The major source of vulnerabilities is the browser:


And the most important source of vulnerabilities within the browser are plugins:

Surprisingly only exploits for internet exploder active-X plugins have been reported, while I thought the firefox plugins were the most popular.
Maybe their vulnerabilities don't get reported because most are small projects run by individual freeware contributors? There is a list with officially recommended add-ons, but these recommendations are probably more related to stability than to security.
Maybe they don't count extension exploits?
No comments:
Post a Comment