InformationWeek says the news gets worse: 60 percent of the Web vulnerabilities still do not have a fix available and for 45 percent of them exploit code is available.
Cenzic found an increasing number of vulnerabilities in Safari and Chrome, which it attributes to WebKit, the open-source rendering engine used in both browsers, as well as iPhone and Android flaws.
Cenzic also lists the 10 most severe vulnerabilities identified during the first half of 2010, which include:
- Oracle Java Deployment Toolkit Java Web Start Argument Injection Arbitrary Program Execution
- Tandberg Video Communication Server Admin Web Console secure.php Crafted HTTP
- Cisco Digital Media Player Unspecified Remote Display Content Injection
- Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access
- Linksys WAP54Gv3 firmware