However, Ormandy noted that Symantec was using old versions of open source code, some containing "dozens" of public vulnerabilities, some of which were known to have been exploited by hackers.
"Symantec dropped the ball here," he wrote, noting that some of the code hadn't been updated by Symantec "in at least seven years." The company says it has added "additional checks to our Secure Development Life Cycle to mitigate similar issues in future." Symantec products are some of the most popular antivirus packages on the market, including Norton Security, Norton 360 and Symantec Endpoint Protection.
Symantec says that in 2015, it was the world's largest endpoint security vendor, protecting 175 million devices on corporate networks.
San Francisco-based OPSWAT, which makes security and IT management software, estimates that Symantec has 7.1 per cent of the antivirus market, after Avast, Microsoft, AVG and Avira.
Symantec said in its security advisory that patches should have downloaded automatically to every private user through the company's Live Update system.
For enterprise customers, some updates have to be installed manually.
Norton works with Firefox to detect viruses in pages you load and files you download, just like Norton anti-virus products work in any other browser.
You can check this advisory to confirm that you have the most recent updates. Tavis Ormandy, a researcher in Google's Project Zero cybersecurity analysis group, revealed the "details of multiple critical vulnerabilities" in a blog post Tuesday.
He explained that the bugs are in Symantec's "core engine," which underlies all of its products—including brands like Norton Security, Norton 360, and Symantec Endpoint Protection.
Two years ago, when Symantec first presented us with their idea to create a complete security and performance solution, the company said it wanted to start from scratch, to build the thing right; we're happy to say that Symantec Norton 360 delivers on that early promise.
That's not to say Norton 360 is perfect, nor is it designed for everyone.