Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


February 23, 2005

Numerous Security Flaws in Web Browsers Remain Unpatched

A Web Exclusive from WinInfo
Mark Joseph Edwards
WinInfo
InstantDoc #45493
WinInfo
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
Dozens of security-related problems remain unpatched in Internet Explorer, Firefox, and Opera Web browsers. According to security solution provider Secunia who tracks vulnerabilities in over 4000 products, some of the unpatched browser vulnerabilities are considered to be either moderately or highly critical.

Secunia's reports show they're currently tracking 63 advisories for Internet Explorer 6 . Of those advisories, 41 of the problems have been either corrected or partially corrected by patches from Microsoft. One of the problems is correctable with workarounds.  The remaining 21 security problems remain unpatched, the oldest of which was reported in March of 2003.

The reports show that of the 8 advisories tracked for Firefox , 6 of the problems remain unpatched while the remaining 2 have either been completely or partially corrected with patches from the Mozilla Foundation.  The oldest unpatched vulnerability in Firefox is dated August 2004.

Secunia currently tracks 33 advisories for Opera 7.x, where 30 of those problems have been corrected by patches from Opera Software. The remaining 3 problems, the oldest of which is dated October 2004, remain unpatched.

End of Article

Reader Comments
"8 advisories tracked for Firefox".
Quite alarming for a fresh 1.0 browser... :-/
Where are the updates? There's no updated binaries to install.

And compared to the MSIE 6 "63 advisories". MSIE6 is now an old browser with no major updates apart from WinXP SP2.


Anonymous User February 24, 2005 (Article Rating: )

This certainly shows Opera in a positive light (which as an Opera user I'm rather pleased by!). Particularly when you look at the three outstanding issues and find that two are fixed in the imminent 8.0 release (in beta for ages now) and the other is not actually a 'flaw' in Opera per se, but rather their correct implementation of the fundamentally flawed IDN system.

I'll never understand why Firefox is such a media darling and Opera so overlooked, and I don't see anything here to explain this either. Oh well!

Anonymous User February 24, 2005

-Firefox has NO vulnerabilities rated above "moderate". Both IE & Opera have "extreme" & "high" critical flaws.
-altho I didn't see a breakdown, I doubt either Opera or Firefox exhibit these vulnerabilities outside the windoze platform.
-why is Firefox a darling? because of good marketing, good "genes" (from Firebird), a happy & well-embedded user community, the free version doesn't do ads or "nag-ware" (unlike the free version of Opera)...shall I go on?


Anonymous User February 24, 2005 (Article Rating: )

There are lies, damned lies and statistics.

Number of "issues" in mozilla is 8. none of them are highly or extremely critical. 2 moderate and 6 not critical.

Number of extremely and highly critical issues with IE is 26.

Microsoft gets the high "resolved" percentage by resolving stupid trivial issues. Further the fix from Mozilla/FF will work on all platforms including Win98. Mircosoft counts as "fixed" if it is fixed in WinXP.

As I said, there are lies, damned lies and statistics.


Anonymous User February 24, 2005

Considering that the content of this article really didn't serve much purpose to begin with and was rendered out of date in less than 24 hours by the release of Firefox 1.0.1, maybe Mark Joseph Edwards could just spare us all and pull a Hunter S Thompson now.

Anonymous User February 24, 2005 (Article Rating: )

I must say I'm a but annoyed that FireFox 1.0 hasn't detected the availability of Firefox 1.0.1 yet. And the Secunia web site is deliberately vague about what version it is referring to, or what the impact of the "Partial Fixes" is.

i.e. Does a moderate vulnerability that is "Partially fixed" remain a "moderate" vulnerability or does it get downgraded to "low"?

There seems to be a lot of FUD being generated here.

DonnEdwards February 28, 2005 (Article Rating: )

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
What You Need to Know About Microsoft's x64 Server Product Plans

What do Longhorn Server, Windows Compute Cluster Server, and Windows Vista have in common? The x64 platform. ...

Anti-Virus Vendors Prepare for War with Microsoft ... Again

When Microsoft announced its Windows Live OneCare security and PC health product over five years (as MSN OneCare), Symantec, McAfee, and the other consumer-oriented security vendors reacted with stunning vigor. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Security Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management
Related Events Security Summit

Top 10 Email Security Challenges and Solutions

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

Test Drive IT Solutions and Get Free Music Downloads
Solve your toughest IT problems with these free downloads and receive 5 free music downloads!


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Get Microsoft Microsoft Certified With Train Signal Computer Training
Train Signal’s computer training software videos will teach you the skills you need to get certified and gain experience in areas like Windows Server 2008, Exchange Server, SharePoint Server, and more.
Get Mark Minasi’s Windows Server 2008 Audio CDs
"Windows expert, consultant and best-selling author Mark Minasi shows you if 2008 is right for you and, if so, how to get the most out of it!

Desktop Management is a Never-Ending Job for Administrators
Get a complete desktop management solution to centralize the management of thousands of desktops that will help you keep up with increased demand with limited manpower.

Integrate Fax Servers into Your Unified Communications Plan
In this fundamentals eBook you will learn how you can implement a solution that is easy to support, secure, and integrate.

Take Control of Your Email
Optimize your email storage – Download this white paper to learn key how-to’s in email storage management.

Get Windows IT Pro To Go!
The Windows IT Pro Magazine Master CD is a powerful combination of content and convenience.   Order now, and save up to 25%--plus you’ll get online access to new articles each and every month!  Subscribe today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home asp.netPRO Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement | Reprints and Licensing