X hits on this document

PDF document

Symantec enterpriSe Security - page 91 / 97





91 / 97

Symantec Global internet Security threat report

Web browser plug-in vulnerabilities

Browser plug-ins are technologies that extend the functionality of the Web browser. they may be developed by the vendor or by a third party. Some plug-ins provide support for additional application programming languages or environments, such as Java SE or Adobe Flash player. Others are applications in their own right that run in the browser. Examples of these include ActiveX objects for internet Explorer, and Mozilla extensions and add-ons.

this metric enumerates publicly documented vulnerabilities that affect browser plug-ins. these vulnerabilities are further classified, when applicable, into general groups of browser plug-in technologies. Symantec makes an effort to identify all vulnerabilities affecting the various classes of browser plug-in.

Vulnerabilities that affect the browser itself are not included in the data for this metric when it is possible to make this distinction. in cases where a Web browser ships with a particular plug-in, vulnerabilities affecting that plug-in will be counted. Although in this case, the plug-in may be included in the default browser installation, it is still considered a separate technology and not a native feature of the browser. native features are considered to be features intrinsic to the primary function of the browser such as support for Http/HttpS, HtML rendering, JavaScript, and other standards that are commonly implemented in most Web browsers. technologies such as Java SE and Flash may be common to many Web browsers but they are intended to extend their functionality to support additional types of content and are typically optional components.

the definition of browser plug-ins for this report is limited to technologies that are hosted on the same computer as the browser, and whose installation and configuration is managed through the browser or operating system. this distinguishes them from content that is intended to run inside the browser but is typically external to the browser such as Java SE applets or Flash movies. this content is rendered or executed by a browser plug-in but is not considered to be a plug-in in its own right.

Zero-day vulnerabilities

For the purpose of this metric, a zero-day vulnerability is one for which there is sufficient public evidence to indicate that the vulnerability has been exploited in the wild prior to being publicly known. it may not have been known to the vendor prior to exploitation, and the vendor had not released a patch at the time of the exploit activity. this metric is derived from public sources and the Symantec vulnerability database. this metric is meant to calculate the number of high-profile, publicly documented zero-day vulnerability instances during the relevant reporting periods.


Document info
Document views334
Page views334
Page last viewedTue Jan 17 20:01:09 UTC 2017