washingtonpost.com > Technology > Security Fix

Web Browser Vulnerabilities Calendar

KEY:   Browser vulnerability
publicly disclosed
  Browser vulnerability
actively exploited
  Browser patch issued for vulnerabilities
not previously disclosed

January 2006        
December 2005 12/28: Trojan Spotted Exploiting unpatched IE/WMF Flaw
12/13: Microsoft Patches Two Critical IE Flaws: MS05-054 (CVE-2005-2831) MS05-054 (CVE-2005-1970) (fixes Tobias exploit code from May) 12/13: Microsoft Patches Two Critical IE Flaws: MS05-054 (CVE-2005-2831) MS05-054 (CVE-2005-1970) (fixes Tobias exploit code from May)
12/1: Trojan Downloader spotted using unpatched IE flaw (CVE-1970)  
November 2005 11/21: MS Advisory: Exploit released for unpatched IE Flaw (later fixed in MS05-054/1970)
October 2005 10/11: Microsoft Patches Critical IE Bug: MS05-052 (CVE-2005-2127)
September 2005   9/21: Firefox 1.0.7 issued: Fixes three critical vulnerabilities: Bug #300936, Bug #296134, Bug #307259
9/8: Researcher details critical Firefox flaw
August 2005 8/30: Critical IE Flaw Detailed (Still unpatched in 2006)  
8/18: Fr-Sirt Releases Exploit for unpatched IE flaw (fixed in MS05-052)  
  8/9: MS Patches Two Critical IE Flaws: MS05-038 (CVE-2005-1988) (Zalewski), and MS05-038 (CVE-2005-1990)
July 2005 7/15: Michal Zalewski releases proof of concept exploit for IE bug
7/12: Microsoft Patches Critical IE Flaw: MS05-037 (CVE-2005-2087) - Includes 7/5 Fix   7/12: Mozilla Fixes Three Critical Firefox Flaws: Bug #295011, CAN-2005-1476, Bug #295854
7/5: Microsoft Interim IE Patch Fixes Browser 0day  
June 2005 6/30: Microsoft Warns of Unpatched IE flaw exploitation
  6/14: Microsoft Patches Critical IE Bug MS05-026 (CVE-2005-1208)
May 2005 5/28: Ben Tobias publishes IE Exploit (MS patches in Dec. 05)  
  5/11: Firefox 1.0.4 Update Plugs Seven Critical Flaws (including two leaked): Bug #290908, CAN-2005-1531, Bug #293671, Bug #291150, Bug #292691, Bug #292499, Bug #291745
5/7: Two Firefox Flaws Reported Publicly; Proof of Concept leaked for Bug #292691 (CAN-2005-1476)
April 2005 4/15: Firefox 1.0.3 Update Fixes Three Critical Flaws: Bug #289074, Bug #290079, Bug #290036
4/12: Microsoft Patches Two Critical IE Flaws: MS05-020 (CVE-2005-0553) and MS05-020 (CVE-2005-0554)  
March 2005   3/22: Firefox 1.0.2 Fixes Critical Flaw, CAN-2005-0399
February 2005 2/24: Firefox 1.0.1 Fixes Critical Flaw, Bug #271732
2/8: Microsoft Fixes Two Critical IE Bugs: MS05-014 (CVE-2005-0054) and MS05-013 (CVE-2005-1319) (Fixes Exploit code released in Dec.)  
January 2005   1/11: Microsoft Patches Critical IE Vulnerability: MS05-001 (CVE-2005-1043) (Fixes Exploit code released in Dec.)
December 2004 and earlier  

Compiled by Brian Krebs, washingtonpost.com - February 7, 2006

© 2006 The Washington Post Company