Firefox Security Vulnerabilities.
In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE’s security), I’ve taken a look at Secunia’s analysis of Firefox. Currently there are 3 unpatched vulnerabilities on Firefox.
This is the summary graphic for what has been addressed since 2003.
I didn’t include the following comparison in the IE article, but will here to note that Firefox has NOT been susceptable to Extremely critical vulnerabilities according to Secunia.
IE’s vulnerabilities were 15% Extremely critical.
There are two vulnerabilities that are, approaching one year old on firefox, both rate a 2 of 5 on their criticality scale.
If you take the raw analysis at Secunia at face value, Firefox IS the more secure of the two browsers currently. However, Secunia emphasizes that their statistics are not meant for comparing the security of two different products. In part because Secunia advisories can cover multiple vulnerabilities (one advisory might be 5 issues on one product, on another one adivsory could indicate just 1 issue.) They also note to take into account that some operating systems bundle more software (Linux distros for instance that bundle many desktop apps with the base distribution). Additionally they note that the time to resolve a fix is important as well. i.e. don’t beat someone up for 100’s of vulnerabilities if they are all fixed in a timely fashion. In light of these notes and taking into account the specifics of the vulnerabilities, I still conclude Firefox is more secure, but they need to address those three outstanding problems.
Secunia tracks security advisories for more than 5000 products. They are definitely worth keeping in your bookmarks.