NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0357 Red Hat and Firefox said to be more buggy than Microsoft products:
Secunia has found that the number of security bugs in the open source Red Hat Linux
operating system and Firefox browsers far outstripped comparable products from
Microsoft last year. Out of the operating systems monitored by Secunia -- Windows
(98 and onwards), Mac OS/X, HP-UX 10.x and 11.x, Solaris 8, 9, and 10 and Red Hat
excluding Fedora) -- Red Hat was found to have by far the most vulnerabilities, at
633, with 99% found in third-party components. Red Hat has taken issue with the
figures, claiming the accurate number should be 404 vulnerabilities for last year.
Solaris came next with 252 bugs, 80% of which were in third-party components.
Mac OS/X came after that with 235, 62% of which were third-party. Windows had only
123 bugs reported, but 96% of those were found in the operating system itself.
HP-UX had 75 bugs reported, 81% of which were in third-party code. In the browser
field, Firefox led the way with 64 bugs, compared to 43 for Internet Explorer, and
14 each for Opera and Safari. However, in an examination of zero-day flaws - reported
by third parties before a patch was available - Secunia found that Firefox tended to
get more patches, sooner, compared to IE. Out of eight zero-day bugs reported for
Firefox in 2007, five have been patched, three of those in just over a week. Out of
10 zero-day IE bugs, only three were patched and the shortest patch time was 85 days.
Secunia said ActiveX was hit by the largest number of browser add-on bugs in 2007,
with 339, compared to 45 last year. QuickTime followed with 35 bugs and Java with
21 bugs.
(TechWorld 17JAN08)