[x-posted to hackquest, net-force and my blog]

yeah yeah. the year hasn't ended yet, but we've already got stuff like the top cybercrimes, top swimsuit design, top hot model, yada yada.
bit9 came up with the year's top vulnerable applications on the windows platform and guess who tops the list?
.
.
.
.
.
.
.
foxy! yeah. firefox, with 10 critical vulns that "allows hackers to gain control of your computer and steal passwords".
see the whole thing here - http://www.bit9.com/files/Vulnerable_Apps_DEC_08.pdf

Not sure but I heard there's a critical IE bug still roaming around too lazy to look into it

I use two of the applications listed. So is there any replacements for MSN Messenger and Adobe Flash?

as discussed with rhican in net-force, this document should not be taken seriously. can you believe that safari is listed as a popular application on the windows platform? and internet explorer is totally left out?

If MSIE isnt there I wouldnt trust that list but I am looking for a replacement for MSN Messenger if that exists.

Of course the most used applications are those who are targeted by most "security researchers".

To name some other popular apps:
There have been mutliple buffer overflows fixed in Opera lately,
Microsoft Word has similar issues currently,
libpng is/was also vulnerable to some issue....,
the list continues...

What i like about firefox (and windows maybe) is the auto-update thingy.

BTW: There are techniques that help applications to defend against security threats and just to name a few things:

- (On OS basis there should be stack randomization)
- as user you should avoid using root/admin account
- use NoScript Plugin for Firefox

PS: Lately some helpful person proposed to abonnement security RSS Feeds. I really can recommend that. I am using Opera to do mail stuff pop3/smtp, and it works not too bad with feeds either.

Merry Christmas to all
Towley

what about pidgin as a replacement for MSN messenger

Thanks for the tip. Ill try Pidgin.