Browser Security News

For online attackers, browsers are the new black. Increasingly, attacks are targeting Microsoft Internet Explorer and Mozilla Firefox, using security holes to compromise victims’ PCs.

Fraudsters are regularly using previously unknown flaws, dubbed "zero-day" flaws, to attack Web surfers’ computers through Internet Explorer. In September, Microsoft released an emergency update to patch what was a previously unknown flaw in the way the browser handled on-the-fly graphics written in the Vector Markup Language. In the first half of 2006, the software giant patched 38 flaws affecting Internet Explorer, according to security firm Symantec. This number is actually down from the number of flaws the company found in the first half of 2004 (45).

The open-source Firefox browser didn’t fare any better. Though it hasn’t suffered the malicious designs of attackers as had Internet Explorer, Symantec researchers did find more than 47 flaws in it during the first half of 2006, a sharp increase from the 7 flaws found in the first half of 2003. The bright spot for Firefox users is that Firefox developers managed to patch security flaws in the software within two days after the vulnerability emerged. Microsoft took an average of nine days.

In a strange, backhanded way, the attentions of attackers are a compliment to Microsoft’s security initiatives. The Windows operating system is becoming increasingly hard to attack, leaving the applications that send data to and from the Internet the most attractive option. And the browser, of course, does that in spades. Solutions from PC Magazine: Browser Bashing