Firefox leads in browser vulnerabilities
Surpassing long-running leader Internet Explorer, the browser with the most security vulnerabilities is now Mozilla Firefox according to application security company Cenzic.
In its latest report, Firefox accounts for 44 percent of all browser vulnerabilities. Safari ranks number two at 35 percent with Internet Explorer trailing at just 15 percent of vulnerabilities.
Last year Internet Explorer led the pack with 44 percent and Firefox was second with 39 percent of reported vulnerabilities. Cenzic’s report combines vulnerability reports from a number of data sources and attempts to weigh all the inputs.
So why the jump in Firefox vulnerabilities over the last year? It could simply be due to Firefox’s increased popularity as a browser.
Because Firefox has become so popular, it has become a more interesting target to writers of malicious software. In addition, the popularity of the Firefox project means that more people are involved in writing the software, especially in terms of plugins.
One of the key areas of vulnerability for Firefox is its plugins. While plugins are a popular way provide additional features for Firefox, they can also introduce users to new software vulnerabilities.
Cenzic CTO Lars Ewe says, “The plug-in architecture that they have is a selling fact for the browser and one of the reasons why I love using it. They can’t control security aspects of all the plug-ins and the vulnerabilities are a side effect of that.”
Mozilla has been working on improving plugin security in its latest releases and released a plugin checker to make sure that users are running the latest version of their plugins. However Mozilla’s new-found vulnerability may be the outcome of software bloat.
With the popularity and improvement of features in Firefox come inherent increased risk of security issues. The question is whether Mozilla can get these issues in check before it starts rapidly losing market share to Google Chrome.
Related Posts:
November 9th, 2009
The important bit is how fast do they address and fix those vulnerability? Microsoft takes forever to fix anything in IE, where are Firefox addresses vulnerability very fast, as such, a fully patched Firefox is waaay better than a fully patched IE. enough said….
November 9th, 2009
You are wrong geo.
Firefox does not update very often. MS has procedures to follow and is accountable. Open source is not.
November 9th, 2009
correct ncaissie, if u look at data, firefox is in fact slower than IE to correct vulnerabilities. I am surprised the article does not mention google chrome which only accounts for 1.2% of vulnerabilities, is updated fast and is (with its recent update) faster than firefox. I however use Opera
November 9th, 2009
spot on dorian, i use google chromium
November 9th, 2009
I suppose this is the greatest strength and weakness in any popular Opensource product.
However, comparing Opensource and proprietary browsers on the basis of “vulnerability” is unfair to both.
November 10th, 2009
Secunia PSI shows; Description:
Stefan Esser has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerability exists because pages that don’t specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected. While Mozilla Firefox 3.5.5 shows up as fully patched and SECURE.