News19,135 Articles

November 10, 2009

Firefox accounts for half of all browser bugs

Report says Firefox is more vulnerable than IE

Gregg Keizer

Firefox accounted for almost half of all browser vulnerabilities in the first six months of 2009, according to Cenzic.

The web security company claims Mozilla's browser had the largest percentage of web vulnerabilities over the six-month span, while Apple's Safari had the dubious distinction of coming in second. Microsoft's Internet Explorer (IE) was third, while Opera Software's flagship browser took fourth place.

The Cenzic report can be downloaded from the company's site (download PDF).

"It's not rocket science," said Lars Ewe, Cenzic's chief technology officer, referring to the browser bug counting. "We used several databases, including the CVE (common vulnerabilities and exposures) database to count the number of known vulnerabilities."

Firefox accounted for 44% of all browser bugs reported in the first half of the year, said Ewe, while Safari vulnerabilities came to 35% of the total. IE, meanwhile, accounted for 15%, while 6% of all the flaws were in Opera.

Cenzic did not separately count the number of 'zero-day' bugs - those unpatched at the time exploit code went into circulation - said Ewe, who defended his company's tally at the same time he downplayed their significance.

"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."

Ewe admitted that he uses Firefox for his personal browsing, and noted that Mozilla is "usually very fast to react to bugs".

Mozilla has been slammed for the number of flaws it fixes in Firefox before. Last spring, for instance, Jeff Jones, a director in Microsoft's security technology unit, and Mike Shaver, the vice president of engineering at Mozilla, traded barbs about browser security after Danish security vendor Secunia published a report that said Firefox had nearly four times as many flaws as IE during 2008.

As far back as December 2007, the companies sparred over bug counts after Jones claimed IE had been affected by fewer than half as many vulnerabilities in the previous three years as Firefox.

In those instances, Mozilla has defended itself by arguing that it patches vulnerabilities significantly faster than Microsoft, and that its open-source approach means it doesn't hide flaws other vendors may fix in undercover updates.

For his part, Ewe blamed Firefox's high vulnerability count on the browser's rising popularity. "Firefox clearly has some a momentum," he said. "When you gain momentum, you're exposed more [to security researchers and hackers]."

Ewe said that Safari, which controlled just 4% of the market last month, accounted for 35% of all browser vulnerabilities because of a large number of reported flaws in the version that runs on Apple's iPhone.

But Ewe would rather have users focus on browser security overall than dwell on which application has more flaws, fixed or not. "In general, you can make the argument that all browsers have room for improvement," he said. "They have to choose between usability and security, and user-demanded behavior that makes them choose usability over security. That being said, all are trying to be better."

Compared to two years ago, or even a year ago, browsers are more secure now than ever, Ewe said. "Definitely, everyone's made progress."

Data from web metrics company Net Applications puts IE as the most-used browser, with about 65% of the market, followed by Firefox with 24%, Safari with 4.4%, Google's Chrome with 3.6% and Opera with 2.2%.

Mozilla did not reply to a request for comment about the Cenzic report.

BlackBerry Reviews

See also:

Firefox 3.5 review

Computerworld US

<<newer story | back to index | older story>>

Comments received


Gareth Evans said on Tuesday, 10 November 2009

I wonder just how much coverage this report will get. It isn't doing a hatchet job on MS so I suspect it'l get limited coverage. Also if it was MS that had come top there would be a far more sensational headline running with it.

What is this?

Subscribe to PC Advisor now and claim your FREE gift

Keep up to date by adding PC Advisor News to your iGoogle home page or Google Reader


Question of the day!

Does your smartphone replace your need for a laptop when on the move?

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

% of PC Advisor readers agree with you

Yes
TBC
No
TBC

What tasks can your smartphone do that would have traditionally been done on a laptop?

119 characters remaining

Follow the conversation at @SmartphoneFocus

web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C

Mainly email but getting better at spreadsheets etc, RT @IDGdan
Google


Recent reviews

Reviews index


Latest reader comments

Latest reader comments


Top news

News index


Latest blog entries

Blogs index


 Our RSS feeds

Sponsored Content

  • Take the internet to new places with the Nokia N800
    Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
    Buy now