Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
Windows 7 overtakes Vista among enthusiasts, plus other interesting trends
IBM launches next generation Power 7 CPU, servers
AMD's six-core Thuban to have feature like Turbo Boost?
Google to launch Twitter-like service for Gmail
Intel unveils Itanium 9300 series enterprise processors
TS Community
| User Gallery | Recent Discussion |
 It's taken me 9 months to build this machine by BMfan |  iPhone 3G S sample #2 by Rick |
 Call of Duty: world at war by detoam |  GTA 4 Glitch by Adhmuz |
TechSpot RSSThe Web
Firefox tops list for reported vulnerabilities in 2009
One of the primary reasons many people initially switched from Internet Explorer to Firefox in the early days was security. Internet Explorer has often been ridiculed as one of the least secure browser platforms around, and several years back that was most likely true. ActiveX was considered by many to be a dangerous technology, and Firefox enjoyed a substantial user growth in part due to that.
A recent study by a security vendor offers another, more updated perspective on browser security. Research conducted by Cenzic earned Firefox the number one spot in 2009 for total security vulnerabilities reported, taking a 44% stake all around. That was put in comparison to Apple's Safari, which had 35%, and Internet Explorer, which weighed in at a meager 15%.
At first glance, you might question the numbers. Is Cenzic a reputable source? How were those figures derived, and how do they compare to previous years? All are fair questions. One of the reasons cited was Firefox's ability to foster plugins. Arguably one of the best features Firefox has to offer, plugins also pose an interesting challenge to security. Most plugins are crafted by third parties, and the approval process for them doesn't generally worry about security concerns.
The safeguards in place can't protect people from writing insecure code in the first place, so a lot of it may be out of Mozilla's hands. Mozilla is well aware of this problem, of course, and has been working for quite a while on improving the state of security in third party plugins.
Cenzic also noted that just because Firefox had more reported vulnerabilities, it wasn't necessarily less secure. Mozilla has fixed or disclosed many of the bugs discovered by the group. Further, there's no breakdown of how many of those reported flaws could result in system compromise, or how many were just annoyances.
Given the very public nature of Firefox development, I wouldn't call this news as a setback to Firefox at all -- or even bad news. I take it as an encouraging sign that Mozilla is very actively developing Firefox, and tackling security issues nonstop.
A recent study by a security vendor offers another, more updated perspective on browser security. Research conducted by Cenzic earned Firefox the number one spot in 2009 for total security vulnerabilities reported, taking a 44% stake all around. That was put in comparison to Apple's Safari, which had 35%, and Internet Explorer, which weighed in at a meager 15%.
At first glance, you might question the numbers. Is Cenzic a reputable source? How were those figures derived, and how do they compare to previous years? All are fair questions. One of the reasons cited was Firefox's ability to foster plugins. Arguably one of the best features Firefox has to offer, plugins also pose an interesting challenge to security. Most plugins are crafted by third parties, and the approval process for them doesn't generally worry about security concerns.
The safeguards in place can't protect people from writing insecure code in the first place, so a lot of it may be out of Mozilla's hands. Mozilla is well aware of this problem, of course, and has been working for quite a while on improving the state of security in third party plugins.
Cenzic also noted that just because Firefox had more reported vulnerabilities, it wasn't necessarily less secure. Mozilla has fixed or disclosed many of the bugs discovered by the group. Further, there's no breakdown of how many of those reported flaws could result in system compromise, or how many were just annoyances.
Given the very public nature of Firefox development, I wouldn't call this news as a setback to Firefox at all -- or even bad news. I take it as an encouraging sign that Mozilla is very actively developing Firefox, and tackling security issues nonstop.
Related Stories
User Comments (15)
Post a comment| Kibaruk on November 9, 2009 6:22 PM | With this sort of news, to try a beta gives me the creeps! |
| Teklord on November 9, 2009 7:03 PM | Whatever people use, that is what the hackers will attack. |
| wolfram on November 9, 2009 7:31 PM | Still, I feel much safer using Firefox than IE 
|
| JieMan on November 9, 2009 8:11 PM | I could care less about security,, I have a Gateway router ,
and a firewall , and nod32 If someone really wanted to compromise my PC and try and remotely play some games good for them if they can manage , as long as I'm not playing one myself... I love Firefox for its customization and speed ,, the new Personas are the best , I tried Chrome but I think its slower, at least on the sites I use and I cant stand the tabs on top,, IE 8 is fast and works with most every webpage but I cant stand how it looks ,, |
| Guest on November 9, 2009 9:07 PM | I really don't see this issue as being noteworthy. So what
if Mozilla is more public about vulnerabilities? Exploits
come up, and they fix them. Better that than the way
Microsoft used to just ignore things for years. This is not
unlike every time Microsoft posts a bunch of fixes on Patch
Tuesdays and then the online squawking starts about whatever
'record breaking' number of patches are being pushed down
the pipes -- the past year or two Microsoft for the first
time in it's pathetic, self-absorbed history has started to
take online security issues seriously. I think it's a good
thing to see an abomination like Windows made safer for the
general public to use. Operating systems and application development is a very, very complicated matter. And the Internet is getting more advanced and more dangerous all the time. I think frequent patches and fixes are a good sign, not something to get all paranoid about. |
| JieMan on November 9, 2009 9:24 PM | Guest user, has a good take on this, by Mozilla acknowledging these threats and acting accordingly they succeed. It seems to me I'd rather be on a browser with 5000 known exploits than be on one that has only 5 known exploits... I wonder how many times M$ has pulled the curtains over our eyes .. or even Google with its new Chrome. |
| tengeta on November 9, 2009 11:10 PM | People just use stupid addon's that are malicious. Its like Windows, if you know what you are doing you get along just fine. |
| maxtor on November 10, 2009 12:52 AM | Pffft... Firefox is one of the most actively developed browsers available. With public betas and a huge user base, of course more vulnerabilities are reported. This just means they're doing a better job discovering vulnerabilities than their competitors. That's why Firefox is such a great browser, because it is actively developed so vulnerabilities are found and fixed quickly. Just because other browser developers haven't reported vulnerabilities, it doesn't mean they aren't there. It means they aren't doing a good enough job looking for vulnerabilities. It's the undiscovered vulnerabilities that cause an epidemic when they're discovered by the wrong person or group of people. |
| zaidpirwani on November 10, 2009 2:23 AM | maxtor said Completely in agreement with Maxtor, though I
would also like to point out that most of these
vulnerabilities are because of the add-ons, and these
add-ons are distinction of firefox, and with such a rapidly
active community of firefox, no vulnerability is left
un-resolved and everything has stayed fine till now and will
stay that way.Just because other browser developers haven't reported vulnerabilities, it doesn't mean they aren't there. It means they aren't doing a good enough job looking for vulnerabilities. It's the undiscovered vulnerabilities that cause an epidemic when they're discovered by the wrong person or group of people. I myself use chrome for its speed and use firefox when I want to use any of its add-ons, and I use the most updated version of firefox, cause that is the most secure and all those who use firefox are always updated to the new version, so no vulnerability is ever exploited by the wrong person, where as in other browsers, this is not the case, the vulnerability is always found by the wrong person...
|
| Puiu on November 10, 2009 6:43 AM | tengeta said: If you have addons
that are know to be safe then FF is much (MUCH!!) more safe
that IE (or other browser that i can think of). I only use a
few addons that trully help me when i surf the internet.
Here's my fav list:People just use stupid addon's that are malicious. Its like Windows, if you know what you are doing you get along just fine. 1)DownloadThemAll! 2)Download StatusBar 3)DownloadHelper 4)ChatZilla 5)Littlef ox 6)Adblock Plus + a few others that i don't use very often (i only install those that i use often the rest when i need them) |
| rgdot on November 10, 2009 10:17 AM | The user can do a lot to protect himself/herself. With every piece of code there are possible exploits, the developers' responsiveness and users' actions mitigate a lot of malicious stuff. |
| polidiotic on November 10, 2009 11:11 AM | I've been an advocate for FF for quite a long time, but
recently there's been a stability issue with FF, causing the
browser to crash, consistently, while using web apps that
use Ajax. On several sites that use Ajax for posting
comments, the bigger the post, the more frequent the crash.
This doesn't occur with IE, so I've had to leave the comfort
of FF for IE, which I haven't used in years... and believe
me, it's taking a while to get used to, again.
;P Can't wait for the new version of FF, b/c this issue has been addressed on several occasions, and I'm quite sure it will be amended with the new release. Until then, however, it's just easier to use a crappier browser. |
| JudaZ on November 10, 2009 4:29 PM | Puiu said: What do you base that
on really. If you have addons that are know to be safe then FF is much (MUCH!!) more safe that IE (or other browser that i can think of). I could be that FF is more secure then IE, but how do you know really? My experience is that FF users are equally as much attacked and infected as IE users...(even a bit more but that might just my experience) and i fix 30 -40 computers a week, mostly stupid lame maleware or "viruses." when its not hardware issues, so its not just me grabbing facts from the air. if you compare FF with IE6 i can agree, but IE6 is really old, and no matter what it did it had its issues and problems. ...but compared to IE8, im not so sure one defenitly can say for sure FF is the safest browser....not without some facts ...in the end its always down to the user how secure a system is....., and also the most common browser or Os will always get most attacks. |
| alcarin2030 on November 11, 2009 5:05 AM | Firefox with No-Script. That is all you need. Peroid |
| Guest on November 11, 2009 9:35 AM | Sounds like a bunch of nothing to me. So they included the vulnerability of FF plugins in an assessment of its security? That doesn't mean anything at all. If you use plugins, you should be aware of their security flaws, just like you should be aware of your browser's security flaws. If plugins are to present a security threat, that is a reflection of the end user making bad decisions, not FireFox being a less secure browser. Security can't envelope the whole of end-user decision making. |
