen to me today?) Requires a little more looking - see the list at the bottom of each page:
    http://secunia.com/product/11/
    http://secunia.com/product/4227/
    IE: 5 unpatched moderate or greater criticality
    Firefox: 0 unpatched moderate or greater criticality

    Finally, and unfortunately not clearly covered in [the Secunia] report is vulnerability window - how long does a bug go without being patched. You can, however, make a fairly good estimate by looking at the patch time for highly critical or worse bugs:

    MS has been making big improvements lately, so I'll only look at the MS holes from the past year (the older ones have dramatically longer vulnerability windows) (I've also left out holes which were publicly discovered as a result of a windows patch)

    IE Highly+ Critical Windows (past year)
    http://secunia.com/advisories/12806/ 103 days
    http://secunia.com/advisories/12889/ 108 days
    http://secunia.com/advisories/12959/ 29 days
    http://secunia.com/advisories/13482/ 53 days
    http://secunia.com/advisories/15891/ 7 days

    Firefox Highly+ Critical Windows (all time)
    http://secunia.com/advisories/14654/ 7 days
    http://secunia.com/advisories/14938/ 24 days
    http://secunia.com/advisories/15292/ 5 days
    http://secunia.com/advisories/16043/ 7 days
    http://secunia.com/advisories/16764/ 3 days

    Keep the discussion rational - security is hard, so is assessing security. Be skeptical of anyone who has a dog in the fight (eg: Symantec). [Which is not to say that Symantec cannot be trusted for Windows security, only that their PR department's press releases regarding software security should be treated as suspect - particularly when they draw questionable conclusions from insufficient data.]

  30. Flawed Report by mackil · · Score: 1 · on IE More Secure Than Mozilla?

    I have to say that this report is really quite flawed for a couple reasons here.

    1)They cover only a short period of time (6 months presumably).
    2)They do not count unpatched vulnerabilities, of which IE 6 has 85 and Firefox 1.X has 22 (according to Secunia).
    3)Nor do they count patch reaction time (Microsoft takes anywhere from a few hours to a couple weeks, The Firefox team usually takes from 24 hours to a week).

    This doesn't say that Firefox is more secure (even though in my personal opinion it is), but it does say that Symantec's alleged study proves little by simply saying IE is more secure since it had less security exploits in a six month period.

  31. Re:Can someone please explain to me... by WiZZLa · · Score: 0 · on Opera Free as in Beer
    I made this post months back, so some of the information may be outdated. I've updated some accordingly:

    However some people prefer Opera because it's
    1) more secure .... link 1 .... link 2 .... link 3 .... link 4 .... link 5 .... link 6, September 16th 2005
    2) faster
    3) Is actively worked on -from Mike Connor, an important Firefox developer
    4) smaller (3.7mb vs 4.7mb)
    5) less bloat/ram usage

  32. Re:Can someone please explain to me... by WiZZLa · · Score: 0 · on Opera Free as in Beer
    I made this post months back, so some of the information may be outdated. I've updated some accordingly:

    However some people prefer Opera because it's
    1) more secure .... link 1 .... link 2 .... link 3 .... link 4 .... link 5 .... link 6, September 16th 2005
    2) faster
    3) Is actively worked on -from Mike Connor, an important Firefox developer
    4) smaller (3.7mb vs 4.7mb)
    5) less bloat/ram usage

  33. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  34. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  35. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  36. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  37. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  38. Re:MOD DOWN-theyre using the wrong time period-RTF by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    Oh, I read the article. I'll grant you one thing: Firefox has more advisories listed on Secunia in the given time period.

    So I beg your pardon for citing the overall numbers. I'd ask you to take a look, anyway:

    • Firefox: 18 Advisories in 2005 (5 in March)
      • We see 6% of 18 unpatched, leaving FF with 1 unpatched from this time period. If we view the overall status, we see that this is 1 of a total of 3 unpatched.
    • IE: 11 Advisories in 2005 (0 in March)
      • We see 45% of 11 unpatched, leaving IE with 5 unpatched from this time period. If we view the overall status, we see that these are 5 out of a total of 19 unpatched.

    Firefox experienced more advisories in March than IE. That's great. Overall, IE has still shown many more. Even if that trend continues to change, the Mozilla team has a much better response time - just take a look at some of the release dates for unpatched IE advisories: (2003-03-13, 2003-08-14, 2003-11-07, 2004-02-09, 2004-04-01, etc etc etc). That second date is Highly Critical, and has gone unpatched for two years. This is why we raise such an outcry against the article - for a few months, Firefox is finding more bugs, yes. They also happen to fix the problems that come their way (the oldest and most crictical unpatched being a one-year old Less Critical) incredibly faster and more reliably.

  39. Re:Real Comparison of IE and Firefox by whitehatlurker · · Score: 1 · on IE Flaw Puts Windows XP SP2 At Risk

    Well, yes, but what about Opera? I was going to include Safari, but it seems to have had a bad day a while ago.

  40. Re:Real Comparison of IE and Firefox by whitehatlurker · · Score: 1 · on IE Flaw Puts Windows XP SP2 At Risk

    Well, yes, but what about Opera? I was going to include Safari, but it seems to have had a bad day a while ago.

  41. Real Comparison of IE and Firefox by Hamfist · · Score: 4, Informative · on IE Flaw Puts Windows XP SP2 At Risk

    Secunia has very informative pages about the relative security of IE and firefox.

    Firefox

    IE

    The problems with firefox compared to IE are:

    IE bugs are more frecuently critical
    IE critical bugs take longer to patch
    Fully patched IE is less secure than Fully patched Firefox

  42. Real Comparison of IE and Firefox by Hamfist · · Score: 4, Informative · on IE Flaw Puts Windows XP SP2 At Risk

    Secunia has very informative pages about the relative security of IE and firefox.

    Firefox

    IE

    The problems with firefox compared to IE are:

    IE bugs are more frecuently critical
    IE critical bugs take longer to patch
    Fully patched IE is less secure than Fully patched Firefox

  43. Re: Is the Firefox Honemoon Over? by Anonymous Coward · · Score: 1, Informative · on Is The Firefox Honeymoon Over?

    Yes, I'm looking at the Secunia statistics for both browsers. If you know a more complete list, show me it.

    That said, when I view Firefox's "Criticality" breakdown, it says "(Based on 22 Advisories from 2003-2005)".

    When I view the criticality breakdown for IE, it says "(Based on 69 advisories from 2003-2005)".

    • Don't accuse other people of making up numbers when the source is obviously mentioned (Secunia - the links to IE and Firefox on the top of the main page where anyone can find them). By all means, check the numbers - but don't say I'm making them up until you have.
    • Second, my numbers are about advisories - the root problem of the vulnerability. Note: Mr. Ou himself indicates that many vulnerabilities are often comprised in one advisory, because the advisory sums the entire problem. 40 vulnerabilities? OK. 22 unique problems vs. 69? IE's sunk.
  44. Re: Is the Firefox Honemoon Over? by Anonymous Coward · · Score: 1, Informative · on Is The Firefox Honeymoon Over?

    Yes, I'm looking at the Secunia statistics for both browsers. If you know a more complete list, show me it.

    That said, when I view Firefox's "Criticality" breakdown, it says "(Based on 22 Advisories from 2003-2005)".

    When I view the criticality breakdown for IE, it says "(Based on 69 advisories from 2003-2005)".

    • Don't accuse other people of making up numbers when the source is obviously mentioned (Secunia - the links to IE and Firefox on the top of the main page where anyone can find them). By all means, check the numbers - but don't say I'm making them up until you have.
    • Second, my numbers are about advisories - the root problem of the vulnerability. Note: Mr. Ou himself indicates that many vulnerabilities are often comprised in one advisory, because the advisory sums the entire problem. 40 vulnerabilities? OK. 22 unique problems vs. 69? IE's sunk.
  45. Re: Is the Firefox Honemoon Over? by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    > Yes, Apache is everywhere, exploit-free

    Are you taking the piss! Exploit free! And you claim to be a knowledgable user. LOL.

    Apache 2.0.x has more then 27 security exploits (http://secunia.com/product/73/) which is extremely high when compares to IIS 6 (which has 2! http://secunia.com/product/1438/)

  46. Re: Is the Firefox Honemoon Over? by Anonymous Coward · · Score: 0 · on Is The Firefox Honeymoon Over?

    > Yes, Apache is everywhere, exploit-free

    Are you taking the piss! Exploit free! And you claim to be a knowledgable user. LOL.

    Apache 2.0.x has more then 27 security exploits (http://secunia.com/product/73/) which is extremely high when compares to IIS 6 (which has 2! http://secunia.com/product/1438/)

  47. ActiveX and XP? by biryokumaru · · Score: 5, Funny · on MS Vista Look and Feel To Go Cross-Platform
    Are you saying I can have the security of ActiveX and the beauty of a WinXP skin with liberal use of transparency? I'm there!

    D'oh! I'm on Linux... *snaps* dang.

  48. Re: Is the Firefox Honemoon Over? by shellbeach · · Score: 2, Insightful · on Is The Firefox Honeymoon Over?

    Note that only one of those is a 'critical' flaw, and that one is an ActiveX buffer overflow than can be avoided by just not using ActiveX. The rest are spoofing or system information flaws.

    Actually, at least one other involves the possible exploitation of malicious code, although it requires active user input to do so.

    But let's look at that one big famous doozie, the ActiveX exploit. That was reported in August 2003 - that's over two years ago!! It requires no user intervention if ActiveX is enabled, can do just about anything it wants to and it affects any MS ActiveX enabled product that can read HTML. The only solution is to turn off ActiveX, or to get it to prompt the user before it installs anything (which is not guarantee of safety). This is far, far worse than any exploit Firefox has ever had!

    But even if it wasn't so potentially disasterous, don't you think MS would have been interested in fixing something that involves their pride-and-joy, ActiveX?? How could anyone ever look at such incompetence and claim that IE is more secure?!

  49. Re: Is the Firefox Honemoon Over? by shellbeach · · Score: 2, Insightful · on Is The Firefox Honeymoon Over?

    Note that only one of those is a 'critical' flaw, and that one is an ActiveX buffer overflow than can be avoided by just not using ActiveX. The rest are spoofing or system information flaws.

    Actually, at least one other involves the possible exploitation of malicious code, although it requires active user input to do so.

    But let's look at that one big famous doozie, the ActiveX exploit. That was reported in August 2003 - that's over two years ago!! It requires no user intervention if ActiveX is enabled, can do just about anything it wants to and it affects any MS ActiveX enabled product that can read HTML. The only solution is to turn off ActiveX, or to get it to prompt the user before it installs anything (which is not guarantee of safety). This is far, far worse than any exploit Firefox has ever had!

    But even if it wasn't so potentially disasterous, don't you think MS would have been interested in fixing something that involves their pride-and-joy, ActiveX?? How could anyone ever look at such incompetence and claim that IE is more secure?!

  50. let's see... by The+Master+Control+P · · Score: 2, Insightful · on Is The Firefox Honeymoon Over?

    Rather than simply counting vulnerabilities, take at look at the reports for Firefox and Internet Explorer 6. Firefox 1.x shows 22 holes, 3 unpatched and rated 'less critical.' IE6 has 85 holes, 1/4 unpatched, and a 'highly critical' buffer overflow in ActiveX that's been open since 2003. Now, tell me, which one is more secure?

    [Insert usual mantra of anyone being able to fix F/OSS but only MS being able to fix MSIE here] [Append snide remark about companies trying to hide rather than fix vulnerabilities here] [Insert random Zeeky Boogy Doog here]