Firefox under the security spotlight

Firefox under the security spotlight

Summary: A Symantec report released Monday contends that Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer. According to the latest edition of Symantec's Internet Security Threat Report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005 (18 were classified as high severity) and 13 vendor-confirmed vulnerabilities were disclosed for IE (8 were high severity).

SHARE:
TOPICS: Browser
6

A Symantec report released Monday contends that Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer. According to the latest edition of Symantec's Internet Security Threat Report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005 (18 were classified as high severity) and 13 vendor-confirmed vulnerabilities were disclosed for IE (8 were high severity). The report also stated that hackers are still focusing their efforts on Microsoft's IE browser.

This is a concern for Mozilla, especially after the Greasemonkey security scare a couple of months ago. At the time Greasemonkey's security issues unintentionally cast Mozilla's Firefox browser in a bad light (Greasemonkey is a Firefox-only program that enables users to modify web pages).

The real concern is that security risks in a browser makes corporate IT administrators nervous. According to recent stats, Firefox has about 8% of the browser market, compared to IE's 87% (these figures to be taken with a grain of salt). Mozilla needs to break into the corporate market to make headway, so they could do without these security reports. Especially when The Register writes this kind of thing: "Graham Pinkney, head of threat intelligence EMEA at Symantec, said that switching from IE to Firefox as a way of minimising security risks was no longer valid advice."

Interesting also to note George Ou's post on Firefox and IE security. George wrote: "...the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading." He also pointed out that Firefox "mostly managed to stay under the radar from hackers before April of 2005".

From a Web 2.0 angle, with my eagle eye I spotted this tidbit at the end of the ZDNet report: "Web browser vulnerabilities are becoming a preferred entry point into systems, the report stated." So potentially there may be some scaremongering in the near future related to Web 2.0 applications.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Lies, DAMN lies and statistics

    Categorizing things that don't fit well into categories, and choosing study durations that don't show historical trends makes for some great product bashing! We have over 10 years of data on IE, yet only a year or so on FireFox. Do we just look at the last few months and draw overall conclusions? Do we have a handle on "criticality", and use "weights" on incidence numbers - or do we use JUST the raw numbers? Do break/fix/patch response timings get factored in? I thought as much . . .
    Roger Ramjet
    • Roger, since you're a scientist

      you know that it is impossible to do a real-world comparison. You can't hold that many things constant, because the environment is constantly changing. All you can do is guess how Firefox would have fared against IE 5.5, for instance. There is no way to test that hypothesis. Too many variables, no control group.
      Real World
  • Deceptive headlines!

    "But the report, released Monday, also found that hackers are still focusing their efforts on IE."
    - from the other zdnet propaganda article on FF insecurity.
    Is there any doubt that these shills work for Microsloth?
    Reverend MacFellow
  • Doublespeak, tweaks and lies

    Since when is Symantec an authority on browser (ANY browser!) security? Every informed IT Manager and Administrator knows Symantec is just another Microsoft lapdog. When a nonpartisan and QUALIFIED security source (other than Mr. Ou, thank you very much) identifies and confirms these vulnerabilities, then I'll take a closer look. Until then the IE browser is still banned and disabled on ALL our desktops and servers!
    tyndl
    • Well Put.

      Well put. Can't agree more.
      RyanJones
  • Reports read wrongly again...

    This is yet another case of not convering the full story and wrongly reading the facts at hand. GET IT RIGHT!

    I had to register just to say that.
    RyanJones