Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Security Report Ignites Firefox vs. Internet Explorer Feud



 By: Brian Prince
2009-03-05
Article Rating:starstarstarstarstar / 64


There are 9 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A report by Secunia finds the vulnerabilities in Mozilla Firefox greatly outnumbered those in Internet Explorer, Apple Safari and other browsers in 2008. However, Mozilla was quicker to react than Microsoft when dealing with vulnerabilities disclosed publicly without prior vendor notification, Secunia says.

Mozilla's Firefox Web browser has been gaining market share against Microsoft Internet Explorer for years now. However, in 2008 it surpassed IE in a far less glorious category: number of bugs.

According to browser vulnerability research by Secunia, (PDF) 115 security vulnerabilities in Firefox were reported in 2008nearly twice as many as IE and Apple Safari combined. However, the news is not all bad, as the same report showed that Mozilla was much quicker to respond than Microsoft when flaws were publicly disclosed either prior to or without vendor notification.

Three Firefox vulnerabilities were publicized last year under those conditions. All three were patched, with the longest patch taking 86 days to arrive, according to Secunia. For IE, however, only three of the six such vulnerabilities were patched as of Dec. 31. One of the IE vulnerabilities remained open for 294 days in 2008, according to the report.

Resource Library:

The report noted that not all vulnerabilities are created equal. The three aforementioned Firefox flaws were rated "less critical," while the Microsoft vulnerabilities were more of a mixed bag. The three unpatched IE flaws were rated either "not critical" or "less critical." Two of the patched bugs were classified as "moderate" and "high," while the third patched bug was considered "less critical."

On March 4, Mozilla released an update plugging eight security holes in Firefox 3.07, of which six were rated critical. The vulnerabilities affect the browser's garbage collection, PNG libraries, layout and JavaScript engines.

The critical vulnerabilities could enable hackers to run arbitrary code. But there is also a vulnerability rated "high" that could allow a Web site to use nsIRDFService and a cross-domain redirect to steal private data from users authenticated to the redirected Web site.

The update came a day after Opera Software issued a security update for its browser, and roughly a week after Apple released a beta version of Safari 4.





  Reader Comments: Security Report Ignites Firefox vs. Internet Explorer Feud
>>> Post your comment now!
All I know is...
All I know is that since switching to Firefox I have far fewer problems. IE is garbage, primarily because Microsoft still doesn' get it that...
Posted At: 03-12-09
By: Anonymous
A meaningful statistic...
A meaningful statistic has to be more complex than "number of bugs". I'd love to see a chart that includes all "open" bugs/issues broken down by...
Posted At: 03-10-09
By: Nate
Cross purposes behind the headline...
No one is mentioning what is really going on here. Firefox development is heavily staffed by Google. It is <u>very much</u> in Google's best...
Posted At: 03-09-09
By: Ted Thomas
Security and quality
We have found Firefow better at warning users of potential treat. Too, beta-test candidate 1 of Firefox worked much better than the release...
Posted At: 03-09-09
By: Groove
Number of exploits isn't the same between browsers
Comparing the number of exploits between browsers is as Richard mentioned Apples and Oranges.! What Microsoft considers a bug is open to very wide...
Posted At: 03-09-09
By: Bill F
Not a valid security metric
Number of reported security vulnerabilities is not, and never has been, a valid security metric for comparing the security of different...
Posted At: 03-09-09
By: tommy higbee
Number of exploits IS important.
I disagree: First of all, I am a Firefox user and have been for several years. Because Firefox is open source, it allows the hacker easy access to...
Posted At: 03-09-09
By: Terry
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}kS㸶j&sнytMat3=uR$v'ΗSOxגW&9jH,yIZZ/---}GggD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3U;Y|LNZ]@ZSˆ辥{$)5< \g4"1lp2E9$7 \hyiVpA'ס,jO`U[۾xwgy@ffrt KJozcnć!LjZ L|:j/EӝF3l˸-:4 PS+}(Z}`[BUzEÝ5훟+UUew9*GA nkp[I^׵Sq9}r>?'7;A:W;YHL~#@DJ V4MD&-āI^:GH5=(ǭ~WB-hZIArija[E4b‰EU}$N"?Zڗu&u}X6&ZiCA+WtWe`9=y\toz{MNڟ:gw:Rڟ+̊k*}k p6O|iuH54Y01\ \^Kj='6ǣ1)H|S: qN X(-t[ۗRH3}c-? ,_0f k$LJse)":u vPy۬ MZ!Rƒ) uK_3Q8j\K}0Fp &JpJq䨉kYSl \揇o4'M3XE U >hi,A[T}N}W%M 1F|r'E KH@!=F!8N0Apl/\d~]L΃QwWڲ9Q[% kK\M흙"#-+}7Oۭ ]u/{]tZڠxDaDZ`A). 8G]77Zu?1Ra^TU G'&-d`q86acBݤ#}fE= tSOC|>56㤞F!|emxq=Z.3+ԍEXn`NtH Qx٭lE%H_¤< ) FA=H:}m`~5$ǎ@ Ls'09 ښB"QފС4a vhiqppyY?0»g{`閭-L<ħ̠>xԁ!~9.Wb&A/""D%  h4AGEBEN@@7gw$]Vi+Raz"ʦBICvn +=*%nqR%e 3ʬ$&vϏaZLbo7], Slo3-Muc{\V5mZO4MhFaf#A.kޣeK0Pl;!9?f! q WQ }sYMh?wܰHz}G  +Zsƾ :ˋj|X#D nN-˘ \ >eB#`9{MYguϳ-jTN`cܒnh{Ͱ&QUN?>{BO-\naDHդW:ϧ/'ܑm˹ȇJoBo*څP_.dI_fMblȜu>I!VB17OD)wz@aeXd|re{RՌ{`ELE:a5=%nQ?ĝRƠ;BZSOs\':[[%7˺I8T*{ۥi]hk%Rd7Bɶ/^¢xmP2֡R$kϥӲ=6P< "x ӡE 7(=u  XTM._`}dҶFUbhDe6k-[`CbeܡQ7%X3Q[lx uCߵɧ |#7=du3$?;`ϟ )e!\o N(̕>A߰ XXԺ0 0q ڠ@XĞCеSҝa|ie;m// eKKZQ>Omz+Co{Lt Dm G #˞C_&]1VW=Z`"AdX(%UMp?O~6=2.eX"\{cOa:Yw$ Fiyz Y8p}r)©5j6|jj0AB̋#ןũ0vQԼewPy? 1cXh[!pYbA&L>FkdB _;$!U7:%E>C5ᝉ 1ǁxo+<|!CHu~"=l Hs}"T0|*Uԫ5 H`mR@@kRUӈ.E^qv VW%$'uX6H =j|t~h3<2 Y ә^JZqthUUjVCgGqG,(xWEbIxԀA_ԁEo⽿2-sge@o(ۿ`3tx+}|`䣇*,p |/,yl ȗ}ӅZTNP!+ȣCY ނq uESUG+[+ܞ?F+ E{h⢉!H{+E&pӚ n= =gKjU~iF -@2shP< `9 N#1o44} *zIe߯Y+5 )& Lt0 ȐG׾+vPKj'b( O5c Қk+4C |3MdhHwVh_/_qm(}g^L̺>~Wy`vgfG++1sR8Wqom؋W#7<@:a˴W6i&01"45" ~>tU*`x,4J,BfĜAYo]a+o95=2۠~}R5F70pN,G{'b*r1_>M= ;LF;0\=>w"qD d넱Ŏ| l_"q)(/9 .KU`ҖMЋF(+49aؠGsHR1 0Vow\Oq!/.7@Aŷ[\JEVK`qEZ%y)HǞ1]]2Yޘzֱ4> ʀkG2cFTYHVmZ\wmoj&lĞMGe,7;:PbX0ީ*~sũZkRWFXT9K=XT\S=@z}ݤ1pS Nu H}侧Z2:i1TʵRM()1Co잔4r2j,j.KqXKkL9 -2j=sP/ Kܥ @vnES> B) u(=tH. y1~vg=ҮI"G: bTCnƭj}U%T/IjYx~(0|nȘKYVx$ ?+οThqïRXD\>hCltPj2a'A)pd]2uܮW隿F=;o ŧrECR|{޽y-{w[OjK·烬F!zۭfS k3d8)@xdqH/=5!,{}ҾĂ Ü4"z M3"nPU8\;9²VXHE`&|C)tz]E9,{B*q]>ǧ2syt6^SF(+bK"$DY \g'u^f} bt4Du~mG^_ ,~)Fy*~y:~4~OK0Fgqk'=#$uS`Ӄs; 1di!Q9o =%E٦@7db&ubJL5"v=O?quσx1QLwʩփte~=m1mC%L<2GL)gdJD=)!jښI4g"8J542 eI? Mt0㓄PV hɂZ#5=۴<^]ҹuybRpd;2Cs: e!>RဏQFh 鳁Vˮu^cA0><8Gs`c H-Н>y{ho&})'Iu haJwfim6Ş`6 ݣovV:}i?vݷ;޽s¶"CWq:@(Nt,$$EUՊZƶr,WU3$]d~NfVtF0M3}ݾJf94iɜAhl7B_7nC\`l]C1Bo~˸aW*]c{*{7wo]VZtCqB1nVx/)&%ϓEL @OKtGY_BQKwv{Y!0N ئ7=12~OO=rmCGX ?*4lo A[)-)$ΙJ;mmoݍn T f_!O#%FJ ,Q`mZ 9_к õQ`VǴ ?c#ޚU^2$;lߔc͘37Ocp_J;U*ye b |cI5%E?=3q DxQx7e\ڊ]aKn~ 'Vv/w Zp8qlLSUR|q<,ضh;v ez6C&KO> ?j#NT+]VN.jFI aB4.G&|HiM?"ENteϐLG/uRm^+`Y1t%HȘs4$DY\^=2)zai>wo%U4mh_j_\G? h&&PؤV]qJYb0P V!SpL"XJb{&08_3R_ܖ1U^\^^S I>\-r&i꾒 &׬㠹+f)U_8C_SbS<>zIf_I<*"(IMt{EU[ ?+6ms[QNec)U{qa&F ˸ж+P`.94$Gbx{O:sQŧIVbv,m$e_$>J$OuCs䎤IG>`S(VO&A $JfKPܪbnQCB_4E,-j ]`)P!#:LIjj} y.Ax,f <%1#*E2|$Ey^ۿ!e=y)NXZci +s `Igs!ȥ^7k$x(W,V*Y2mh5ESE(HR#ΨIJE?2bp ' <{ B G\ k>Ćb^ nwփQnl=dW?F]c\tJQ"Nwb XRT)i5Db~~l EHEX[1^ ~E.̗d!nH۵^a-̩Xl7~B.] C:PMngAN):桮[-og x &nyW{aE8{!\5_:wi' |z^xFZgd0C+6.ewM}qgSCnxY*D8$ 7j6~qa7}k{_cH;hsQ4N܀ q嚆@$#ܯÞQ" }fZW-y67j[ƸCF•e`~ _"$Z_HћHl94现X/\Cޑ^j<)cx&6z$z}}}FC`||m/gǨ#,ߑ[x9zZߔմW_~t1>:U{0fuc' nti][?y=e{<4}LMcX꾳:U>SI0n^?BXe~OjfxAF[5抇k}KQ>Xx޹0tw}sz\^n^ lwjWw f|ń%?~ůz䂫k \O?2ׄ%Tل_D+ķz L/F`97*YM- l߼!!٩,fER o Z!ߤ̉m_m|R(H^uσ dUokoȊ>wt)ۼRfrwjr,ȉu0u^= z!d ƗY'$ڊZIHgsS8wHcX2,,bdf`)]aI` =EOaIv|wouv1c נ)8weQ.|ׂ%^_F£G>W- M *`l{;pOf}-G\bd= Dw߁\<=G%!{Yũn~׳{!QjH608{~I{ʞVS, xw߸֊OZڈYΞCm%< @3* I7!~^GcKiW'Ҽ7zQS@amIY`[,h6Ef`iO3ط/0I_7nnm:L=GvT;/k~;;ѥ0٧TC+A&o)D#_~x UܦM:@kٽ,=e|#~U13ʑmOhxQM#w䏅B/o7.HfXmhÈ_2C[ ⯮яTmS_'B75sU.JO(aV""&JfidL}$F֧lE߽gDDhG꨾Xx[a( _VgB8AXJzXDJ ŇސG "K&5\t p#(,oqn/ =8l*b6K-'+5}L1FU쫫9ʥ` RkyK ߕlc1 {[ĻcUAN2AGu DR!դ^Hq5Gj6j=!`5&ɣZkX;Xif+ͲyJ)~,y -JYՉ[ mݹ]4=!5&<;/ڢ 2~TXoXޔ>5BYQ d][@ur,W -ieZ{cqȝGF^hRy[9iY`=toM)(Z<<}Q,mJ)Ag'#3>|[2Ncˡ/0ۏUKzt׳cS]A/l;9{'SfW Ӱ@/0s{EMF^[5XtDgGH WIkm2J%3?3\mDΝz?qbS~fbu +KNV8Ylfm>ڊRo4Jv (ALO@99ݱ=X NPG"y԰tT>#RF̯R߇q>U7XøU!TP ccZ3ZMqheu!,.>M_#ƘQ_*Z@(YYr' o.'>Tov/>VHՕݷoh}ext+J"ތr[+tp֦U2W:17]߄QT1E :ᛒWZ-#G_ 6f^FGZQ)G)}o cd2zވ9pb XDZ`Oi$}b }"vFf!FT1 /`m9'yo_*4>wg(-$=Wsv?0L}N8m0Sc~sCRO⺢t=,aĘɪC~!W>!sSx- rH(G;F}eOWJƈ\搟Ð3{#LŰDbŴ c 4Q? ~1&IE< ,iMPs6@א0H4alG;%HJ 1шbcc^r {4bw`/u)_t/##+?,P֋X G3wȧX,}! _% FKl0E,D "}fA=bAa~L­!ԽR)Qw30^)ofp0"(3[]ă0>]S0lOpW'AC< m6Z!&:5KfltQQ({b:M u?/,nNL هrH$`x=9~imʀta~X{dF`bJ])IdR|:PJ\gޕa)걪VRڕ?(6 ;Ue" =Mɕ@*ZȈq/wO#&a@}lF(DwnsLк:LNפENmx;\;Kr>%lkEߢֳQQqi}uݹ쳔]1 l\_dj(,Ǜ,# rzٺh3;eFq*M1B*r<MS0E_VCĸ~4A_2)o\{=-[I Y/|vˢWcW GnzV#Z+!(8jz67a\nq4ħyOB32[E9yNPsNPkN5_/?nrʻP)GJ/?sʏx})4?r#\_~)4:;'f$g:9NN?r?C<^43?0_<ߋ^~.rsE}^}^'e/?A3(?)#/ra~/s2.a.s # _9 *>~s匿匿ϡ/P@_s+}'ߧ@M^9M@79_ZIRVpv*esS^)4rRy~ )P9P#Ϫ z2*RϜW~>'{'sg#q$]a芫-5nk ǤZu36 4xW /Byeo2/AQFgG6+.ȭ-'Hl]=g%%x=0?Mu{2پWߕ\*ܢ}:qOXE9 8GX%[n3'rOVPb>sxvY^]Y\;Yo%P.YCIsDgev' AѺ`*O WYJ-KaaP]χn9#|@/kOg >赏?^woҾlZ36J쓭Æ>a#^*B8DCw0p= ʼnS ;/O6tv9zĪQJ#{4́a[C o6eM+5VkZpwrH&נ8#O1Q5YUdN.jUeRL3DAyg l]fʈLZCO4 DX)f⸇Ln5FG R }:dlL*ۼx0lyN Nx@ 7ʄ,5wW;SЫِ!Aށ΂3L5|L:Aۆ^0Ɩ,ڵ"o,ws@&L"ZCwJY&5$]"Z6@mC"-KS(?gb+S7r \=wNp*23H& R#V}%%"0;c\3.aR풆 ųIla\Dm8Ιy8q0>^3\~Vݎ+0&py3 3w)'B0~m :omF3o"9ݜ ӿ*aс(Yœ{XmDhG9t}`iMx_ ̔0brf`O*{Oq AnzvwʹXeQgeIœj@@zƶ~bY3&?cvITxdGN*Sa yF˟41`&ngLX"#='yfs(.9O %|Xಁ%#:} S sogTÉt |!,ڎN-Gw U|ٲs9ebV)qmeGfZ-[@#5E`0|`eh (fZձw O 7g}L4֦Ju #AY?_vs[>/৲`E}2\Hxkyf#%S+~`[wt%(5x>;v͆LVe؋(| _b[0~X+mKbw'ʥ.Sܟ?Caқk}7ś *|X^c 0,*08u vQѪ v7"!a"^o1n%/$@Ss=V*)ve6r!*l XGڦZ-Qa[Anb=x辉=e-{B70* <Ǹ9m@>{zw1G[0rczwY=W'8K Ӿcd.GXI@ Ik.-wv(ua4,Lb9 "[^'QI 8fRжXE,dlu K%b|YMSxI1%h3l䣈mAb ?ʵ-caG?,ɀ~/'[]r*gA-Z14eo,/`kVTF <"YCӰ3=|ל r?qmr?{s]9,Sclʲc9arr[W`2Z.<',(`),dv"VTHKMΡmlP*aڇl&~H&THفl{[нDntLs-/F"FĂ'g"eW~q$Y