Firefox, Aheads up !

I realize ther are a number of Firefox users here and I just read this on
another site [not an NG].


In a report that will surely start internet fires all over the world
Secunia is reporting that Firefox is the most vulnerable web browser that is
widely adopted on the market today.

"This year, Secunia published advisories for the four most widely used web
browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31
vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7),
including those publicly disclosed prior to vendor patch as well as those
included in Microsoft Security Bulletins. Safari and Opera each had 32 and
30 vulnerabilities, whereas 115 vulnerabilities were registered for Firefox
in 2008."

CODE
http://secunia.com/gfx/Secunia2008Report.pdf

The vulnerabilities measures areas of a browser that requires a patch to fix
a hole that could be exploited by a malicious user to take sensitive data
from the end user.

It's an interesting contrast to the idea that people assumed that Firefox
was the most web secure browser. According to this review Opera appears to
be the safest but Microsoft and Apple's web browsers are not far behind.

Does this mean that you should switch your browser out of fear? Not so, the
study does leave out the human element that the best defense is an educated
user. If you are aware of what you are doing online and don't download bonzi
buddy you are one step closer to a safer web experience.

Update: Mozilla have responded to the report and you can read their response
here.

CODE
http://blog.mozilla.com/security/2009/03/06/beware-the-security-metric/

Interestingly it appears Mozilla discloses all security issues whereas other
vendors tend to keep them secret which would explain the big number
differences.

Source news here @ Neowin:

CODE
http://www.neowin.net/news/main/09/04/15/firefox-rated-most-vulnerable-web-browser

cheers....Jeff


.

Relevant Pages

  • [Full-disclosure] MDKSA-2005:120 - Updated mozilla-firefox packages fix multiple vulnerabilities
    ... A number of vulnerabilities were reported and fixed in Firefox 1.0.5 ... In several places the browser UI did not correctly distinguish between ... If an attacker can convince a victim to use the "Set As Wallpaper" ...
    (Full-Disclosure)
  • MDKSA-2005:120 - Updated mozilla-firefox packages fix multiple vulnerabilities
    ... A number of vulnerabilities were reported and fixed in Firefox 1.0.5 ... In several places the browser UI did not correctly distinguish between ... If an attacker can convince a victim to use the "Set As Wallpaper" ...
    (Bugtraq)
  • Re: Firefox 3.6.2 and Flickr not happy?
    ... Same prefs have been there since I started using Firefox 1.5 or ... and that is why there should be a bug report. ... I doubt it has exactly the same settings, unless they are all built from ... settings didn't reflect what was actually the state of your browser. ...
    (uk.comp.sys.mac)
  • Re: OT - Warning for IE users
    ... Firefox is actually not much better, with more security exploits than Internet Explorer last year. ... "Of the browser vulnerabilities, the big surprise was that Firefox at 44 percent had significantly more vulnerabilities than the other browsers. ...
    (rec.autos.sport.f1)
  • Re: New IE flaw and exploit sites/migration to non-MS browser
    ... sites which seek to exploit vulnerabilities in IE 6 etc? ... vulnerability analysis of BOTH Firefox and IE, ... IE is the most commonly targeted web browser - but computer criminals ...
    (Focus-Microsoft)