Symantec Global internet Security threat report
Web browser plug-in vulnerabilities
Browser plug-ins are technologies that extend the functionality of the Web browser. they may be developed by the vendor or by a third party. Some plug-ins provide support for additional application programming languages or environments, such as Java SE or Adobe Flash player. Others are applications in their own right that run in the browser. Examples of these include ActiveX objects for internet Explorer, and Mozilla extensions and add-ons.
this metric enumerates publicly documented vulnerabilities that affect browser plug-ins. these vulnerabilities are further classified, when applicable, into general groups of browser plug-in technologies. Symantec makes an effort to identify all vulnerabilities affecting the various classes of browser plug-in.
the definition of browser plug-ins for this report is limited to technologies that are hosted on the same computer as the browser, and whose installation and configuration is managed through the browser or operating system. this distinguishes them from content that is intended to run inside the browser but is typically external to the browser such as Java SE applets or Flash movies. this content is rendered or executed by a browser plug-in but is not considered to be a plug-in in its own right.
For the purpose of this metric, a zero-day vulnerability is one for which there is sufficient public evidence to indicate that the vulnerability has been exploited in the wild prior to being publicly known. it may not have been known to the vendor prior to exploitation, and the vendor had not released a patch at the time of the exploit activity. this metric is derived from public sources and the Symantec vulnerability database. this metric is meant to calculate the number of high-profile, publicly documented zero-day vulnerability instances during the relevant reporting periods.