Firefox Security Vulnerabilities.
In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE’s security), I’ve taken a look at Secunia’s analysis of Firefox. Currently there are 3 unpatched vulnerabilities on Firefox.
This is the summary graphic for what has been addressed since 2003.
I didn’t include the following comparison in the IE article, but will here to note that Firefox has NOT been susceptable to Extremely critical vulnerabilities according to Secunia.
IE’s vulnerabilities were 15% Extremely critical.
There are two vulnerabilities that are, approaching one year old on firefox, both rate a 2 of 5 on their criticality scale.
If you take the raw analysis at Secunia at face value, Firefox IS the more secure of the two browsers currently. However, Secunia emphasizes that their statistics are not meant for comparing the security of two different products. In part because Secunia advisories can cover multiple vulnerabilities (one advisory might be 5 issues on one product, on another one adivsory could indicate just 1 issue.) They also note to take into account that some operating systems bundle more software (Linux distros for instance that bundle many desktop apps with the base distribution). Additionally they note that the time to resolve a fix is important as well. i.e. don’t beat someone up for 100′s of vulnerabilities if they are all fixed in a timely fashion. In light of these notes and taking into account the specifics of the vulnerabilities, I still conclude Firefox is more secure, but they need to address those three outstanding problems.
Secunia tracks security advisories for more than 5000 products. They are definitely worth keeping in your bookmarks.
Popularity: 1% [?]
Related Posts - Ubuntu 6.06 LTS release Probably the biggest news so far today, at least in linux circles is the official release of the Dapper Drake.... Ubuntu 6.06 LTS (Long Term Support) (and kubuntu and edubuntu all...). I've been playing with an install based on the Release Candidate (and now upgraded to even include KDE 3.5.3...........
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit Take a look at the official announcement. They've moved outside the usual update cycle for this one. VERY good move Microsoft to get this patch in before the holidays as it looks as though there's been a spike in the use of this particular exploit and with people doing a......
- The biggest computer security vulnerability ever I talk quite a bit about computer viruses and computer security on this site. It's probably one of the bigger problems that I grapple with for my customers. Today I'm going to talk about the biggest computer security vulnerability there is. In fact, this is a general security vulnerability. It......
Related Websites - Home Security and Community Watch Meeting Review of Our First Community Watch Meeting We just got back from our apartment complex's first community watch meeting. Lately there has been some car break ins (including my husband's car) and we wanted to see what we could do to minimize this happening again. I picked up some helpful......
- When is an ETF not Actually an ETF? Exchange Traded Funds have been popular for decades since they provide diversification with the ease of trading and dollar cost averaging. They have gotten so popular that the actual topic of ETFs now include specific industries, super concentrated funds and even active investing. However, when is an ETF not really......
- Lending Club Files S1 with SEC Lending Club has filed an S1 with the SEC (link to S1 filing). It looks to be similar in nature to the Prosper filed an S1 reported here on 10/30/2007. This continues the Lending Club quiet period started on 4/8/2008. Originally I had guessed 7 months to 1.5 years for......
Similar Posts
- Windows more secure than Linux?
- Firefox vulnerabilities and 1.5 Release Candidate
- 5198 Security Vulnerabilities tracked by US-CERT in 2005
- Microsoft’s unpatched security bugs
- IE too dangerous to use?