Firefox Tops Vulnerability List

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A new study has come out today that threatens to rain on Firefox’s 5th birthday parade. The report claims that Firefox leads the pack with vulnerabilities (44%), Safari came in second (35%), Internet Explorer was third (15%) and Opera ranked the best (6%).

According to Cenzic, Firefox accounted for 44 percent of all browser vulnerabilities reported in the first half of 2009. In contrast, Apple's Safari had 35 percent of all reported browser vulnerability, Microsoft's Internet Explorer was third at 15 percent and Opera had just six percent share.
Click to expand...
 
It's a percentage. I think this data more indicates that other browsers (IE specifically) have been getting more secure, than that Firefox has been getting less secure. But that means it's time to batton down the hatches and get to work, FF devs!
 
I've been unable to use FF for months because it doesn't seem to like Win7 x64 for me, on two different systems.

On the bright side, IE8 is actually pretty good, so I've been using it almost exclusively, except for little bouts with Chrome.
 
chrome? :p:eek:

haha, anyway, if u read the article, most of it has to do w/plugins. that's why i dont install a lot of them, &even if you DO install plugs, try to install ones that actually HELP, like noscript, which should be a part of FF proper. when a script can't even RUN, there is no security issues there =P.
 
I laugh at these "vulnerabilities".
I have yet to see a Fx machine compromised; can't say the same for IE.
 
"Reported"

This could easily be an artefact of an especially vigilant open source community and/or an especially closed-mouthed IE-hacker community.
 
JediFonger said:
chrome? :p:eek:

haha, anyway, if u read the article, most of it has to do w/plugins. that's why i dont install a lot of them, &even if you DO install plugs, try to install ones that actually HELP, like noscript, which should be a part of FF proper. when a script can't even RUN, there is no security issues there =P.
Click to expand...

Not sure it's safe to say that all vulnerabilities are scripting vulnerabilities. Use to be able to bork browsers real good with just a long URL.
 
zero2dash said:
I laugh at these "vulnerabilities".
I have yet to see a Fx machine compromised; can't say the same for IE.
Click to expand...

You haven't seen enough machines. Almost all the machines that I've seen that have been hacked have been through user downloaded trojans. FF doesn't help at all in that situation.
 
Just goes to show haters gonna hate.

1257.jpg
 
djBon2112 said:
It's a percentage. I think this data more indicates that other browsers (IE specifically) have been getting more secure, than that Firefox has been getting less secure.
Click to expand...
No, it's a proportion of the total vulnerabilities reported.

But as the article says, it includes those vulnerabilities introduced by third-party plugins, so it's hardly a fair comparison, or an accurate reflection of Firefox itself.
 
JediFonger said:
chrome? :p:eek:

haha, anyway, if u read the article, most of it has to do w/plugins. that's why i dont install a lot of them, &even if you DO install plugs, try to install ones that actually HELP, like noscript, which should be a part of FF proper. when a script can't even RUN, there is no security issues there =P.
Click to expand...

This. Couldn't have said it better myself.
 
Steve said:
A new study has come out today that threatens to rain on Firefox’s 5th birthday parade. The report claims that Firefox leads the pack with vulnerabilities (44%), Safari came in second (35%), Internet Explorer was third (15%) and Opera ranked the best (6%).
Click to expand...

with no script? I doubt it. they said that plug ins were a liability but its also its strength
 
I find it highly unlikely that firefox has more vulnerabilities than IE.... Hows that even possible.....

Also it says "reported vulnerabilities". Yeah, IE doesnt have many cause nobody uses it anymore..............
 
Unsuprising, honestly this has been being said for years and years, but it falls on def ears. but that's ok, if you're happy with it, I'm sure others on the net are happy you are happy with it. You just may not want them to be!
 
Retsam said:
I find it highly unlikely that firefox has more vulnerabilities than IE.... Hows that even possible.....

Also it says "reported vulnerabilities". Yeah, IE doesnt have many cause nobody uses it anymore..............
Click to expand...

ur post makes me LOL. keep on hatin.
 
LuminaryJanitor said:
No, it's a proportion of the total vulnerabilities reported.

But as the article says, it includes those vulnerabilities introduced by third-party plugins, so it's hardly a fair comparison, or an accurate reflection of Firefox itself.
Click to expand...

Yes, and compair total vulnerabilities from this year to 2005, you'll notice a big difference.
 
Hulahoops said:
You are probably confusing the browser with the person who uses it.
Click to expand...

Exactly. PEBKAC.
Some people are foolish enough to click on anything. In those cases, it doesn't matter what browser they're using; they'd still get a hosed system.
 
It's no real surprise that the two browsers with the most open development process have the most reported vulnerabilities. That's the nature of every bug and code change being visible to the public. If MS finds an undisclosed security issue in their code, do you think they'll tell the world about it when they fix it or just quietly roll it into their next IE security update?
 
Yeah, the raw numbers really don't tell the whole story. The numbers don't give any consideration to severity, how much of the info is publicly available, or whether the vulnerabilities were fixed before reporting vs. zero-day. Also, time-to-patch is not factored in, either.
 
Good to know since i use Opera and IE when needed. To be honest i dont use addons and really IE works for me and seems to be the mosy compatible. I use Opera becouse i thought it was safer and ive used it for years. The only thing i do though is read here and maybe a couple more tech sites. Browse Newegg and ebay and a few Auto forums. I dont do twitter or myspace or follow user posted links any of that crap.
 
As others have said, the key is the word "reported"

Company/organization A patches and reports even the possibility that using 2 specific 3rd party addon packages together could allow a malicious website to temporarily change the color of the font in your browsers title bar in an unauthorized way. Real security threat = 0.

Company/organization B doesn't admit (report) even 1/10th of well know exploits that give malicious websites full administrative control of your computer. Much less patch them.
Real security threat = you don't know about it.

So guess what? Company A has more REPORTED security issues. meaning squat. Give us some more FUD.

I do believe MS is getting more secure. I feel pretty good about Win 7 and IE 8. I use them. I seriously doubt they hold a candle in security to FF with NS. Unless you lock IE down so much LYNX looks feature rich in comparison.
 
Hypothetical situation.

FF has 80 exploits. 79 are fixed withen a week of finding them.
IE has 5 exploits. 1 of them is fixed withen 3 months of finding it.

Who is better?

Everyone is out to get Firefox with these stupid numbers and they never give the full information.
 
Vercinaigh said:
Unsuprising, honestly this has been being said for years and years, but it falls on def ears. but that's ok, if you're happy with it, I'm sure others on the net are happy you are happy with it. You just may not want them to be!
Click to expand...

Well said.

Necrosis, your example is invalid because FireFox would have LESS resources to help fix the found issues than Microsoft, as they rely on purely donated time from random people and a small core group in their non-profit.

Firefox's only good thing is addons, and if those can't be used due to security issues, why would you want to use Firefox at all? It's less intuitive than IE8, requires a separate download, reports more habits back to their makers than IE8 does, and is less secure, plus is open source so hackers can find exploits more easily. Lose/lose...

I've used IE almost exclusively over the years with short one-week bouts of Firefox because of the hype, but it's just a vocal minority that makes it sound good, not the actual truth.
 
Firefox should be judged with recommended addons. Adblock plus will kill heaps of those malware injecting ads. And the only issue with NoScript is that it requires a high level of user intelligence, because otherwise you have people clicking on that malware-loaded flash box just to see what's behind it (oh look a virus, DOH!).

Web browsing should be within a blackbox IMHO - so nothing can poke at the OS or apps, and the worst you can get is a crashed browser.
 
I'm going to continue using my preferred browser, I don't really give a shit what anyone else says, thinks, or does. I'd advise everyone else to do the same.

/thread?
 
createcoms said:
Web browsing should be within a blackbox IMHO - so nothing can poke at the OS or apps, and the worst you can get is a crashed browser.
Click to expand...

I hate to give any sides' fanboys something to cackle over but I'm pretty sure that's exactly how Chrome works.
 
LuminaryJanitor said:
No, it's a proportion of the total vulnerabilities reported.

But as the article says, it includes those vulnerabilities introduced by third-party plugins, so it's hardly a fair comparison, or an accurate reflection of Firefox itself.
Click to expand...

I think it is, it means FF needs to make their rules for adding 3rd party applications alot more strick.
 
Sabrewulf165 said:
I'm going to continue using my preferred browser, I don't really give a shit what anyone else says, thinks, or does. I'd advise everyone else to do the same.

/thread?
Click to expand...

So lets tell people to keep using a potential unsecured browser cause you say so?, this applies to all browsers, not just IE, i think people should be informed about things like this so they can at least know about it and browse safer or switch browsers all together.
 
MrGuvernment said:
So lets tell people to keep using a potential unsecured browser cause you say so?, this applies to all browsers, not just IE, i think people should be informed about things like this so they can at least know about it and browse safer or switch browsers all together.
Click to expand...

Way to put words in my mouth. I didn't "say so" anything, I simply pointed out that look and feel preferences are going to trump security considerations for most people. Do you personally have incontrovertible proof that shows browser X is the most secure?

All this dick-swinging over web browsers is so pointless.
 
All I know for sure is what I've experienced, that being my days of IE involved endless drive-by-download trojan infections. Since I switched to firefox (and this is years ago) I've had ZERO infections of ANY kind.

Until that changes anyone that goes around saying firefox is unsecure is going to be fighting an uphill battle with me, which is not to say that given the right argument I wouldn't make the switch to another browser, but the push factor is going to have to be so much stronger given the comfort and well-earned reputation (through my experience) that firefox has given me.
 
I have to use IE at work. I can't stand it. I like FF, and I think stupid people will continue to be stupid; there isn't a browser made that can protect idiots from themselves. One of the main reasons that I like FF is the addins. A lot of them make browsing more fun.
 
You must log in or register to reply here.
Back
Top