Security expert dubs July the 'month of browser bugs'

Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers.

HD Moore, the creator of Metasploit Framework, a tool that helps test whether a system is safe from intrusion, has dubbed July the Month of Browser Bugs. Already, the security researcher has featured five security flaws, three for Microsoft's Internet Explorer and one apiece for Mozilla's Firefox and Apple Computer's Safari.

Moore noted that one of the IE bugs appeared to have been recently patched.

"This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure," Moore said on his blog. "The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution."

Browser security holes are nothing new, but Moore's repository of flaws shines a light on the problem.

Moore says on his site that he reported two of the IE bugs to Microsoft last March. Microsoft acknowledged that it had been in contact with Moore but downplayed the seriousness of the flaws Moore is publicizing.

"(Microsoft's) investigation has revealed that most issues relating to Internet Explorer in particular will result in the browser closing unexpectedly," the company said in an e-mail statement.

Moore doesn't indicate how many of his published vulnerabilities are critical, but security company Secunia has rated one of the flaws, which Moore calls Internet.HHCtrl Image Property, as highly critical.

[Roman12]

IE

It's obviously true that no browser is perfect, but I think you're always best off using the less popular browsers. Microsoft can barely keep up releasing all these patches to cover up the flaws because of IE's default popularity. I often check my web site's statistics to find that 80% of the visitors are IE users, I bet if Opera or Firefox became super popular it would suddenly become a dangerously "insecure" browser much like IE now. So in my opinion the real reason why Opera and Firefox are a better choice for an average user isn't because of security policies or other security features, but because they aren't targeted as much by people that wish to do damage, to affect the most amount of users possible it just makes sense to target IE.
__________________________________
R.K.
http://www.Remove-All-Spyware.com/

[Roman12]

IE

It's obviously true that no browser is perfect, but I think you're always best off using the less popular browsers. Microsoft can barely keep up releasing all these patches to cover up the flaws because of IE's default popularity. I often check my web site's statistics to find that 80% of the visitors are IE users, I bet if Opera or Firefox became super popular it would suddenly become a dangerously "insecure" browser much like IE now. So in my opinion the real reason why Opera and Firefox are a better choice for an average user isn't because of security policies or other security features, but because they aren't targeted as much by people that wish to do damage, to affect the most amount of users possible it just makes sense to target IE.
__________________________________
R.K.
http://www.Remove-All-Spyware.com/

[i_made_this]

IE's problem isn't its popularity...

...most of its security-related problems devolve to the browser's use of ActiveX which seems to be the component that most aggressively attracts malware. MSFT can *update, improve, assign a new higher level product number* etc all they want to IE, but until ActiveX becomes an optional component and not part of the Windows bundle, IE will remain as holey as swiss cheese. I assure you that Redmond knows this better than we do, and I doubt they'll remove ActiveX in the foreseeable future.

[aabcdefghij987654321]

Not really

Look at the list of flaws in IE again, while there are some involving ActiveX the majority of them are *not* related to ActiveX. ActiveX is a problem in and of itself simply because MS made it capable of accomplishing so very much. That's the real key to all of the vulnerabilities in IE, back in the browser wars MS was continually packing more functionality into IE in order to make their browser more attractive to developers, unfortunately security wasn't a high priority and often got short shrift.

[i_made_this]

IE's problem isn't its popularity...

...most of its security-related problems devolve to the browser's use of ActiveX which seems to be the component that most aggressively attracts malware. MSFT can *update, improve, assign a new higher level product number* etc all they want to IE, but until ActiveX becomes an optional component and not part of the Windows bundle, IE will remain as holey as swiss cheese. I assure you that Redmond knows this better than we do, and I doubt they'll remove ActiveX in the foreseeable future.

[aabcdefghij987654321]

Not really

Look at the list of flaws in IE again, while there are some involving ActiveX the majority of them are *not* related to ActiveX. ActiveX is a problem in and of itself simply because MS made it capable of accomplishing so very much. That's the real key to all of the vulnerabilities in IE, back in the browser wars MS was continually packing more functionality into IE in order to make their browser more attractive to developers, unfortunately security wasn't a high priority and often got short shrift.

[M C]

News.com (hearts) security company PR.

One more regurgitated press release. Please.

[M C]

News.com (hearts) security company PR.

One more regurgitated press release. Please.