Firefox, iTunes, and Skype were the top 3 applications in a list of 15 with the most security vulnerabilities, a Cambridge, Mass.-based security company said this week.
The list from Bit9 calls out applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) which have at least one critical vulnerability, and that rely on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.
“These popular software applications are frequently downloaded to corporate desktops and can present serious risks for enterprise computing environments,” said Todd Brennan, the co-founder and chief technology officer at Bit9, in a statement. “Understanding what software is actually running in your organization across your entire desktop environment is the first step in regaining application control and protecting your corporate infrastructure.”
Firefox 1.0.7 — which has been patched (and so superseded) by 1.0.8, not to mention Firefox 1.5 — took the top honors with at least five vulnerabilities in the CVE (Common Vulnerabilities and Exposures) database. The Apple iTunes 6.02 and QuickTime 7.0.3 twosome took second.
Related Posts
- Firefox 1.0.7 Released
- Firefox 1.0.7 Released
- Firefox 1.5.0.5 update plugs ‘critical’ holes
- Mozilla Announces Firefox 1.0.1
- Firefox 1.04 Final released
Loading ...
Well they’re using firefox 1.0.7 on their list and also their business seems to be software that prevents ‘unauthorised software’ being run on corporate networks. So this article seems to be very self-serving.
Cool…come….TAKE my files! Yahhhhh!
Seems like the logic is: is it a windows-only app? If no say its unsecure… And by the way if its so easy to find vulnerabilities in open-source software its because they divulgate them to the public unlike the case for closed-source software.
odd ever since i started using firefox i havent had a single case of malware once…. so who published this article and why?
put on your cleats for a run on the astroturf
Same here no malware since I switched form IE. The article doesnt say how thye arrived at their conclusion unfortunatley so despite teh conclusion if you cant back it up with dat then its merely a hypothesis and not a conclusion. Maybe its like “louisgag” notes in that it is open-source softare and thus people have the “blueprints” to find any vulnerabilities.