Firefox Fixes Security Vulnerabilities Faster than the Competition
Danish computer security service provider Secunia, in a recent report has pointed out that the development team behind the Mozilla developed Firefox browser takes the least amount of time when it comes to fixing bugs, security holes and other security related issues that affect their software platform – compared to other browser providers, of course. On the downside, the report also revealed the fact that the number of vulnerabilities affecting Mozilla’s Firefox is greater than that of Internet Explorer (IE), Safari, and Opera – put together.
“This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Safari and Opera each had 32 and 30 vulnerabilities, whereas 115 vulnerabilities were registered for Firefox in 2008,” says Secunia.
Yes, the Firefox browser did indeed take the top spot when it comes to the number of security vulnerabilities that plague the software application, but things are not as gloomy as they might appear. First of all, I remember that a study carried out a while back depicted the fact that Firefox users are most technology oriented, more IT savvy than IE users for example – what this means is that they are less likely to be tricked by malware spreaders and will not click a link just because it says Kanye West is gay . Secondly, the study also showed that Mozilla scrambled their team of programmers to find a security fix as soon as possible.
Think of it this way: despite the fact that Mozilla had to contend with approximately 4 times more vulnerabilities than other browser providers, it managed to issue a fix or patch in about a month and a half. On average, that’s 43 days to tackle each issue, and there were 115 security issues in total; Internet Explorer bugs on the other hand were solved in an average of 110 days (almost 4 months), and they only had to contend with 31 vulnerabilities.
“Mozilla has released patches for 3 out of 3 Firefox-related advisories, which are all concerning low-risk vulnerabilities. Microsoft has released patches for 3 out of 6 IE-related advisories, albeit with several serious threats going unpatched for up to as much as 110 days after disclosure. Three low-risk IE-related threats have been left unpatched during all of 2008,” says the report.
If you would like to take a look at the Secunia 2008 report, you can do so here (PDF warning).
“This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Safari and Opera each had 32 and 30 vulnerabilities, whereas 115 vulnerabilities were registered for Firefox in 2008,” says Secunia.
Yes, the Firefox browser did indeed take the top spot when it comes to the number of security vulnerabilities that plague the software application, but things are not as gloomy as they might appear. First of all, I remember that a study carried out a while back depicted the fact that Firefox users are most technology oriented, more IT savvy than IE users for example – what this means is that they are less likely to be tricked by malware spreaders and will not click a link just because it says Kanye West is gay . Secondly, the study also showed that Mozilla scrambled their team of programmers to find a security fix as soon as possible.
Think of it this way: despite the fact that Mozilla had to contend with approximately 4 times more vulnerabilities than other browser providers, it managed to issue a fix or patch in about a month and a half. On average, that’s 43 days to tackle each issue, and there were 115 security issues in total; Internet Explorer bugs on the other hand were solved in an average of 110 days (almost 4 months), and they only had to contend with 31 vulnerabilities.
“Mozilla has released patches for 3 out of 3 Firefox-related advisories, which are all concerning low-risk vulnerabilities. Microsoft has released patches for 3 out of 6 IE-related advisories, albeit with several serious threats going unpatched for up to as much as 110 days after disclosure. Three low-risk IE-related threats have been left unpatched during all of 2008,” says the report.
If you would like to take a look at the Secunia 2008 report, you can do so here (PDF warning).
