Mozilla’s Firefox has the most number of vulnerabilities at forty seven, followed by Microsoft Internet Explorer’s thirty eight. This is an increase from last year’s record of 17 and 25, respectively. Even Apple’s Safari doubled its vulnerabilities to twelve, but Opera’s bugs decreased from nine to seven. IE remains as the most targeted web browser, accounting for 47% of all attacks. In second place (31%) are attacks exploiting the same vulnerabilities in multiple browsers, and Firefox placed third with 20 percent.
Despite the higher number of bugs, Mozilla ranks first in issuing patches, averaging only a day after public disclosure. Opera and Safari closely follows, while IE ranks last, avering nine days per patch. As for operating system patches, Sun has the highest patch development time at 89 days, while Microsoft ties with Red Hat for the shortest at 13 days.
7 out of every 10 new vulnerabilities uncovered from January through June were bugs in Web applications, and four-fifths of these were easily exploitable. Most of the attacks targeted home users and small businesses.
Phishing has also increased, with the financial sector receiving the bulk of these attacks. Phishing targeting Internet service providers (ISP) accounts ranked second. The United States was both the source of most attacks and the target for most Denial of Service (DoS) attacks.
A copy of the report can be downloaded from Sysmantec’s here.