Darren Annal's Blog

History of FireFox security vunerabilities.

I have been somewhat intrigued by the amount of (mainly one-sided) discussion on the web about the FireFox browser and how it is apparently much more secure than Microsoft’s Internet Explorer. Much of this discussion is put forward as fact. According to the release notes for the various FireFox releases, as of today there have been 43 security issues of various severities fixed since the 1.0 version of the product was released last November. For further details, see http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox. Does this number of (now fixed) vunerabilities surprise anybody, particularly given the rhetoric that has been so common both on the Web and in the popular press?  I guess this just highlights that security is a tough problem to solve, and no product is immune from such challenges.

Published Thursday, August 04, 2005 3:11 PM by Darren

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Jesse C. Slicer said:

Ok, and IE 6 (according to Securnia at http://secunia.com/product/11/#advisories) has 63 fixed with 20 considered unpatched with the most severe grabbing a "highly critical" rating.

They also show FireFox as having 3 unpatched vulnerabilities with the most severe rated as "less critical".

Seems to me that the hype is backed by fact. FireFox *is* more secure than IE.
August 5, 2005 12:10 PM
 

Darren said:

Thanks Jesse. Indeed, IE6 has had more patched vunerabilities, over a much longer period of time, and still has some way to go with security. The intent of my comment was that the perception out there that Firefox has had minimal security issues is simply wrong and misplaced and based purely on rhetoric and not fact - 43 security fixes in 9 months is significant for a product which is touted as being significantly more secure than its competition.
August 5, 2005 8:19 PM
 

Bruce said:

So how many vulnerabilities in IE since its version 1.0? Breakdown by severity? How long between a vulnerability is known and a patch is realeased? Firefox seems fairly fast at this from what I have seen. What has been the cost to its customers of IE vulnerabilities versus the cost to Firefox customers? What is the cost to each organization to patch and test each vulnerability? Seems like there are a lot of ways to look at this. Microsoft is like Lucy with the football and their client base is reminiscent of Charley Brown who is always ready to believe that Lucy will do it right this time - with the same result.
August 10, 2005 5:30 PM
 

Anonymous Coward said:

53 now

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
September 2, 2005 6:14 AM
 

Anon. Coward said:

Good one - you preempted the wider exposure of the Firefox myth of security.

Is the Firefox honeymoon over?
http://blogs.zdnet.com/Ou/index.php?p=103
September 21, 2005 9:13 AM
 

mark said:

http://www.symantec.com/region/ru/resources/2005ISTR_VII_ru.html

Firefox is rapidly catching up to IE in the high severity bugs stakes.
October 10, 2005 6:51 AM
 

yves said:

Darren is right about the discussions going on the web.

You can expand that to the windows/linux discussion as well... Mostly struggled with
religious passions.

But since IE has by far the biggest marketshare the vulnerabilities will have a
much bigger potential of beeing obused than those for the other browsers.
And you have to admit that Microsoft just didn't do enough on IE the past few
years ;-)





February 24, 2006 10:04 AM

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required
Submit

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker