A Threat Model For Internet Browsers Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Web Browsers are one of the most sensitive pieces of software on a computer as they are the medium through which users interact with the Internet. However, these browsers may be vulnerable to attacks. Whether you use Internet Explorer, Firefox, Opera or Safari, all Internet browsers have some issues. From slow load times to massive attacks, there are plenty of issues that can arise with Internet Browsers of all sorts. Nevertheless, by knowing the root of these problems, they can be managed when they occur and can be even prevented in the future. There is an estimated 1.9 billion of Internet users worldwide [1], therefore it is important to know the security threats a computer and user may be vulnerable to while using the Internet browsers.

The project has been undertaken with the aim of making an exploratory analysis of the existing threat models and of the diverse threats that can make internet browsers vulnerable to attacks. Based on the information obtained, a threat model is designed that caters for certain types of the identified attacks.


Organizations and users traditionally used to devote minimum attention to Web browsers, but during the last few years a variety of factors have made browsers a much more important piece of business software for Information Technology to deal with and it is time to change that hands-off strategy. The dependency on browsers has tremendously increased since more and more organizations and users rely heavily on them to access complex and distributed business applications. However, browsers are not free from vulnerabilities and threats to these principal platforms imply a direct risk to the organizations' business continuity and integrity. There are different types of browsers such as Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Maxthon, Flock, Avant Browser, Deepnet Explorer and PhaseOut. Among these, Internet Explorer and Mozilla Firefox eventually signify the forefront of efforts and claims and security, and are likely to go through higher levels of analysis by security researchers than other browser options as nowadays, the Internet is widely used for media, research, communication, shopping and entertainment and everyone is looking for simplicity, security and getting the most out of the web from their browsers as safety is a common concern among web surfers.

Study Background and Area

Internet browsers or web browsers are computer programs that allow us to access web pages. Popular web browsers include Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera. There are many factors that can affect the functionality and security of these browsers, one of which are existing vulnerabilities that when exploited can cause a threat to the browsers. A threat is a series of actions or events leading to a successful compromise of the system and for a threat to occur, vulnerability must be present.

The study on vulnerabilities has been carried out by Miss K.Manikaran in her dissertation titled "Exploratory Analysis of CVE Vulnerability Database on Internet Browsers". Her project examined the vulnerabilities over the past 2 years, categorized them according to severity and vulnerability type, looks at different versions and examines the vulnerability trends and severity of the vulnerabilities based on data obtained from the CVE Vulnerability Database, which is also known as National Vulnerability Database (NVD) and is the product of NIST Computer Security Division, Government of United States of America on Internet Browsers.. The report documents the results of analysis of different Internet browsers', Firefox, Internet Explorer, Chrome, Safari and Opera, their vulnerabilities and severity levels over the past few years.

One of the major conclusions is that over the past 2 years, supported versions of Internet Explorer have experienced less vulnerability and fewer High severity vulnerabilities than the other browsers.

Today, web browsers are installed on almost all computers. Since web browsers are used so frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.

The best practice to be safe from attacks is that computer users should evaluate the risks from the software they use. Most of the times, computers are sold with software already installed by the computer manufacturer or a retail store. The first step in assessing the vulnerability of your computer is to find out which software is installed and how secure that software is. There is an increasing threat from software attacks that take advantage of vulnerable web browsers. New software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious web sites. This problem is made worse by a number of factors, including the following:

Many users tend to click on links without considering the risks of their actions.

Web page addresses can be fake and take you to an unexpected site.

Many web browsers are configured to provide increased functionality at the cost of decreased security.

New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer but the users do not update patches of the software

Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.

Third-party software may not have a mechanism for receiving security updates.

Many web sites require that users enable certain features or install more software, putting the computer at additional risk.

Many users do not know how to configure their web browsers securely.

Many users are unwilling to enable or disable functionality as required to secure their web browser.

As a result, exploiting vulnerabilities in web browsers has become a common way for attackers to compromise computer systems. The first step towards tackling this problem is to design a threat model.

Threat modeling is the process for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to avert, or moderate the effects of, threats to the system. To be able to design a threat model, threat analysis must be done first, which depends on identifying known vulnerabilities and constructing a scenario by which those vulnerabilities can be knitted together into a legitimate threat. The challenge to do threat analysis is identifying the vulnerabilities and constructing multifactor scenarios in which those vulnerabilities conspire meaningfully.

Literature review

Since its foundation, the Internet has grown from original purpose as a military tool to a worldwide phenomenon. According to the latest statistical analysis, it is estimated there are over 1.9 billion Internet users worldwide [1]. Considering this estimate of users, it is obvious that the Internet is a precious resource to many people. The Internet provides various useful resources such as email, instant messaging, academic research, product research, paying bills, shopping, online banking, and the list goes on and on [3]. It is estimated that there are between 15 and 30 billion different web pages today [4]. Among the 1.9 billion users of the Internet, most of them have become dependent on the Internet and thus, the Internet is not just a tool but has become a way of life. Big and small businesses and people all over the world have become heavily dependent on the Internet to perform their vital daily tasks. In the global society, the Internet has become important to such a degree that the world would be difficult to imagine and move ahead without the evolution of the Internet. There are so many well known advantages to using the Internet, however many users neglect to invest some time to research about the risks involved. It is very important to know the risks implicated in any activity we decide to practice in life and the Internet is not to be excluded. The risks associated with the Internet are classified in the form of information security threats or vulnerabilities. The complexity of the task to simply keep a home system up-to-date clearly shows the need for accurate vulnerability intelligence; and for tools to help identifying and patching all these programs [5].

Security vulnerability is something that proposes a possible opportunity of attack in opposition to a system, together with stuffs like viruses, incorrectly configured systems, passwords on paper and sticky pads. In the environment in which it is generally used in the middle of security professionals, security vulnerability is a security experience that results from a product mistake, and which the manufacturer of the product should repair. A security weakness is a fault in a product that makes it infeasible even when the product is used in the proper way to put a stop to an attacker from seizing privileges on the user's system, modifying its operation, conciliating data on it, or presuming unapproved trust. A security threat is any incident or confrontation that jeopardizes security. Loads of products allow the user to identify people or organizations that they trust, and control their proceedings as a result. A flaw that allows an attacker to gain a point of trust the user did not grant accesses are usually composed of security vulnerabilities. For example, the competency to access data opposing to the owner's or the administrator's efforts add up to a security vulnerability which can occupy reading, adding, or modifying data. Suppose an operating system provides file by file access control. A flaw that permits one user to read another user's data, in spite of the permissions on the file, constitutes security vulnerability. On the other hand, if the default permissions on a recently created file provided total read access, this would not represent security vulnerability. In the same way, if the operating system did not accommodate for file by file access control, and this fact was acknowledged, it would not make up security vulnerability. Data on a system consists of information whose compromise creates a danger as a main effect. This can be such that if someone allowed a website to connect in a session with a browser in the disguise of a different one, trusted site would be security vulnerability. On the other hand, spoofing depending entirely on social engineering, for example, providing a fake name on an open medium as a means of convincing someone to run Trojan horse software does not constitute security vulnerability.

Hacking on the computers have been on-going for several years and is still a fashion for hackers. It is a very interesting topic for computer technicians but is actually a very serious threat and should not be taken lightly. A hacker is someone who can access the computer or network for a variety of reasons which may include file storage, information for identity threat, malicious intent or for just fun. While some users were aware of when their systems have been compromised, others were unaware and thus, a strong perimeter needs to be available to protect the systems from being attacked. Basic defense should be consisting of a firewall, strong passwords, such as use of alphabets, numbers and special characters and avoiding names, and having the latest software patches for the operating system applications and antivirus software which are regularly updated. Thus, it is particularly important for users with a broadband Internet connection to retain security due to the nature of being always on the Internet for several purposes and therefore, the computer is always vulnerable to attack while it is powered on unless the network connection disabled or unplugged, that is, the system is not used to connect to the internet.

Some web browsers are set up by default on the operating systems, like Microsoft Internet Explorer is installed on every Microsoft Windows system. Unpatched or older versions of web browsers may contain several vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The most critical issues are the ones that lead to remote code execution without any user interaction when a user visits a malicious web page or reads a malicious email. For instance, exploit code for many of the critical Internet Explorer flaws is publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and the Graphics Rendering Engine. During the past year, hundreds of vulnerabilities in ActiveX controls installed by Microsoft and other software vendors have been discovered. These are also being exploited via Internet Explorer [2].

Mozilla Firefox is the second most popular web browser after Internet Explorer. It also has a fair share of vulnerabilities. In 2007, it has released several updates to address publicly disclosed vulnerabilities. Similarly to Internet Explorer, unpatched or older versions of Firefox contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The web sites exploiting the browser vulnerabilities typically host a several exploits, and even launch the appropriate exploit(s) based on which browser the potential victim is using [2].

With the explosion of rich content in web sites, a parallel increase has been seen in the number of Browser Helper Object and third-party plug-ins used to access various MIME file types such as multimedia and documents. These plug-ins often support client-side web scripting languages such as Macromedia Flash or Shockwave. Many of these plug-ins are installed (semi-)transparently by a website. Users may thus not be aware that an at-risk helper object or plug-in is installed on their system. These additional plug-ins introduce more opportunities for hackers to exploit to compromise computers of users visiting malicious web sites. [2]

While some plug-ins such as Adobe Reader and Quicktime perform version checks and provide an update feature, these are often bothersome and ignored by users. It is often also difficult to detect which version of a plug-in is installed. For example, systems may have different versions of Shockwave installed for reasons of backward compatibility, but the user cannot easily discover which version or versions are running. These flaws have been widely exploited to install spyware, adware and other malware on users' systems. The spoofing flaws have been leveraged to conduct phishing attacks. In some cases, these vulnerabilities were zero-days, that is, no patch was available at the time the vulnerabilities were publicly disclosed. Many reported plug-ins were also widely exploited by malicious web sites before patches were made available by the vendor.

Analysis of Related work

Designers of Internet security protocols share a more or less common threat model. Many discussions have been on-going for a threat model for internet browsers. The original security model for browsing never developed and validated a proper threat model. Instead, the model used was variously assumed, guessed at, and labelled, ex poste, the Internet Threat Model ("ITM"). This has been known as weak for some time, yet only recently has it been recognized as wrong and also one of the root cause of weaknesses in secure browsing. The weakness of a laid-out threat model for browsing has been recognised for some time. Since then, unaddressed threats have grown worse, but there has been relatively little momentum to address these threats [18].

The two sub-sections below are related work that has been done in order to find threats in a system and following which, a threat model has been proposed to address the problem.

The Security Architecture of the Chromium Browser

In this paper, the security architecture of Chromium, the open-source browser upon which Google Chrome is built, is discussed. Chromium has two modules in separate protection domains: a browser kernel, which interacts with the operating system, and a rendering engine, which runs with restricted privileges in a sandbox. This architecture helps mitigate high-severity attacks without sacrificing compatibility with existing web sites. A threat model is defined for browser exploits and an evaluation is made on how the architecture would have mitigated past vulnerabilities. In order to characterize the security properties of Chromium's architecture, the threat model is defined by enumerating the attacker's abilities and goals. The security architecture seeks to prevent an attacker with these abilities from reaching these goals. This threat model can be used to evaluate how effectively Chromium's architecture protects users from attack.




Attacker Abilities

An attacker who knows an unpatched security vulnerability in the user's browser and is able to convince the user's browser to render malicious content.

Chromium's architecture focuses on preventing the attacker from achieving three high-value goals:

-Persistent Malware: the attacker attempts to install persistent malicious software that survives the user closing his or her browser.

-Transient Keylogger: The attacker attempts to mon-

itor the user's keystrokes when the user interacts with another program. To achieve this goal,the attacker's keylogger need not survive the user closing the browser.

-File Theft. The attacker attempts to read sensitive files on the user's hard drive.

There are a number of other attacker goals for which Chromium's architecture does not provide additional protection. Chromium includes features that help defend against these threats, but these features rely on the rendering engine to enforce the same-origin policy.

-Phishing. In a phishing attack, the attacker tricks the user into confusing a dishonest web site with an honest web site.

-Origin Isolation. Chromium's architecture treats the rendering engine as representing the entire web principal, meaning an attacker who compromises the rendering engine can act on behalf of any web site.

-Firewall Circumvention. The same-origin policy is designed to restrict an attacker's network access from within the browser.

-Web Site Vulnerabilities. Chromium's architecture does not protect an honest web site if the site contains cross-site scripting (XSS), cross-site request forgery (CSRF), or header injection vulnerabilities. To be secure against web attackers, these sites must repair their vulnerabilities. Chromium supports HttpOnly

Cookies, which can be used as a partial mitigation for XSS.

If an attacker is able to achieve one or more of these goals, he or she has the ability to cause serious harm to the user. For instance, an attacker who is able to install malware is no longer constrained by the browser's security policy and often said to "own" the user's machine. Chromium's architecture aims to prevent an attacker with the above abilities from achieving these goals.

Facebook: Threats to Privacy

Facebook has become very popular but there are many risks associated with using it. In this thesis a threat model was used to analyze specific privacy risks. University administrators are using Facebook for disciplinary purposes, firms are using it for marketing purposes, and intruders are exploiting security holes. For each threat, the eficacy of the current protection was analzed, and where solutions are inadequate, recommendations were made on how to address the issue.



Precautionary measures taken by Facebook


Security Breach

8,000,000 Facebook records at risk

This is not a risk that can be eliminated; no site is perfectly secure.

Security Disclosures

Facebook should have a policy regarding

disclosures of private information due to security breaches or unethical employees

Commercial Datamining

Profiles used for social networking are likely to be 100% accurate, as they are maintained by their subjects.

Facebook's Terms of Service state that using the site for data-harvesting purposes is forbidden.

This statement offers no protection.

Better URL System

Make the profile number space 10 times the number of people eligible for accounts at the university,and assign user IDs randomly out of that. Then, when invalid UIDs are accessed, those IPs/accounts could be monitored for signs of abuse.

Database Reverse-Engineering

Facebook's "advanced search" allows one to query the database of users using any of the Fields in a profile.

Facebook blocks Advanced Search, except at one's school, which limits the scope of the problem.

The "Exclude my name from searches" preference in the "My Privacy" section actually solves the problem. Because an intuitive leap is needed to see how to use the Advanced Search for data-mining, however, it takes the same intuitive leap for users to see the risk and protect themselves from it.

When users set their profile to be friends-only, all information save their name should be withheld from being searched by "Advanced Search."

Password Interception

Username and password were sent in cleartext (a security vulnerability)

Facebook currently takes no steps to protect user passwords in transit.

Using SSL for login is the industry best practice for protecting passwords on login.

Incomplete Access Controls

There are no restrictions akin to "My Privacy" for photographs. In addition, the usual access controls do not apply to "My Photos"

Facebook limits photograph searches by profile in the same way they limit regular searches; the problem lies in the additional unrestricted method of searching all photos by name.

Restrictions on Pictures Search. This is weaker than any other access controls on the site; by default, users are unable to view others' profiles on other websites, but they can view all pictures. "My Privacy" should extend to the "My Photos" feature as well, and the search by name should be disabled.

University Surveillance

Students in many cases are unaware of the complex interactions between university policy and the information they are making available online. Administrators are using Facebook to learn about their students and their students' activities.

The Facebook currently does not take steps to prevent this type of disclosure.

Because of the complex interaction, and the differing goals that administrators have, colleges should look at their primary interaction with Facebook an educational one. Students can only claim that they have been treated unfairly if they can establish an expectation of privacy. If universities are going to use this information, they should tell their students this up-front.

Disclosure to Advertisers

Facebook has a relationship with several companies currently. Facebook's privacy policy explicitly says that they may disclose profile information to third parties, so the prospect of them doing so is clearly realistic.

Facebook offers an "opt out" link on their Privacy Policy page, which, if clicked, means that one can "submit a request" to Facebook to not share information with third parties. They say that they "will make every effort to implement any choice you make as soon as possible."

Accountability and Accessibility for Third-Party Opt-Out

An opt-out feature that guaranteed that the user's information would not be disclosed in the future would allow users much more control over their privacy.

A user-centered Terms of Service would clearly delineate which information is shared with which partners, depending on whether a user clicked on a third party's ad or joined a third party's group.

A notice period announcing a change in the Terms of Service is another change that would improve the user experience.

Lack of User Control of Information

Other users can upload and associate information to one's Facebook account.The most prominent feature of this type is the "My Photos" feature, which allows users to upload photos and tag them with the names of the people in the pictures.

Facebook allows users to de-associate themselves from unwanted data, but in the case of photographs, the data remains on the server. This is also an "opt-in" function that requires constant monitoring of the system.

Better Restrictions on Third-Party Information Third parties' ability to submit and associate information about users violates one of the key principles of information practices: the idea that users should have the ability to control and correct the information about them in a particular database.

Recommendation to Users: Exercise Caution Users should be aware that there are effectively no access controls on pictures, and that they should only upload the pictures that they would feel comfortable having anybody on the Facebook viewing.

Threats to internet browsers

In order to design a threat model, the threats that exist must be first identified. Below are mentioned some of the most common threats that attack the web browsers. These are major because they are frequent and costly.


Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online [6]. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

The pie chart below shows the business categories targeted by phishers and their respective proportion of fake sites, according to PandaLab's report on September 10, 2010.

[Source: http://news.cnet.com/8301-27080_3-20016026-245.html]

Cybercriminals are setting up fake Web sites branded as eBay, banks, and other financial companies. During a three-month study of its global malware database, Panda Security found on average 57,000 new Web sites created each week with the aim of exploiting a brand name in order to steal information that can be used to drain peoples' bank accounts [7]. About 80 percent of those were phishing sites designed to trick people into entering their login credentials or other information on what they believed to be a legitimate bank or other Web site. The remainder was URLs associated with command-and-control servers used in Western Union-related e-mail phishing attacks that trick people into opening an attachment that downloads a Windows-based data-stealing Trojan.

The study found that 375 high-profile brand names were being used for the fraud, with eBay (23 percent) and Western Union (21 percent) together comprising 44 percent of all the malicious Web sites discovered. Rounding out the top 10 list of exploited brands were: Visa, United Services Automobile Association, HSBC, Amazon, Bank of America, PayPal, Internal Revenue Service, and Bendigo Bank (Australia) [7].

Normally, phishing attacks arrive in an e-mail message that looks like it comes from a popular bank or other institution. It uses some trick, such as the recipient's account is about to be suspended, to persuade the recipient to click a link that is included. The link directs to a fake site where the user is prompted to provide confidential and personal information like login credentials that is then used later to steal money from the account.

It might sound like a lot of work creating all the new fake Web sites, but actually it can be done fairly quickly by copying the source code of the Web site they want to fake and making minor changes. And there are toolkits to help do this. Symantec's spam and phishing report for September (PDF) says phishing messages were up in July primarily due to a 92 percent increase in phishing sites created by automated toolkits [8].

Unlike the Trojan attack, which targets Windows users, most phishing attacks are designed to trap a user into revealing information and it affects all computer users regardless of what operating system they are using.


Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.

The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling [9].

Man In The Middle(MITM) Attack

A man in the middle attack causes the violation of security in which information is stored without approval from a sender and then retransmitted to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction. In the MITM attack the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other [10]. The intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it.

MITM attack is also known as:

Bucket-brigade attack

Fire brigade attack

Monkey-in-the-middle attack

Session hijacking

TCP hijacking

TCP session hijacking

Denial of Service (DOS) Attack

A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include:

attempts to "flood" a network, thereby preventing legitimate network traffic

attempts to disrupt connections between two machines, thereby preventing access to a service

attempts to prevent a particular individual from accessing a service

attempts to disrupt service to a specific system or person

Illegitimate use of resources may also result in denial of service. For example, an intruder may use your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating network traffic [11].

On May 12, 2010, cnet news published that researchers uncovered a botnet that uses compromised Web servers instead of the usual personal computers to launch DOS attacks [12]. Using Web servers provides much greater bandwidth for an attack and thus requires fewer zombies than when personal computers are used and lessens the chance that the compromise will be discovered because Web servers do not typically run antivirus software.

The reasoning behind this statement is supported by the declaration made by Chief Technology Officer at Security Firm Imperva, one of the best security companies. "Instead of using 50 personal computers you can use a single server. To some extent, it's easier to maintain this kind of attack because there are fewer computers (involved) and there's less of a chance for the (attack) code to be detected"[13].



Data Collection and Methodology

A combination of literature review and analysis will be used in this research based project.

Literature review is one of the simplest methods to do a research based project in which the data collected is analyzed. It is a body of text that aims to review the critical points of current knowledge and or methodological approaches on a particular topic.

The ideal way to proceed to know which threats are most serious would be to carry out a market research, but companies cannot be trusted as they tend to hide this information. Before implementing a new threat model, some questions need to be analyzed. Some of these questions are:

What are the various kinds of threats that exist for internet browsers?

What is the total cost of exposure of these threats?

How much are people willing to pay for various security features?

Why users cannot use cryptographic protocols?

What percentage of security protocol features see implementation?

What sorts of implementation errors are most serious?

What programming practices would minimize them?

What is the cost of upgrades?

What is the cost of obtaining information about vulnerabilities?

What sort of incentives would cause users to keep up to date?

How reliable is the threat model that we are going to design?

How are we going to make use of the threat model?

Once all the data has been collected and the threat model has been designed, an attack will be launched to show how the threat model prevents the attack.

The chosen Browser: Mozilla Firefox

Due to the restricted time to complete the dissertation, I preferred to select only one browser and concentrate on its vulnerabilities and threats that it is exposed to, rather than taking a group of browsers, which would have been the most ideal thing to do. In the sub-sections of this chapter, more details on Mozilla Firefox are provided.

Why Mozilla Firefox is chosen?

Mozilla Firefox is a free and open source web browser. As of October 2010, Firefox is the second most widely used browser, with nearly 30% of worldwide usage share of web browsers [14]. The source code can be easily obtained from the internet. Firefox is based on the Mozilla code, and is one of the most standards-compliant browsers available. It runs on various operating systems including Microsoft Windows, GNU/Linux, Mac OS X, FreeBSD, and many other platforms. Its current stable release is version 3.6.12, released on October 27, 2010 [15].

Figure: [http://w3counter.com/globalstats.php]

One of the most important reasons, why Firefox has been chosen is because of a previous study carried out by a student where she found that of all the browsers that were analyzed, Mozilla Firefox with the high severity level is shown to be mostly experienced, followed by Safari of Medium severity level, again Mozilla Firefox of high and medium severity level, followed by Chrome, Opera and Safari and the one least seen is Internet Explorer as it is the one with less vulnerabilities over the months of January 2008 to April 2010.

In the tables below, the following abbreviations have been used:

TL - Total Amount of vulnerabilities of Low severity

TM - Total Amount of vulnerabilities of Medium severity

TH - Total Amount of vulnerabilities of High severity

Figure: Browser vulnerability severity trends

Known vulnerabilities of Mozilla Firefox

Most of the information mentioned in this section is based on the study done by Miss K.Manikaran in her dissertation "Exploratory Analysis of CVE Vulnerability Database on Internet Browsers".

In January 2008, Mozilla Firefox had no vulnerabilities recorded and in January 2009, it had 10 vulnerabilities and in January 2010, it experienced 168 vulnerabilities, implying a constant increase and the trend is the same for the month of April. Concerning Mozilla Firefox, it is noticed that in from 2008 to 2009, almost all of the months has brought an increase in the number of vulnerabilities mostly of high severity, except for November, where there is a fall in the number of vulnerabilities from 2008 to 2009. Regarding the year 2010, the month of April has had a radical increase in the number of vulnerabilities, most of them being of High severity.

Figure: Vulnerability Severity Levels of Mozilla Firefox on a monthly basis

Figure: Mozilla Firefox vulnerability severity trends

The graph and bar chart above shows the severity of the vulnerabilities experienced by the browser Mozilla Firefox from January 2008 to April 2010. As the trend shows, the number of high severity vulnerability has been on a continuous rise while those of low severity are rarely experienced.

Below are the vulnerabilities that were found in most commonly used version of Mozilla Firefox, version 3.6.

Vulnerability Types

Number of Vulnerabilities

Cross Site Scripting


Cross Site ScriptingBypass a restriction or similar


Denial Of Service


Denial Of ServiceExecute Code


Denial Of ServiceExecute CodeMemory corruption


Denial_Of_ServiceExecute CodeOverflowMemory corruption


Execute Code


Execute CodeOverflow


Obtain Information




The threat model will be developed based on the vulnerabilities found in the Firefox browser and the threats that these vulnerabilities pose.

Attacks on Mozilla Firefox

In this sub-section, attacks that have already been launched or can be launched against Firefox as well as the weaknesses of Firefox will be discussed.

Phishing Attack

A new to launch a phishing attack is Tabnabbing. Tabnabbing operates in reverse of most phishing attacks in that it does not ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser [17].

Cross-site Scripting Attacks

These attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.


Current security Architecture of Firefox

The current security and privacy architecture of Firefox offers the features stated below.

Instant Web Site ID

This feature allows a user to check on suspicious websites, avoid web forgeries and make sure a site is what it claims

Private Browsing

The browsing history is protected while using private browsing. This is useful when doing confidential transactions like banking.

Forget This Site

If a website seems to be fishy and you do not want to go there again, you can remove every trace of that site from your browser.


Firefox protects you from viruses, worms, trojan horses and spyware delivered over the Web. If you accidentally access an attack site, it will warn you away from the site and inform you of the security breach

Parental Controls

Parental control settings can be enforced on Windows 7 to stop unwanted downloads and more.

Anti-Virus Software

When you download a file, your computer's antivirus program automatically checks it to protect you against viruses and other malware, which could otherwise attack your computer.

Clear Recent History

All private data or activities carried out can be cleared. You have full control over what to delete to protect your privacy.

Pop-Up Blocker

Firefox allows you to get rid of pop-ups (and pop-under windows) from your surfing experience once and for all. You can choose to view blocked pop-ups or create an "allow" list of sites whose pop-ups you agree to see.

Customized Security Settings

Settings can be customized for passwords, cookies, loading images and installing add-ons.

Automated Update

The open-source security strategy of Firefox lets it find and fix security issues in record time, making Firefox the safest way to surf. Install upgrades when you receive automatic notification or wait until you're ready.


Firefox gets a fresh update of web forgery sites 48 times in a day, so if you visit a fake site that is pretending to be a site you trust, a browser message will stop you.


Firefox looks for a secure connection before installing or updating add-ons, 3rd party software, and Personas.

Outdated Plug-In Detection

Some web pages require that you install small applications called plugins to watch videos, play games or view documents. These plugins are written by other companies, and it can be hard to make sure they're always up to date. Since outdated plugins are a security risk, Firefox will let you know when you have a plugin that is vulnerable to attack and direct you to the right site to get the updated version. 

Password Manager

You may choose to remember site passwords without disturbing pop-ups. There is the "remember password" notification integrated into the view at the top of the site page.