George Ou at ZDNet suggests that the Firefox “honeymoon” is over.
Now that Firefox has become the first viable contender to Microsoft Internet Explorer in years, its popularity has brought with it some unwanted attention. Last week’s premature disclosure of a zero-day Firefox exploit came a few weeks after a zero-day exploit for Internet Explorer appeared on the Internet. Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months
Ou presents two charts showing that in the last seven months Firefox has had 40 vulnerabilities to Internet Explorer’s 10 and 11 exploits to IE’s 6.
As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005. Since that time, new exploits are being released almost on a monthly basis.
I don’t think it makes me rabidly pro-Firefox to suggest that there are some good reasons to take these numbers with a grain of salt.
- For one, Firefox was officially released only in 2004, whereas Internet Explorer 6 has been around since 2001 (and that’s not counting previous versions). That’s given everyone a lot more time to find and patch major IE problems.
- Furthermore, Firefox’s open source makes it easier to find and fix vulnerabilities than IE, so in the long run it should be less open to attack.
- Also, according to the Secunia vulnerability reports to which Ou links, the severity of the Firefox vulnerabilities has been less than those of IE. During the same period of time, 14% of Secunia advisories regarding IE were rated “Extremely” critical, but none of the Firefox advisories were. Indeed, 77% of Firefox advisories were only “Moderately” to “Not” critical, compared to only 56% of IE advisories.
- According to the Secunia charts, twice the percentage of IE advisories have gone unpatched compared to those of Firefox.