29 July 2008

Browser plugins most popular point of attack

We could have expected it. According to a recent ISS (IBM now) X-Force study, all these nifty browser plugins, have become the biggest point of attack for hackers.
The major source of vulnerabilities is the browser:

And the most important source of vulnerabilities within the browser are plugins:

Surprisingly only exploits for internet exploder active-X plugins have been reported, while I thought the firefox plugins were the most popular.
Maybe their vulnerabilities don't get reported because most are small projects run by individual freeware contributors? There is a list with officially recommended add-ons, but these recommendations are probably more related to stability than to security.
Maybe they don't count extension exploits?