Firefox (In)Security Update Dynamics Exposed


.

Firefox (In)Security Update Dynamics Exposed

Authors
Stefan Frei, Thomas Duebendorfer, Bernhard Plattner


Summary
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, or any security warnings. Based on HTTP useragent header information stored in anonymized logs from Google's web servers, we measured the patch dynamics of about 75% of the world's Internet users for over a year. Our focus was on the Web browsers Firefox and Opera. We found that the patch level achieved is mainly determined by the ergonomics and default settings of built-in auto-update mechanisms. Firefox' auto-update is very effective: most users installed a new version within three days. However, the maximum share of the latest, most secure version never exceeded 80% for Firefox users and 46% for Opera users at any day in 2007. This makes about 50 million Firefox users with outdated browsers an easy target for attacks. Our study is the result of the first global scale measurement of the patch dynamics of a popular browser.


Published
January, 2009, ACM SIGCOMM


Downloads

  1. Firefox_Insecurity_Update_Dynamics_Exposed_(2009).pdf

Exteral Links

  1. ACM Library

About

HOME | TOOLS | BUG BOUNTY | TOP 10 | PUBLICATIONS IP Address: 54.167.253.186
Date Time: 2017-11-21 07:55:21
Recent Papers
Recent Press Coverage
© 2000-2017 Stefan Frei
techzoom.net