Jump to content
Nytro

Browser Security Comparison

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Browser Security Comparison

A Quantitative Approach

Document Profile

Version 0.0

Published 12/6/2011

Contents
Authors ......................................................................................................................................................... v
Executive Summary ...................................................................................................................................... 1
Methodology Delta .................................................................................................................................. 1
Results ...................................................................................................................................................... 2
Conclusion ................................................................................................................................................ 2
Introduction ................................................................................................................................................. 3
Analysis Targets ....................................................................................................................................... 4
Analysis Environment............................................................................................................................... 4
Analysis Goals .......................................................................................................................................... 4
Browser Architecture ................................................................................................................................... 5
Google Chrome ........................................................................................................................................ 5
Internet Explorer ...................................................................................................................................... 5
Mozilla Firefox .......................................................................................................................................... 6
Summary .................................................................................................................................................. 6
Browser Comparison ................................................................................................................................ 8
Historical Vulnerability Statistics .................................................................................................................. 8
Browser Comparison ................................................................................................................................ 8
Issues with Counting Vulnerabilities ......................................................................................................... 9
Issues Surrounding Timeline Data .......................................................................................................... 10
Issues Surrounding Severity .................................................................................................................... 11
Issues Unique to Particular Vendors ....................................................................................................... 11
Data Gathering Methodology ................................................................................................................. 13
Update Frequencies ............................................................................................................................... 13
Publicly Known Vulnerabilities ................................................................................................................ 16
Vulnerabilities by Severity ...................................................................................................................... 17
Time to Patch ......................................................................................................................................... 18
URL Blacklist Services ................................................................................................................................. 20
Comparing Blacklists ............................................................................................................................... 20
“Antivirus-via-HTTP” ............................................................................................................................... 20
Multi-Browser Defense ........................................................................................................................... 20
Comparing Blacklist Services ................................................................................................................... 21
Comparison Methodology ...................................................................................................................... 21
Results Analysis ...................................................................................................................................... 21
Conclusions ............................................................................................................................................ 25
Anti-exploitation Technologies ................................................................................................................... 26
Address Space Layout Randomization (ASLR) ......................................................................................... 26
Data Execution Prevention (DEP) ............................................................................................................ 26
Stack Cookies (/GS) ................................................................................................................................ 26
SafeSEH/SEHOP ...................................................................................................................................... 26
Sandboxing ............................................................................................................................................. 27
JIT Hardening ......................................................................................................................................... 28
Browser Anti-Exploitation Analysis ............................................................................................................. 31
Browser Comparison ............................................................................................................................... 32
Google Chrome ...................................................................................................................................... 34
Microsoft Internet Explorer .................................................................................................................... 45
Mozilla Firefox ........................................................................................................................................ 58
Browser Add-Ons ....................................................................................................................................... 67
Browser Comparison ............................................................................................................................... 68
Google Chrome ...................................................................................................................................... 69
Internet Explorer .................................................................................................................................... 80
Firefox .................................................................................................................................................... 89
Add-on summary ................................................................................................................................... 97
Conclusions ................................................................................................................................................ 98
Bibliography ............................................................................................................................................. 100
Appendix A – Chrome Frame ......................................................................................................................... I
Overview ................................................................................................................................................... I
Decomposition ......................................................................................................................................... II
Security Implications ............................................................................................................................... III
Risk Mitigation Strategies ......................................................................................................................... V
Conclusion ................................................................................................................................................ V
Bibliography ............................................................................................................................................ VI
Appendix B .................................................................................................................................................... I
Google Chrome ......................................................................................................................................... I
Internet Explorer ................................................................................................................................... XIII
Mozilla Firefox ..................................................................................................................................... XVIII
Tools .............................................................................................................................................................. I

Authors

Listed in alphabetical order:

- Joshua Drake (jdrake@accuvant.com)

- Paul Mehta (pmehta@accuvant.com)

- Charlie Miller (charlie.miller@accuvant.com)

- Shawn Moyer (smoyer@accuvant.com)

- Ryan Smith (rsmith@accuvant.com)

- Chris Valasek (cvalasek@accuvant.com)

Pages: 140

Download:

http://www.accuvant.com/sites/default/files/AccuvantBrowserSecCompar_FINAL.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...