ActiveX is least secure plug-in

**Glaswegian** · 04-14-2008, 02:37 PM

ActiveX controls made up most of all browser plug-in vulnerabilities in the second half of 2007, according to Symantec.

The company has just released its semi-annual web security report and in it said that Microsoft's technology, primarily used to create add-ins for Internet Explorer, accounted for 79 percent of the 239 plug-in bugs discovered between July and December 2007. The plug-in with the next-highest number of flaws was Apple's QuickTime, which had just 8 percent of the six-month's total.

Only one vulnerability in a plug-in for Mozilla's Firefox browser was detected in the same period, meaning Firefox's extensions - the moniker Mozilla uses for plug-ins - accounted for only 0.4 percent of all found flaws.

Symantec argued that ActiveX's poor showing could stem from several factors, including the availability of "fuzzing" tools that hackers can use to sniff out input vulnerabilities in the controls. But it also fingered several traits inherent to the add-on technology.

http://www.techworld.com/security/ne...S&NewsID=11967

04-14-2008, 02:37 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,449 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	ActiveX is least secure plug-in ActiveX controls made up most of all browser plug-in vulnerabilities in the second half of 2007, according to Symantec. The company has just released its semi-annual web security report and in it said that Microsoft's technology, primarily used to create add-ins for Internet Explorer, accounted for 79 percent of the 239 plug-in bugs discovered between July and December 2007. The plug-in with the next-highest number of flaws was Apple's QuickTime, which had just 8 percent of the six-month's total. Only one vulnerability in a plug-in for Mozilla's Firefox browser was detected in the same period, meaning Firefox's extensions - the moniker Mozilla uses for plug-ins - accounted for only 0.4 percent of all found flaws. Symantec argued that ActiveX's poor showing could stem from several factors, including the availability of "fuzzing" tools that hackers can use to sniff out input vulnerabilities in the controls. But it also fingered several traits inherent to the add-on technology. http://www.techworld.com/security/ne...S&NewsID=11967 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner