Security Basics mailing list archives

Re: What is the most secure web browser,

From: secureot <secureot () yahoo com>
Date: Tue, 16 Sep 2003 10:04:24 -0700 (PDT)

Well I read this reply before but just a quick example
of why I don't beleive it's the best solution:
Mozillla bugs....

2003-09-08:  Multiple Vendor Web Browser LiveConnect
JavaScript Denial Of Service Vulnerability 
  2003-08-18:  Netscape/Mozilla JAR Remote Heap
Corruption Vulnerability 
  2003-06-07:  Multiple Browser Timed Document.Write
Method Cross Domain Policy Vulnerability 
  2003-06-03:  Multiple Vendor Algorithmic Complexity
Denial of Service Vulnerability 
  2003-06-01:  Multiple IMAP Client Integer Overflow
Vulnerabilities 
  2003-05-21:  Bugzilla Default HTML Template
Cross-Site Scripting Vulnerabilities 
  2003-05-21:  Bugzilla Insecure Temporary File
Handling Vulnerabilities 
  2003-04-25:  Bugzilla Local Dependency Graph HTML
Injection Vulnerability 
  2003-04-17:  Mozilla Browser Cross Domain Violation
Vulnerability 
  2003-03-21:  Mozilla Bonsai Remote Command Execution
Vulnerability 
  2003-03-21:  Mozilla Bonsai Parameters Page
Unauthenticated Access Weakness 
  2003-03-21:  Mozilla Bonsai Path Disclosure
Vulnerability 
  2003-03-21:  Mozilla Bonsai Multiple Cross Site
Scripting Vulnerabilities 
  2003-02-25:  Netscape Style Sheet Denial Of Service
Vulnerability 
  2003-02-13:  Mozilla XMLSerializer Same Origin
Policy Violation Vulnerability 
  2003-02-13:  Mozilla Space Key XPI Installation
Vulnerability 
  2003-02-13:  Mozilla document.open() Memory
Corruption Denial of Service Vulnerability 
  2003-02-13:  Mozilla Browser HTTP/HTTPS Redirection
Weakness 
  2003-02-13:  Mozilla OnUnload Referer Information
Leakage Vulnerability 
  2003-02-13:  Multiple Browser Zero Width GIF Image
Memory Corruption Vulnerability 
  2003-01-16:  Bugzilla LocalConfig Backup File
Disclosure Vulnerability 
  2003-01-16:  Bugzilla Data/Mining Directory Insecure
Permissions Vulnerability 
  2003-01-02:  Bugzilla quips Feature Cross Site
Scripting Vulnerability 
  2002-11-29:  Mozilla Browser Large HTTP Header
Buffer Overflow Vulnerability 
  2002-11-29:  Netscape/Mozilla Javascript Array
Object Heap Corruption Vulnerability 
  2002-11-29:  Mozilla Netscape Navigator Plug-In Path
Disclosure Vulnerability 
  2002-11-26:  Netscape/Mozilla POP3 Mail Handler
Integer Overflow Vulnerability 
  2002-10-09:  Bugzilla Group Creation With Elevated
Privileges Vulnerability 
  2002-10-01:  Bugzilla Bugzilla_Email_Append.pl
Arbitrary Command Execution Vulnerability 
  2002-10-01:  Bugzilla Account Creation SQL Injection
Vulnerability 
  2002-09-18:  Mozilla Multiple Vulnerabilities 
  2002-08-28:  Netscape/Mozilla IRC Buffer Overflow
Vulnerability 
  2002-08-28:  Multiple Bugzilla Security
Vulnerabilities 
  2002-08-06:  Mozilla FTP View Cross-Site Scripting
Vulnerability 
  2002-07-29:  Multiple Browser Vendor Same Origin
Policy Design Error Vulnerability 
  2002-07-24:  Mozilla JavaScript URL Host Spoofing
Arbitrary Cookie Access Vulnerability 
  2002-06-12:  Netscape / Mozilla Malformed Email POP3
Denial Of Service Vulnerability 
  2002-05-29:  Multiple Vendor JavaScript Interpreter
Denial Of Service Vulnerability 
  2002-05-29:  Netscape/Mozilla Null Character Cookie
Stealing Vulnerability 
  2002-05-29:  Netscape/Mozilla/Galeon Local File
Detection Vulnerability 
  2002-05-29:  Mozilla / Netscape 6 XMLHttpRequest
File Disclosure Vulnerability 
  2002-01-08:  BugZilla LongList.CGI SQL Query
Manipulation Vulnerability 
  2002-01-08:  BugZilla BugList.CGI HTML Form SQL
Query Manipulation Vulnerability 
  2002-01-08:  BugZilla UserPrefs.CGI Groupset Form
Element Manipulation Vulnerability 
  2002-01-08:  BugZilla DoEditVotes.CGI Login Error
Information Leak Vulnerability 
  2002-01-08:  BugZilla BugList.CGI SQL Query
Manipulation Vulnerability  
  2002-01-08:  BugZilla Show_Bug.CGI Product Pulldown
Bug Disclosure Vulnerability 
  2002-01-08:  BugZilla Process_Bug.CGI Comment
Spoofing Vulnerability 
  2002-01-08:  BugZilla Post_Bug.CGI Bug Report
Spoofing Vulnerability 
  2002-01-08:  BugZilla LDAP Authentication Bypass
Vulnerability 
  2001-12-28:  Mozilla Predictable Temporary File
Symbolic Link Attack Vulnerability 
  2001-12-13:  Multiple Vendor Image Count Denial of
Service Vulnerability 
  2001-09-11:  BugZilla ShowDependencyGraph.CGI
Restricted Bug Comments Revealing Vulnerability 
  2001-09-11:  BugZilla ShowDependencyTree.CGI
Restricted Bug Comments Revealing Vulnerability 
  2001-09-11:  BugZilla ShowVotes.CGI Restricted Bug
Comments Revealing Vulnerability 
  2001-09-11:  Bugzilla createaccount.cgi Cross-Site
Scripting Vulnerability 
  2001-09-11:  Bugzilla showvotes.cgi Cross-Site
Scripting Vulnerability 
  2001-09-11:  Bugzilla reports.cgi Cross-Site
Scripting Vulnerability 
  2001-09-11:  Bugzilla describecomponents.cgi
Arbitrary Bug Viewing Vulnerability 
  2001-09-11:  Bugzilla showattachment.cgi Arbitrary
Bug Viewing Vulnerability 
  2001-09-11:  BugZilla Show_Activity.CGI Restricted
Bug Comments Revealing Vulnerability 
  2001-09-11:  BugZilla Process_Bug.CGI Restricted Bug
Comments Revealing Vulnerability 
  2001-08-31:  Bugzilla process_bug.cgi Duplicate Bug
Disclosure Vulnerability 
  2001-08-31:  Bugzilla process_bug.cgi Information
Disclosure Vulnerability 
  2001-05-01:  Bugzilla Sensitive Information
Disclosure Vulnerability 
  2000-07-25:  Netscape Communicator JPEG-Comment Heap
Overwrite Vulnerability 
  2000-05-11:  Bugzilla Remote Arbitrary Command
Execution Vulnerability 
  1900-01-01:  Bugzilla Login Cookie Reverse Resolved
Host Name Vulnerability 

Any thoughts?
--- irado furioso com tudo <irado () nettaxi com> wrote:

On Mon, 15 Sep 2003 16:37:16 -0700 (PDT)
secureot <secureot () yahoo com> wrote:
]

My question to the list, is what is the most

secure

browser that will not get manipulated like IE?

]

think that mozilla is good enough :-)



---

saudações,
irado furioso com tudo
100% Microsoft-free
Linux User 179402/FreeBSD BSD50853

Tudo o que Existe egressa do Ser e regressa ao Ser.
O Ser é o Insondável
Tao. Das profundezas do Ser nascem todos os seres
que existem. 
O Ser, porém, é o abismo do Não-Existir.



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

What is the most secure web browser, secureot (Sep 16)
- Re: What is the most secure web browser, Ansgar Wiechers (Sep 16)
- Re: What is the most secure web browser, Tim Larson (Sep 16)
  - Re: What is the most secure web browser, Meritt James (Sep 16)
- Re: What is the most secure web browser, irado furioso com tudo (Sep 16)
  - Re: What is the most secure web browser, secureot (Sep 16)
    - Re: What is the most secure web browser, Kamal Habayeb (Sep 17)
  - RE: What is the most secure web browser, Michael LaSalvia (Sep 16)
- RE: What is the most secure web browser, Mark Sargent (Sep 16)
- Re: What is the most secure web browser, Chris Ess (Sep 16)
  - What is the most secure web browser, secureot (Sep 16)
    - Re: What is the most secure web browser, web () shaon net (Sep 17)
  - Re: What is the most secure web browser, Patrice Neff (Sep 17)
- Re: What is the most secure web browser, gregh (Sep 17)
- <Possible follow-ups>
- RE: What is the most secure web browser, Chris Santerre (Sep 16)
  - New RPC exploit for the latest RPC vulnerability JGrimshaw (Sep 17)