Its hard time for guys at Mozilla firefox. The browser has earned the title of being the most vulnerable application on windows platform.

Application white listing and application control vendor Bit9, titled firefox on top on its list of top 12 as many of the flaws exposed millions of Windows users to remote code execution attacks.

Here is the list

• Mozilla Firefox, versions 2.x and 3.x
• Adobe Acrobat, versions 8.1.2 and 8.1.1
• Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
• Apple iTunes, versions 3.2 and 3.1.2
• Skype, version 3.5.0.248

It’s scary that the list also includes products from antivirus vendors like Symantec, trend micro as well.

The list was made based on the following characteristics

• Runs on Microsoft Windows.
• Is well-known in the consumer space and frequently downloaded by individuals.
• Is not classified as malicious by enterprise IT organizations or security vendors.
• Contains at least one critical vulnerability that was: first reported in January 2008 or after, registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database athttp://nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
• Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.

Get the full report from Bit9 at http://www.bit9.com/landing/2008vulnerableapps.php

The year 2008 is not so lucky for the firefox folks, first was from Google, who developed its own browser and in the verge of cancellation of their billion dollar agreement with Mozilla. Then an expected new browser from Microsoft which is gaining attention and now it’s titled as the most vulnerable application. Try hard folks you are still number two.