Davey Winder
Tuesday, 10 November 2009 17:37
Business IT -
Security
Please don't shoot the messenger, but all is not well in Firefox land.
According to one new report, Firefox is responsible for some 44% of all
the browser vulnerabilities that were reported during the first six
months of 2009. The
Cenzic report pegs Firefox as far more problematical than Internet Explorer.
Not just a tad more, but if you are using the
number of reported browser vulnerabilities as a metric we are talking
country mile territory here. Internet Explorer accounted for just 15%
of the vulnerabilities putting it in third place behind Safari in
second on 35%.
Of the 'big four' browsers, Opera performed best with just 6% of the
flaws coming from the direction of what used to be the only alternative
browser in town.
It would seem that the Cenzic report was put together using a number of
sources including the Common Vulnerabilities and Exposures database in
order to tally the flaws over the half year. What the report does not
do, however, is make any distinction between the bugs found.
So zero-day problems, which because of the nature of them not being
patched while being exploited in the wild makes them hugely dangerous,
were treated as just as another flaw along with relatively minor bugs.
Certainly the report is worrying for end users who have switched from
Internet Explorer not only for the flexibility that Firefox offers but
also because of the perceived higher level of security on offer.
What the headline figures from this report do not make clear are the
differences between browsers in terms of response to bugs and being up
front about flaws. Firefox has a reputation, courtesy of the open
source development process, of dealing with flaws very quickly indeed.
The same cannot be said of Internet Explorer, with users often hanging
around for months waiting for a Microsoft patch to cover up one hole or
another. Indeed, it has been argued that the Microsoft Patch Update
process can effectively be used to hide some flaws, whereas open-source
development throws everything into the public realm.
One thing is for sure, the figures reveal that
as Firefox gets ever more popular so security will have to become an ever more important part of the development process. If not, then stories
comparing Firefox and Internet Explorer security will become increasingly interesting to read.