Security Report Ignites Firefox vs. Internet Explorer Feud | eWeek

Security Report Ignites Firefox vs. Internet Explorer Feud

Verfasst von
Brian Prince
Brian Prince
Mar 5, 2009
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Mozilla’s Firefox Web browser has been gaining market share against Microsoft Internet Explorer for years now. However, in 2008 it surpassed IE in a far less glorious category: number of bugs.

According to browser vulnerability research by Secunia, (PDF) 115 security vulnerabilities in Firefox were reported in 2008-nearly twice as many as IE and Apple Safari combined. However, the news is not all bad, as the same report showed that Mozilla was much quicker to respond than Microsoft when flaws were publicly disclosed either prior to or without vendor notification.

Three Firefox vulnerabilities were publicized last year under those conditions. All three were patched, with the longest patch taking 86 days to arrive, according to Secunia. For IE, however, only three of the six such vulnerabilities were patched as of Dec. 31. One of the IE vulnerabilities remained open for 294 days in 2008, according to the report.

The report noted that not all vulnerabilities are created equal. The three aforementioned Firefox flaws were rated “less critical,” while the Microsoft vulnerabilities were more of a mixed bag. The three unpatched IE flaws were rated either “not critical” or “less critical.” Two of the patched bugs were classified as “moderate” and “high,” while the third patched bug was considered “less critical.”

On March 4, Mozilla released an update plugging eight security holes in Firefox 3.07, of which six were rated critical. The vulnerabilities affect the browser’s garbage collection, PNG libraries, layout and JavaScript engines.

The critical vulnerabilities could enable hackers to run arbitrary code. But there is also a vulnerability rated “high” that could allow a Web site to use nsIRDFService and a cross-domain redirect to steal private data from users authenticated to the redirected Web site.

The update came a day after Opera Software issued a security update for its browser, and roughly a week after Apple released a beta version of Safari 4.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.