09-17-2004, 08:01
|
||||
|
||||
統計:Firefox侵蝕微軟IE市場
CNET新聞專區:Robert Lemos 16/09/2004
開放原始碼瀏覽器Mozilla與Firebox在過去九個月來已經成功拉攏不少IE用戶帶槍投靠,網站統計數據顯示。 週二剛推出1.0版的Firefox與Mozilla兩個瀏覽器在部分玩家型往站的進步幅度更是明顯。例如知名的網站開發教學網站W3schools.com發現,Mozilla瀏覽器使用率在九月份佔了總體訪客中的18%,比1月份的8%大幅上揚不少。IE瀏覽器在同時其則從84%跌落至75%。 在CNET讀者群中,過去兩週使用Firefox與Mozilla瀏覽器的讀者躍升至18%,比一月份的8%來得高。 負責開發Mozilla與Firefox瀏覽器(以及底層Gecko瀏覽器引擎)的Mozilla基金會已表示,下載Firefox瀏覽器的人次已從0.8版的300萬人次增加到0.9版的600萬人次。該組織表示最新1.0測試版也已有16萬人下載過。 「顯然,今年7月IE瀏覽器出現嚴重安全問題後,市場對其他瀏覽器就有強烈興趣。」Mozilla發言人Bart Decrem表示,「你或許認為這可能只是曇花一現,但其實當時的成長已經一直延續到現在。」 網站分析估撕WebSideStory公司表示,主流用戶對於非微軟瀏覽器似乎還沒有太強烈的興趣,但也有逐步增加採用Firefox的傾向。九月份造訪電子商務或企業往站的用戶中,有5.2%採用Firefox或Mozilla瀏覽器;而微軟IE的使用率則從七月份的95.5%下滑至九月份的93.7%。 Mozilla基金會是由Netscape Commnicatons公司在1998年成立,但之前跟微軟的競爭中一直處於劣勢。Netscape在2000年推出一款採開放原始碼開發的瀏覽器,但缺乏市場接受度,後來Mozilla強迫縮小檔案並加快瀏覽器速度後推出Phoenix版本,接著才有Firebird,以及現在的Firefox。 Mozilla軟體可說得利於微軟IE瀏覽器的多個嚴重漏洞。七月時,安全專家現在有廣告業者利用IE漏洞在用戶PC上偷裝廣告軟體。本週,另一個圖形漏洞也可能對IE用戶造成困擾。 另一個對此一開放原始碼組織有利的是瀏覽器上的一些先進功能,比如阻擋pop-up廣告等。不過微軟最近也在更新版中加入這項功能。 Firefox還不是微軟平台策略總經理Martin Taylor的攻擊目標之一。Taylor本人負責所有跟Linux或開放原始碼相關的反制行動。不過他認為未來數月有可能成為討論話題。 「Firefox接受度有攀升的趨勢,越來越多人注意到它的存在。」Taylor在週三訪問中如此表示。(陳奭璁) Firefox - Rediscover the web http://www.mozilla.org/products/firefox/ Mozilla - Home of the Firefox web browser, Thunderbird and the Mozilla Suite http://www.mozilla.org/
__________________
|
|
09-18-2004, 07:36
|
||||
|
||||
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Technical Cyber Security Alert TA04-261A Multiple vulnerabilities in Mozilla products Original release date: September 17, 2004 Last revised: -- Source: US-CERT Systems Affected Mozilla software, including the following: * Mozilla web browser, email and newsgroup client * Firefox web browser * Thunderbird email client Overview Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. I. Description Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes: VU#414240 - Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp Mozilla Mail contains a stack overflow vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. This can be exploited in the preview mode as well. VU#847200 - Mozilla contains integer overflows in bitmap image decoder A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system. VU#808216 - Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a malicious POP3 server to execute arbitrary code on the affected system. VU#327560 - Mozilla "send page" feature contains a buffer overflow vulnerability There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code. VU#651928 - Mozilla allows arbitrary code execution via link dragging A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. VU#847200 could also allow a remote attacker to crash an affected application. III. Solution Upgrade to a patched version Mozilla has released versions of the affected software that contain patches for these issues: * Mozilla 1.7.3 * Firefox Preview Release * Thunderbird 0.8 Users are strongly encouraged to upgrade to one of these versions. Appendix A. References * Mozilla Security Advisory - <http://www.mozilla.org/projects/secu...erabilities.ht ml> * Mozilla 1.7.2 non-ascii hostname heap overrun, Gael Delalleau - * Security Audit of Mozilla's .bmp image parsing, Gael Delalleau - * Security Audit of Mozilla's POP3 client protocol, Gael Delalleau - * US-CERT Vulnerability Note VU#414240 - * US-CERT Vulnerability Note VU#847200 - * US-CERT Vulnerability Note VU#808216 - * US-CERT Vulnerability Note VU#125776 - * US-CERT Vulnerability Note VU#327560 - * US-CERT Vulnerability Note VU#651928 - _________________________________________________________________ Mozilla has assigned credit for reporting of these issue to the following: * VU#414240: Georgi Guninski * VU#847200: Gael Delalleau * VU#808216: Gael Delalleau and Mats Palmgren * VU#125776: Gael Delalleau * VU#327560: Georgi Guninski * VU#651928: Jesse Ruderman _________________________________________________________________ Feedback can be directed to the US-CERT Technical Staff. _________________________________________________________________ This document is available from: _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: _________________________________________________________________ Revision History Sept 17, 2004: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQUtEPBhoSezw4YfQAQIosQgAkny8jByUHOSsukYr4u20BGhOb1FI2wKY GilIzIJy8sKtHq6S3XHMk5xXH8dDgheODPV3NLB6X6sksG4x1o5pQKq2lgANas13 EIIfVb5p3//uS0qV/zhPlc7tkBcJAVgx1BaExorJpsHeEfhF22+hPt+BuuBM875B T1owipQIGbADQjhh4zVAJYSsLl3R8ZHYu8QnJlRn+qCF2Psg2eTnXlzfzIHvhl/3 KuaeqQ86V+B+uXUox2FjlrOzYujUY2z+syRkfNFINIo3E51rRJxF5SGxNt0gPD+y CqZw4LDf+HqdpIQd6J/vJq4GcOkOXYraXskUK8zwCiSwqSw1ucYGvA== =C1IN -----END PGP SIGNATURE-----
__________________
|
|
平鋪模式
