Say it ain't true, Firefox. The popular browser's reputation has taken yet another hit when a new study by application security vendor Cenzic revealed that Firefox leads the field of browsers in terms of total vulnerability (yes, even besting Internet Explorer):
According to Cenzic, Firefox accounted for 44 percent of all browser vulnerabilities reported in the first half of 2009. In contrast, Apple's Safari had 35 percent of all reported browser vulnerability, Microsoft's Internet Explorer was third at 15 percent and Opera had just six percent share. [...]
As to why Firefox's numbers were so high, Cenzic has a few ideas.
"It's a combination of different things," Lars Ewe, CTO of Cenzic, told InternetNews.com. "They've gotten more traction as a browser, which is good for them and the more you get used the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins."
One key area that Ewe said was responsible for a number of reported Firefox vulnerabilities is with how the browser handles plug-ins.
"The plug-in architecture that they have is a selling fact for the browser and one of the reasons why I love using it," Ewe said. "They can't control security aspects of all the plug-ins and the vulnerabilities are a side effect of that."
Sean Michael Kerner of the InternetNews explains: Link
Firefox may have more vulnerabilities, but how many are fixed straight away? How long between a report of a problem and when it is fixed? What about zero-day issues?
This company needs to ditch the generalities and do comprehensive research before making these conclusions.
Seriously, I love Firefox. Just fix the memory leaks, please.
AdBlock and NoScript FTW.
I love Firefox, but it's very true that the plugin technology has opened up some vulnerabilities.
And guys: You can be a fan of a product without being a closed-minded shill.
No reports, 100% security!
right?