The Mozilla Foundation's Open Source browser Firefox has been named and shamed as the most vulnerable software to run on Windows.

Security company Bit9 listed its "dirty dozen" software titles which had the most critical vulnerabilities during 2008. To make the list, a critical flaw had to expose Windows users to remote code execution attacks.

According to the list, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflows, malformed links, documents, Javascript and third party tools.

The next worst was Adobe Flash and Adobe Acrobat. These had 14 flaws patched this year that exposed desktops of arbitrary remote code execution via buffer overflow, "input validation issues" and malformed parameters.

Self-proclaimed "super secure" Apple software Quicktime, Safari and Itunes was named at number five indicating that its marketing is pure spin and would you like some cheap Viagra?

Rather amusingly, allegedly-insecure Microsoft wouldn't have featured at all had the list been restricted to nine entries, while holier-than-thou outfits such as Sun, Adobe, Apple and Symantec come out rather badly.

Here is the list of shame:

1. Mozilla Firefox
2. Adobe Flash and Adobe Acrobat
3. EMC VMware Player,Workstation and other products
4. Sun Java JDK and JRE, Sun Java Runtime Environment (JRE)
5. Apple QuickTime, Safari and iTunes  
6. Symantec Norton products (all flavours 2006 to 2008)
7. Trend Micro OfficeScan 
8. Citrix Products
9. Aurigma Image Uploader, Lycos FileUploader
10. Skype
11. Yahoo Assistant.
12. Microsoft Windows Live (MSN) Messenger X