Firefox Faces Security Vulnerabilities

By Matt Hines  |  Posted 2005-11-18 Print this article Print

Despite the browsers success, at least one expert said that adoption of Firefox may actually be slowing down based on the recent rash of security vulnerabilities discovered in the product. A majority of consumers also appear indifferent regarding which specific applications they use to view Web sites, said Nate Root, analyst with Cambridge, Mass.-based Forrester Research.

Root said that businesses in particular have become increasingly disinterested in Firefox, as the browser has been proven to have many of the same types of security issues as Explorer.
While the open-source community has long argued that applications produced by its developers are safer than proprietary programs such as Explorer—based on their readily available source code and the legions of programmers willing to lend a hand to fix problems—several serious vulnerabilities have been identified in Firefox over the past few months.

Click here to read about shutting down after a security breach. Its worth noting that the security issues attached to Firefox have been related to holes found in the software, and not to actual attacks crafted to take advantage of those weaknesses.

"Firefox had a great opportunity upfront to go after the corporate crowd and people made a lot of noise about it having better security than Explorer and faster deployment speeds," said Root. "But its since been proven to have many of the same holes as IE, and some of the adaptations of the browser created by the developer community may have actually made it seem less appealing; so some of that credibility has been lost."

Root said that "cutting-edge Linux heads" would likely be interested with the new beta version, in a nod toward users of the open source operating system, but the analyst believes that most consumers remain fairly apathetic about just which browsers they use to surf the Internet. With Windows placement of Explorer as the default Web browser on most new computers, and with IE holding a tight grip on the business market, he said the chances for Firefox to steal more market share from Explorer may be slim.

In addition to consumer indifference, Root said that Microsoft is also working hard to reinvigorate its own browser efforts and defend against the threat of losing users to Firefox.

"Firefox 1.5 should be a great product, but Microsoft isnt resting on its laurels anymore. Theyre trying to deliver on many of the same benefits of Firefox in the upcoming Vista version of Explorer, so that will make it even harder to convince people to switch," said Root.

"Firefox is likely to remain something most of interest to the open source or extremely tech-savvy users out there. Most consumers dont really see big reason to change."

Mozillas Kim said that the group understands the shortcomings of Firefox and that it is working to make the browser more appealing to business users and other consumers. To raise the softwares profile publicly, Mozilla is planning to launch an advertising campaign over the coming months.

"We recognize that a lot of Firefoxs success has been with power users, or gained via word-of-mouth marketing from those people, but were looking at a lot of ways to identify new distribution channels," said Kim. "Theres still a certain class of users out there who are not comfortable with downloading applications from the Web, so, were looking at ways to put it on more desktops."

In regards to security, the executive said that Firefox will get safer over time as the application matures and even larger numbers of open-source developers volunteer to lend a hand in scouring the software for potential issues.

"We dont believe that its possible to make any browser 100 percent secure, theres a lot of motivation for people to launch attacks, and we have to be more responsive to handling security issues," said Kim. "But we think that better security is still a differentiator for us, and that we can indeed respond faster today than in the past."

In other Firefox-related matters, on Wednesday, Microsoft made available for download a plug-in that will allow Firefox and other Mozilla-based browser users to validate their Microsoft software via the Windows Genuine process.

WGA (Windows Genuine Advantage) is a Microsoft anti-piracy program that requires Windows users to validate the authenticity of their Windows operating system before being able to download key technologies from the companys various download sites. The program became mandatory in July 2005 after a voluntary pilot test.

Microsoft made public its rationale for providing the Firefox plug-in on the IE (Internet Explorer) blog. "Basically, customers said We want to make sure our PCs are running genuine Windows and have access to all the content on the Microsoft Download Center; the experience when were running a Mozilla browser is not great. Do something about it," blogged Dean Hachamovitch, Microsofts general manager of Vista browsing and RSS technologies. "I think thats a good thing for customers. Microsoft wants to provide a good user experience to all Windows customers who are validating their systems."

David Lazar, director of Genuine Windows, cautioned against reading too much into Microsofts decision to provide the Firefox plug-in. He said that Microsoft was not acknowledging that Firefox was gaining on Internet Explorer, in terms of market share.

"Dont look at this as a long term strategic shift or a commitment to another technology. We simply wanted to respond to customer requirements," said Lazar. "We wanted to make the Firefox path (for Windows Genuine validation) to be as good as the IE path. We wanted to remove the barriers for users."

Microsoft officials declined to comment on whether the company was considering developing similar Firefox plug-ins for the companys Windows Update and Office Update services. A number of Firefox users have expressed interest in the availability of such plug-ins via postings on Web sites such as and Neowin.Net.

Mary Jo Foley contributed to this report. Check out eWEEK.coms for the latest open-source news, reviews and analysis.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel