Firefox tops list for reported vulnerabilities in 2009

One of the primary reasons many people initially switched from Internet Explorer to Firefox in the early days was security. Internet Explorer has often been ridiculed as one of the least secure browser platforms around, and several years back that was most likely true. ActiveX was considered by many to be a dangerous technology, and Firefox enjoyed a substantial user growth in part due to that.

A recent study by a security vendor offers another, more updated perspective on browser security. Research conducted by Cenzic earned Firefox the number one spot in 2009 for total security vulnerabilities reported, taking a 44% stake all around. That was put in comparison to Apple's Safari, which had 35%, and Internet Explorer, which weighed in at a meager 15%.

At first glance, you might question the numbers. Is Cenzic a reputable source? How were those figures derived, and how do they compare to previous years? All are fair questions. One of the reasons cited was Firefox's ability to foster plugins. Arguably one of the best features Firefox has to offer, plugins also pose an interesting challenge to security. Most plugins are crafted by third parties, and the approval process for them doesn't generally worry about security concerns.

The safeguards in place can't protect people from writing insecure code in the first place, so a lot of it may be out of Mozilla's hands. Mozilla is well aware of this problem, of course, and has been working for quite a while on improving the state of security in third party plugins.

Cenzic also noted that just because Firefox had more reported vulnerabilities, it wasn't necessarily less secure. Mozilla has fixed or disclosed many of the bugs discovered by the group. Further, there's no breakdown of how many of those reported flaws could result in system compromise, or how many were just annoyances.

Given the very public nature of Firefox development, I wouldn't call this news as a setback to Firefox at all – or even bad news. I take it as an encouraging sign that Mozilla is very actively developing Firefox, and tackling security issues nonstop.