After-Life Vulnerabilities: A Study on Firefox Evolution, Its Vulnerabilities, and Fixes
نویسندگان
چکیده
We study the interplay in the evolution of Firefox source code and known vulnerabilities in Firefox over six major versions (v1.0, v1.5, v2.0, v3.0, v3.5, and v3.6) spanning almost ten years of development, and integrating a numbers of sources (NVD, CVE, MFSA, Firefox CVS). We conclude that a large fraction of vulnerabilities apply to code that is no longer maintained in older versions. We call these after-life vulnerabilities. This complements the Milk-or-Wine study of Ozment and Schechter—which we also partly confirm—as we look at vulnerabilities in the reference frame of the source code, revealing a vulnerabilitiy’s future, while they looked at its past history. Through an analysis of that code’s market share, we also conclude that vulnerable code is still very much in use both in terms of instances and as global codebase: CVS evidence suggests that Firefox evolves relatively slowly. This is empirical evidence that the software-evolution-as-security solution— patching software and automatic updates—might not work, and that vulnerabilities will have to be mitigated by other means.
منابع مشابه
Role of Crisis Management in Reducing Socio-Psychological Vulnerabilities after Natural Disasters (Case study: Citizens of Bam City)
Natural disasters in various forms have been identified as destructive phenomena during the life of earth planet and are also a serious threat to the inhabitants of the planet. Therefore, this issue leaded to the formation of a process called crisis management which includes activities occurring before, within and after the event to reduce the vulnerability. The country of Iran is considered as...
متن کاملPerfectionism and Stressful Life Events as Vulnerabilities to Depression Symptoms in Students
IntroductionThe mood disorders such as depression are the most common mental disorders among individuals. In addition to, girls’ students as a group at high risk are known for developing this disorder. The aim of this study was to investigate the role of perfectionism and stressful life events in predicting disordered depression symptoms among girls’ students. Materials and Methods: This cross-...
متن کاملAn Empirical Study of Vulnerability Rewards Programs
We perform an empirical study to better understand two well-known vulnerability rewards programs, or VRPs, which software vendors use to encourage community participation in finding and responsibly disclosing software vulnerabilities. The Chrome VRP has cost approximately $580,000 over 3 years and has resulted in 501 bounties paid for the identification of security vulnerabilities. The Firefox ...
متن کاملCrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
Extension architectures of popular web browsers have been carefully studied by the research community; however, the security impact of interactions between different extensions installed on a given system has received comparatively little attention. In this paper, we consider the impact of the lack of isolation between traditional Firefox browser extensions, and identify a novel extension-reuse...
متن کاملVulnerabilities in Browsers: Trends in Internet Explorer and Firefox
Since the browsers serve as the gateway to the web, vulnerabilities in browsers can have great impact. Recently there has been considerable debate about the vulnerabilities in the two major browsers Microsoft Internet Explorer and Mozilla Firefox which represent two opposite development paradigms. Here we present a quantitative perspective involving vulnerability detection rates, severity and p...
متن کامل