News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Preston Gralla's picture
Preston Gralla

Seeing Through Windows

More posts | Read bio

April 15, 2009 - 1:38 P.M.

Report: Firefox is the world's most vulnerable browser

25 comments

Firefox fans take note: A just-released report from the security company Secunia found that Firefox is far more vulnerable than Opera, Safari, and Internet Explorer --- and by a wide margin. In 2008, it had nearly four times as many vulnerabilities as each of those browsers.

The report, available here in PDF form, found that Firefox had 115 vulnerabilities reported in 2008, compared to 30 for Opera, 31 for Internet Explorer, and 32 for Safari.

That doesn't mean, though, that Internet Explorer is off the hook for security concerns. Far from it. ActiveX remains the browser plug-in or add-on with the most number of vulnerabilites. It had a whopping 366 vulnerabilities, compared to 54 for Java, 30 for QuickTime, 19 for Flash, and one for a Firefox extension. No Opera widgets had any vulnerabilities.

Internet Explorer also has a much longer lag time between when a vulnerability is found, and when a patch is issued for it, again by a wide margin. The lag for Internet Explorer was between 78 days and more than 294 days (some vulnerabilities weren't patched by year's end). For Firefox, the lag ranged between 15 and 86 days. Secunia didn't compare how long Safari and Opera took to patch.

What People Are Saying

Add new comment

Is this journalism?

Submitted by Anonymous on December 28, 2009 - 3:09 A.M.

Are you a journalist? You must think you are...

You did state the fact of this report existing. Why don't you now comment on how true it is?

Google or Yahoo it and see what the problems with it are. Your article is misleading in its insinuation (that Firefox is less secure than IE) and I think you need to rectify this.

Otherwise, dear sir, you are not a journalist. Your move.

Reply | Report this comment

Funny...

Submitted by Anonymous on November 15, 2009 - 10:49 P.M.

...how everyone freaks out about a useless report. It came out in 2008, and is testing using Firefox 2.0, unpatched. FF is on 3.5.5 now and I bet you each of those old vulnerabilities are squared away.

Reply | Report this comment

LOL @ Firefox

Submitted by Anonymous on September 25, 2009 - 6:04 P.M.

Firefox = Internet Explorer Shell

Reply | Report this comment

Browser Security Report

Submitted by Deek on April 19, 2009 - 9:15 P.M.

Read the report B4 you start with all the trash talking folks. It wasn't written by CW. Don't be so hasty to kill the messenger. If you don't want to believe the report then don't. In fact, maybe you should get jobs with Secunia since you obviously know so much more about browser seciruty than the experts. Then maybe you could fix the problem, yeah that's the ticket.

Reply | Report this comment

Preston you're worthless

Submitted by Ippo on April 18, 2009 - 10:56 A.M.

Man, you are sush a noob go find some other job more fit for you instead of posting your misleading crap.

People aren't so stupid you know. You are a disgrace.

Reply | Report this comment

Any software can leave you exposed, but

Submitted by Anonymous on April 17, 2009 - 1:35 P.M.

Any software can leave you exposed, but how long you are exposed, does matter.

The last paragraph in the article confirms that the headlines is either a distortion or a flat out lie!

Reply | Report this comment

Fewer than I thought

Submitted by KT on April 17, 2009 - 10:26 A.M.

The vulnerability list is just a count of how many times someone reports an issue with a browser - sort of like a barometer of how loud the community is when it finds a problem. The actual number of true issues found is shown by examining the number of advisories issued. After all the vulnerabilities are examined, the false ones are removed, and this is what is left.

For 2008:
Firefox 1.x : 0
Firefox 2.0.x : 10
Firefox 3.x : 8

I.E. 5.0.1 : 9
I.E. 5.5 : 0
I.E. 6.x : 13
I.E. 7.x : 11

Totals:
Firefox: 18
IE: 33

Reply | Report this comment

I guess anyone can say they

Submitted by Anonymous on April 16, 2009 - 7:49 P.M.

I guess anyone can say they are a security company and submit a report and people believe what they read?

Reply | Report this comment

115 > 366 ?

Submitted by Robert M on April 16, 2009 - 7:08 P.M.

This must be New Math.... otherwise how is 115 a bigger number than 366? You're starting to sound like Owe Bama.

-rm

Reply | Report this comment

You must mean "Bush"-enomics

Submitted by Anonymous on April 17, 2009 - 10:43 A.M.

You must mean "Bush"-enomics

Reply | Report this comment

Related Posts

Five ways Microsoft can halt Internet Explorer's slow death
Researchers: Macs are less secure than Windows PCs
Mozilla Firefox 3.6: download now! Performance, personas and addons...
Make the right browser update: Firefox 3.6

Editor's Picks

Attacks likely against Windows, PowerPoint, researchers say

Google Buzz takes the fight to Facebook, Twitter

Micron acquires flash memory maker Numonyx

Judge dismisses Windows anti-piracy software lawsuit

New Russian botnet tries to kill rival

Microsoft e-health research taps Xbox, mobile phones

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.