Dev Notes

Suspended Indefinetly...

News

<script type="text/javascript"><!-- google_ad_client = "pub-9887566656700242"; google_ad_width = 120; google_ad_height = 600; google_ad_format = "120x600_as"; google_ad_type = "text"; //2006-12-28: Savvy google_ad_channel = "6620623950"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> <script type="text/javascript"><!-- google_ad_client = "pub-9887566656700242"; google_ad_width = 120; google_ad_height = 60; google_ad_format = "120x60_as_rimg"; google_cpa_choice = "CAAQxZqazgEaCMOiwb9yonQWKIHD93M"; google_ad_channel = ""; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>

Favourites

Friends

India MVP & CS

My Blog Roll

Publicity

Secunia Reports on IE and FireFox...

I was just browsing through some security bulletins today and found some interesting facts from Secunia, a Security Advisory firm. According to secunia, the following are the security issue stacks for IE and FireFox..

The "Month by Month" graph below shows the number of issued Secunia advisories affecting Microsoft Internet Explorer 6.x on a month-by-month basis.

The "Month by Month" graph below shows the number of issued Secunia advisories affecting Mozilla Firefox 1.x on a month-by-month basis.

I think, very soon FireFox will become a FireFix Browser ;-)

Comments

Kevin Ansfield said:

Are there versions of these graphs which show the criticality of the advisories and the time taken for a patch to be released?
# June 30, 2005 4:30 AM

Jim Arnold said:

A little different when you compare the severity and patch status of each browser's issues, no?

And why, when anyone has anything disparaging to say about "the competition", do they insist on using the word "interesting"?

"Hey, I'm not saying anything, guys! Draw your own conclusions...it's just *interesting*, that's all!"

Grrr :-)

Jim
# June 30, 2005 7:22 AM

Sudhakar said:

"interesting" yes...in my view "severity" is almost dependent on the popularity of the browser (or OS). Is'nt it?
So the criticality & severity are not so measurable when we do a vis-a-vis comparision.
# June 30, 2005 7:31 AM

Adam Wright said:

No, severity is not based on popularity. Severity is "Might make a popup window look like a browser dialog" vs "Allows arbitary code execution with administrator priviledges".

And for this information, we link to some different graphs...

For Firefox...http://secunia.com/graph/?type=cri&period=all&prod=4227

Which contains 0% extremely serious, 16% highly, 37% moderately, 37% less and 11% not serious. The current status reads "Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical".

Now, lets do Internet Explorer. http://secunia.com/graph/?type=cri&period=all&prod=11

Which contains 14% extremely serious, 27% highly, 21% moderately, 15% less and 23% not serious. The current status reads "Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical".

So you can run Firefox and have a slightly greater amount of more trivial issues, or run Internet explorer and have a consistently unpatched critical, extremely serious problems.

Interesting, yes? :)
# June 30, 2005 8:07 AM

Jim Arnold said:

>>>in my view "severity" is almost dependent on the popularity of the browser (or OS). Is'nt it?<<<

Er, no. The definitions for Secunia's advisory rankings can be found here:

http://secunia.com/about_secunia_advisories/

Popularity has nothing to do with the severity. It may have something to do with the interpretation of their statistics though...

Jim
# June 30, 2005 9:12 AM

Jenny said:

I consider "Extremely Serious" status comes with the popularity only. The more popular it is, the more serious the vulnerability it is.(since it effects more people)
# June 30, 2005 11:59 AM

olesja said:

<a href= http://index1.greathal.com >pre teen pageant gown</a>

# February 2, 2008 2:20 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)