A Symantec report released Monday contends that Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer. According to the latest edition of Symantec's Internet Security Threat Report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005 (18 were classified as high severity) and 13 vendor-confirmed vulnerabilities were disclosed for IE (8 were high severity). The report also stated that hackers are still focusing their efforts on Microsoft's IE browser.
This is a concern for Mozilla, especially after the Greasemonkey security scare a couple of months ago. At the time Greasemonkey's security issues unintentionally cast Mozilla's Firefox browser in a bad light (Greasemonkey is a Firefox-only program that enables users to modify web pages).
The real concern is that security risks in a browser makes corporate IT administrators nervous. According to recent stats, Firefox has about 8% of the browser market, compared to IE's 87% (these figures to be taken with a grain of salt). Mozilla needs to break into the corporate market to make headway, so they could do without these security reports. Especially when The Register writes this kind of thing: "Graham Pinkney, head of threat intelligence EMEA at Symantec, said that switching from IE to Firefox as a way of minimising security risks was no longer valid advice."
Interesting also to note George Ou's post on Firefox and IE security. George wrote: "...the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading." He also pointed out that Firefox "mostly managed to stay under the radar from hackers before April of 2005".
From a Web 2.0 angle, with my eagle eye I spotted this tidbit at the end of the ZDNet report: "Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated." So potentially there may be some scaremongering in the near future related to Web 2.0 applications.