Jump to content
Nytro

Browser Security Comparison

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Browser Security Comparison

A Quantitative Approach

Document Profile

Version 0.0

Published 12/6/2011

Contents
Authors ......................................................................................................................................................... v
Executive Summary ...................................................................................................................................... 1
Methodology Delta .................................................................................................................................. 1
Results ...................................................................................................................................................... 2
Conclusion ................................................................................................................................................ 2
Introduction ................................................................................................................................................. 3
Analysis Targets ....................................................................................................................................... 4
Analysis Environment............................................................................................................................... 4
Analysis Goals .......................................................................................................................................... 4
Browser Architecture ................................................................................................................................... 5
Google Chrome ........................................................................................................................................ 5
Internet Explorer ...................................................................................................................................... 5
Mozilla Firefox .......................................................................................................................................... 6
Summary .................................................................................................................................................. 6
Browser Comparison ................................................................................................................................ 8
Historical Vulnerability Statistics .................................................................................................................. 8
Browser Comparison ................................................................................................................................ 8
Issues with Counting Vulnerabilities ......................................................................................................... 9
Issues Surrounding Timeline Data .......................................................................................................... 10
Issues Surrounding Severity .................................................................................................................... 11
Issues Unique to Particular Vendors ....................................................................................................... 11
Data Gathering Methodology ................................................................................................................. 13
Update Frequencies ............................................................................................................................... 13
Publicly Known Vulnerabilities ................................................................................................................ 16
Vulnerabilities by Severity ...................................................................................................................... 17
Time to Patch ......................................................................................................................................... 18
URL Blacklist Services ................................................................................................................................. 20
Comparing Blacklists ............................................................................................................................... 20
“Antivirus-via-HTTP” ............................................................................................................................... 20
Multi-Browser Defense ........................................................................................................................... 20
Comparing Blacklist Services ................................................................................................................... 21
Comparison Methodology ...................................................................................................................... 21
Results Analysis ...................................................................................................................................... 21
Conclusions ............................................................................................................................................ 25
Anti-exploitation Technologies ................................................................................................................... 26
Address Space Layout Randomization (ASLR) ......................................................................................... 26
Data Execution Prevention (DEP) ............................................................................................................ 26
Stack Cookies (/GS) ................................................................................................................................ 26
SafeSEH/SEHOP ...................................................................................................................................... 26
Sandboxing ............................................................................................................................................. 27
JIT Hardening ......................................................................................................................................... 28
Browser Anti-Exploitation Analysis ............................................................................................................. 31
Browser Comparison ............................................................................................................................... 32
Google Chrome ...................................................................................................................................... 34
Microsoft Internet Explorer .................................................................................................................... 45
Mozilla Firefox ........................................................................................................................................ 58
Browser Add-Ons ....................................................................................................................................... 67
Browser Comparison ............................................................................................................................... 68
Google Chrome ...................................................................................................................................... 69
Internet Explorer .................................................................................................................................... 80
Firefox .................................................................................................................................................... 89
Add-on summary ................................................................................................................................... 97
Conclusions ................................................................................................................................................ 98
Bibliography ............................................................................................................................................. 100
Appendix A – Chrome Frame ......................................................................................................................... I
Overview ................................................................................................................................................... I
Decomposition ......................................................................................................................................... II
Security Implications ............................................................................................................................... III
Risk Mitigation Strategies ......................................................................................................................... V
Conclusion ................................................................................................................................................ V
Bibliography ............................................................................................................................................ VI
Appendix B .................................................................................................................................................... I
Google Chrome ......................................................................................................................................... I
Internet Explorer ................................................................................................................................... XIII
Mozilla Firefox ..................................................................................................................................... XVIII
Tools .............................................................................................................................................................. I

Authors

Listed in alphabetical order:

- Joshua Drake (jdrake@accuvant.com)

- Paul Mehta (pmehta@accuvant.com)

- Charlie Miller (charlie.miller@accuvant.com)

- Shawn Moyer (smoyer@accuvant.com)

- Ryan Smith (rsmith@accuvant.com)

- Chris Valasek (cvalasek@accuvant.com)

Pages: 140

Download:

http://www.accuvant.com/sites/default/files/AccuvantBrowserSecCompar_FINAL.pdf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...