Firefox flaws account for 44% of all browser bugs
Firefox accounted for almost half of all browser vulnerabilities in the first six months of 2009, a Web security company claimed today.
According to California-based Cenzic, Mozilla's browser had the largest percentage of Web vulnerabilities over the six-month span, while Apple's Safari had the dubious distinction of coming in second. Microsoft's Internet Explorer (IE) was third, while Opera Software's flagship browser took fourth place.
The Cenzic report can be downloaded from the company's site ( download PDF ).
"It's not rocket science," said Lars Ewe, Cenzic's chief technology officer, referring to the browser bug counting. "We used several databases, including the CVE (common vulnerabilities and exposures) database to count the number of known vulnerabilities."
Firefox accounted for 44% of all browser bugs reported in the first half of the year, said Ewe, while Safari vulnerabilities came to 35% of the total. IE, meanwhile, accounted for 15%, while 6% of all the flaws were in Opera.
Cenzic did not separately count the number of "zero-day" bugs -- those unpatched at the time exploit code went into circulation -- said Ewe, who defended his company's tally at the same time he downplayed their significance.
"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."
Ewe admitted that he uses Firefox for his personal browsing, and noted that Mozilla is "usually very fast to react to bugs."
Mozilla has been slammed for the number of flaws it fixes in Firefox before. Last spring, for instance, Jeff Jones, a director in Microsoft's security technology unit, and Mike Shaver, the vice president of engineering at Mozilla, traded barbs about browser security after Danish security vendor Secunia published a report that said Firefox had nearly four times as many flaws as IE during 2008.
As far back as December 2007, the companies sparred over bug counts after Jones claimed IE had been affected by fewer than half as many vulnerabilities in the previous three years as Firefox.
In those instances, Mozilla has defended itself by arguing that it patches vulnerabilities significantly faster than Microsoft, and that its open-source approach means it doesn't hide flaws other vendors may fix in undercover updates.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
