Sunday, December 02, 2007

Internet Explorer and Firefox Vulnerability Analysis

Jeffrey Jones has published a reather interesting internet browser Vulnerability Analysis of Internet Explorer and Firefox using cross-checked references of common security bulletings such as Microsoft's Security Bulletin page, Mozilla's security announcements as well as NIST, Secunia, SecurityFocus, and many others.

The report does not cover a vulnerability Window of Exposure, or a statistic of exploits "in the wild" but it's still interesting. In a previous Internet Security Threat Report, IE had an average Window of Exposure of 9 days, followed by Safari with 5, Opera with 2 and Mozilla with 1, according to a Symantec Internet Threat Security Report.

Here's an interesting blog response from Mike Shaver.

Common Vulnerabilities and Exposures (CVE) List:

CVE-2007-0776, CVE-2007-0777, CVE-2007-0779, CVE-2007-0981, CVE-2007-1092, CVE-2007-2292, CVE-2007-2867, CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738, CVE-2007-3845, CVE-2007-4841, CVE-2007-5338

Internet Explorer

CVE-2006-4697, CVE-2007-0024, CVE-2007-0217, CVE-2007-0218, CVE-2007-0219, CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, CVE-2007-1749, CVE-2007-1750, CVE-2007-1751, CVE-2007-2216, CVE-2007-2221, CVE-2007-2222, CVE-2007-3027, CVE-2007-3041, CVE-2007-3826, CVE-2007-3892, CVE-2007-3896

Comparison of Opera, IE, Safari and Firefox