Its hard time for guys at Mozilla firefox. The browser has earned the title of being the most vulnerable application on windows platform.

Application white listing and application control vendor Bit9, titled firefox on top on its list of top 12 as many of the flaws exposed millions of Windows users to remote code execution attacks.

Here is the list

  • Mozilla Firefox, versions 2.x and 3.x
  • Adobe Acrobat, versions 8.1.2 and 8.1.1
  • Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
  • Apple iTunes, versions 3.2 and 3.1.2
  • Skype, version 3.5.0.248

It’s scary that the list also includes products from antivirus vendors like Symantec, trend micro as well.

The list was made based on the following characteristics

  • Runs on Microsoft Windows.
  • Is well-known in the consumer space and frequently downloaded by individuals.
  • Is not classified as malicious by enterprise IT organizations or security vendors.
  • Contains at least one critical vulnerability that was: first reported in January 2008 or after, registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database athttp://nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
  • Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
  • The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.

Get the full report from Bit9 at http://www.bit9.com/landing/2008vulnerableapps.php

The year 2008 is not so lucky for the firefox folks, first was from Google, who developed its own browser and in the verge of cancellation of their billion dollar agreement with Mozilla. Then an expected new browser from Microsoft which is gaining attention and now it’s titled as the most vulnerable application. Try hard folks you are still number two.

Explore More

Who Are the Hackers?

Hackers and crackers are usually highly intelligent social misfits who tend to have a strong curiosity and often have an anarchist or, at very least, anti-authoritarian bent. They see the

SQL Injection Attacks and Prevent

Introduction Security in software applications is an ever more important topic. In this article, I discuss various aspects of SQL Injection attacks, what to look for in your code, and

Critical SQL Injection in Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet)

PlanetCreator has reported another critical SQL Injection (vulnerability) on Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet) http://www.myantel.net.mm/ SQL injection is a code injection technique that exploits