Vulnerabilidades en Mozilla.
El US-CERT (Centro nacional de emergencias informáticas de EEUU) ha informado, ayer 17 de abril, de 11 vulnerabilidades del navegador Mozilla y sus componentes, de esas vulnerabilidades, 10 permiten ejecutar código arbitrario en el sistema y una de ellas permite un ataque de denegación de servicios.
Esta claro que cuanto mas aumenta el uso de este navegador, mas aumentan sus vulnerabilidades, entre otras cosas porque cuanto mas se extiende un navegador mas apetecible se hace a los atacantes, por eso es una tontería decir que se usa Mozilla porque es mas seguro que Internet Explorer.
La solución de estas vulnerabilidades es actualizarse a Firefox 1.5.0.2, Mozilla Thundebird 1.5.0.2 y SeaMonkey 1.0.1. Personalmente les recomiendo un texto muy interesante del US-CERT sobre segurización de navegadores, con la única pega de que está en ingles.
Detalles vulnerabilidades Mozilla:
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
Haz tu navegador seguro (Ingles):
http://www.us-cert.gov/reading_room/securing_browser/
Mozilla vs Internet Explorer.
http://vtroger.blogspot.com/2005/09/mozilla-vs-internet-explorer.html
Mira esta página con explorer
http://cucc3.atw.hu/boot.htm
quien es más seguro?
IE o Moz.
Estimado lector yo no tengo nada en contra de Mozilla. Y las pruebas de comcepto de vulnerabilidades estan muy vistas, quiero datos. Como las vulnerabilidades del 2006
Mozilla
1. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
2006-04-19
http://www.securityfocus.com/bid/17516
2. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
2006-04-19
http://www.securityfocus.com/bid/16476
3. Mozilla Firefox Large History File Buffer Overflow Vulnerability
2006-04-19
http://www.securityfocus.com/bid/15773
4. Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17499
5. Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities
2006-03-20
http://www.securityfocus.com/bid/12461
6. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
2006-03-09
http://www.securityfocus.com/bid/14784
7. Mozilla Browser/Firefox XBM Image Processing Heap Overflow Vulnerability
2006-03-09
http://www.securityfocus.com/bid/14916
8. Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability
2006-03-09
http://www.securityfocus.com/bid/14917
9. Mozilla Browser/Firefox Chrome Window Spoofing Vulnerability
2006-03-09
http://www.securityfocus.com/bid/14919
10. Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass Privilege Escalation Weakness
2006-03-09
http://www.securityfocus.com/bid/14920
11. Mozilla Browser/Firefox Arbitrary HTTP Request Injection Vulnerability
2006-03-09
http://www.securityfocus.com/bid/14923
12. Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption Vulnerability
2006-03-08
http://www.securityfocus.com/bid/14918
13. Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
2006-03-07
http://www.securityfocus.com/bid/14921
14. Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability
2006-03-04
http://www.securityfocus.com/bid/14888
15. Mozilla Firefox HTML Parsing Denial of Service Vulnerability
2006-02-22
http://www.securityfocus.com/bid/16741
16. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
2006-02-14
http://www.securityfocus.com/bid/14242
17. Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
2006-02-07
http://www.securityfocus.com/bid/16427
18. Multiple Browser Proxy Auto-Config Script Handling Remote Denial of Service Vulnerability
2006-01-10
http://www.securityfocus.com/bid/14924
Internet explorer
1. Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17196
2. Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17457
3. Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17453
4. Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17181
5. Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17468
6. Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17454
7. Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17460
8. Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17455
9. Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
2006-04-17
http://www.securityfocus.com/bid/17131
10. Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability
2006-04-11
http://www.securityfocus.com/bid/17450
11. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
2006-04-10
http://www.securityfocus.com/bid/17404
12. Microsoft Internet Explorer WMF Image Parsing Memory Corruption Vulnerability
2006-04-07
http://www.securityfocus.com/bid/16516
13. Microsoft Windows DHTML Edit Control Script Injection Vulnerability
2006-03-11
http://www.securityfocus.com/bid/11950
14. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
2006-03-09
http://www.securityfocus.com/bid/16978
15. Microsoft Internet Explorer IsComponentInstalled Buffer Overflow Vulnerability
2006-03-03
http://www.securityfocus.com/bid/16870
16. Microsoft Internet Explorer Script Engine Buffer Overflow Vulnerability
2006-02-21
http://www.securityfocus.com/bid/16687
17. Microsoft Internet Explorer Drag And Drop File Installation Vulnerability Variant
2006-02-14
http://www.securityfocus.com/bid/16352
18. Microsoft Windows Media Player Automatic File Download and Execution Vulnerability
2006-02-07
http://www.securityfocus.com/bid/7640
19. Microsoft Internet Explorer Dialog Manipulation Vulnerability
2006-02-07
http://www.securityfocus.com/bid/15823
20. Microsoft Internet Explorer ActiveX Control Kill Bit Bypass Vulnerability
2006-02-07
http://www.securityfocus.com/bid/16409
21. Microsoft Internet Explorer URLMon.DLL Denial Of Service Vulnerability
2006-02-07
http://www.securityfocus.com/bid/16463
22. Microsoft Internet Explorer Flash ActionScript JScript Handling Denial of Service Vulnerability
2006-02-07
http://www.securityfocus.com/bid/16441
23. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
2006-01-16
http://www.securityfocus.com/bid/16240
En el 2006 IE 23 vulnerabilidades Mozilla Firefox 18. Son muy seguros estos navegadores?
Lo único que he visto y que me parece muy bien es el sistema de correccion o actualizaciones de firefox son mas eficientes qe bug explorer, ese navegador debería trminarsey y yo creo que viaja para su autodestrucción.
Yo solo digo que no es mas seguro Mozilla que IE ni al revés, la seguridad es la misma, en este caso quien tiene que marcar la diferencia es el usuario.
java adshttp://www.hover-it.comAfter eating an entire bull, an mountain lion felt so good he started roaring, he kept it up until a hunter came and shot him….the moral? its best to keep your mouth shut if you’re full of bull.java ads