Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Security

Firefox Security Vulnerabilities.

In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE's security), I've taken a look at Secunia's analysis of Firefox. Currently there are 3 unpatched vulnerabilities…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE's security), I've taken a look at Secunia's analysis of Firefox. Currently there are 3 unpatched vulnerabilities on Firefox.



Firefox Vulnerabilities This is the summary graphic for what has been addressed since 2003.

I didn't include the following comparison in the IE article, but will here to note that Firefox has NOT been susceptable to Extremely critical vulnerabilities according to Secunia.
Severity of vulnerabilities

IE's vulnerabilities were 15% Extremely critical.

There are two vulnerabilities that are, approaching one year old on firefox, both rate a 2 of 5 on their criticality scale.

If you take the raw analysis at Secunia at face value, Firefox IS the more secure of the two browsers currently. However, Secunia emphasizes that their statistics are not meant for comparing the security of two different products. In part because Secunia advisories can cover multiple vulnerabilities (one advisory might be 5 issues on one product, on another one adivsory could indicate just 1 issue.) They also note to take into account that some operating systems bundle more software (Linux distros for instance that bundle many desktop apps with the base distribution). Additionally they note that the time to resolve a fix is important as well. i.e. don't beat someone up for 100's of vulnerabilities if they are all fixed in a timely fashion. In light of these notes and taking into account the specifics of the vulnerabilities, I still conclude Firefox is more secure, but they need to address those three outstanding problems.

Secunia tracks security advisories for more than 5000 products. They are definitely worth keeping in your bookmarks.