Is it Time to Reconsider Firefox?

[HardOCP News]

With Firefox having 44% of all reported browser vulnerabilities in the first half of the year, this guy wants to know if it is time to reconsider using Firefox.

A report by security vendor Cenzic has pegged the popular open source Firefox Web browser right at the top in terms of the total reported vulnerabilities. According to Cenzic, Firefox garnered 44 percent of all reported browser vulnerabilities in the first half of this year. This is in contrast to Safari, which commanded 35 percent and Internet Explorer's 15 percent. Fourth-place Opera garnered just 6 percent of reported flaws.

 

[anthrex]

The real questions are which browser is more likely to reveal browser vulnerabilities; and which has the largest, most knowledgeable and critically looking community that has access to the browsers code?

 

[modi123]

Go Internet Explorer!

 

[WhiteZero]

I think the key word here is "reported".

 

[Adeptus]

I have used firefox for 3 years now....time to move on.

 

[Azhar]

I have used firefox for 3 years now....time to move on.

But Chrome lets Google peek into your lives and steal all your info!

 

[Sabrewulf165]

Another flamebait browser op-ed, sigh

 

[novadude]

Well Opera's just in an odd position where you still need to run IE or firefox for some sites, such as Gmail and ~10% of the other websites out there because they just don't work with Opera. Other than that it's a wonderful browser.

 

[Sabrewulf165]

I have used firefox for 3 years now....time to move on.

Let me know when Chrome stops excessively reloading files that should be pulled from cache.

That may sound snarky but I'm being sincere. If it weren't for that I'd probably use Chrome a lot more.

 

[King Icewind]

I think the percentages are different because not as many people use different browsers.

I use Safari 4 on my laptop, desktop, and mac. Firefox whenever something doesn't load right.

Do enough people really use Opera to contribute enough to the statistics? IMO no, but I havn't done any polls or anything to back that up.

 

[dr.stevil]

nope. until noscript hits opera, chrome or IE, I'll be sticking with Firefox

 

[Jospeh]

Firefox+no script=secure browser.

 

[piscian18]

Firefox+plugins. I'm not using anything else.

 

[Tobit]

Firefox has really been giving me a lot of performance issues since the past few revisions.. it definitely has some memory leaks the longer you leave it running. I have my browser loaded pretty much 24x7 and after a few days, Firefox would simply slow down and start acting weird. I switched to Chrome a week or so ago and haven't looked back.

 

[deff]

I'd like to see a comparison of how fast vulnerabilities are fixed between browsers. The more popular a piece of software becomes, the more attention it will garner from hackers and malware writers. Its all in how fast the producer of the software fixes these issues that matters.

 

[krupted]

ff has been excellent for me. i still regularly have web pages that dont do what they should in IE, and i fire up firefox and things work perfectly. not always like that, but it happens regularly.

 

[stop!theradio]

Firefox runs beautifully for me, just like it always has. Except for the few bumps in the road that all browsers have had/eventually have, Firefox has been the best from the beginning, and the quickest to recover from any "bumps" in the road.

 

[Azhar]

Firefox has really been giving me a lot of performance issues since the past few revisions.. it definitely has some memory leaks the longer you leave it running. I have my browser loaded pretty much 24x7 and after a few days, Firefox would simply slow down and start acting weird. I switched to Chrome a week or so ago and haven't looked back.

Lately about the only Firefox problems I'll have randomly is when you close it, firefox.exe would stick in your task manager. A pain in the butt when you're trying to install or update addons. It won't restart properly or the addons won't work because Firefox was never restarted completely due to stuck firefox.exe.

It's happened on multiple computers in the company and at home, so I know it's not just me.

 

[Zoogle]

As long as patches consistently come out, I'll keep using Firefox. The only thing annoying me lately with Firefox is processor and memory usage.

 

[Nemesis999]

Firefox has demonstrated that even open-source software turns into bloated slow crap-wear over time. Dumped it a while ago, got tired of having to restart my browser to free up hundreds of MB of memory leaks.

 

[Toytown]

so I know it's not just me.

Yep same here. I was hoping the latest update would fix it, but it hasnt

 

[Azhar]

As long as patches consistently come out, I'll keep using Firefox. The only thing annoying me lately with Firefox is processor and memory usage.

open Firefox and type about:config and scroll down to browser.cache

You'll see that by default disk caching is disabled and memory caching is enabled and caching size is 512mb. You can adjust it all in there.

 

[Sonofman]

I would like to see some percentage of use with these stats. It is obvious the malware folks will concentrate on the more popular. It is also important how fast problems are patched when found like deff said.

 

[oMek]

firefox has seemed to slow down over the last 6 months. i dont really use it anymore.

 

[Vermillion]

nope. until noscript hits opera, chrome or IE, I'll be sticking with Firefox

Bingo. I don't use a whole lot of add-ons. I use a handful that make my life easier and safer.

I don't care if Firefox is using 200MB of RAM or something. Let it use my RAM. I might as well use what I paid for. Firefox has been 100% stable for me over the years and I find it's performance is be very good.

SRWare Iron (sorry I refuse to use Chrome itself) will be a close second once extensions hit it big and they get something like NoScript in there. Then it might be time to move from FF to Iron.

 

[Saist]

The real questions are which browser is more likely to reveal browser vulnerabilities; and which has the largest, most knowledgeable and critically looking community that has access to the browsers code?

This. Microsoft has a lousy history of not disclosing bugs until well after exploits are already on the market. Apple as well has a history of failing to disclose bugs until after exploits on are on the market. Both companies also have histories of failing to disclose many bugs that they receive, yet patch before exploits enter circulation, or bugs that never have any actual exploits made available.

Mozilla on the other hand... well... They and Chrome...

When a bug is posted for a Mozilla product here: https://bugzilla.mozilla.org/

It's posted. It's disclosed. There's no hiding it. There's no not telling investors. It's made available for everyone to see. As the common user can submit bug reports and errors in a public setting, Mozilla doesn't really ever have a chance to hide or obfuscate problems with the code.

When a bug is posted for a Google Chrome product here : http://www.chromium.org/for-testers/bug-reporting-guidelines

Same thing. It's posted. It's disclosed. There's no hiding it. Sure, Google may not talk about bugs that affect their officially pre-compiled Chrome browser and ChromeOS, but as long as their source code is available, pretty much anybody can report bugs or exploits in the platform.

Like Microsoft and Safari, Opera doesn't maintain a public bug tracking system. While they do offer a form feedback, https://bugs.opera.com/wizard/, they point to a non-tracking system for followup.

If your bug is being discussed in the Opera community forums, newsgroups, or mailing lists, a report has probably already been filed. Additional reports will then serve no purpose, as they will simply be marked as duplicates.

That being said, Opera has a history of accurately reporting problems and issues with their released binary code. Opera also has a tendency to follow an aggressive and constant patching strategy. I'm not exactly aware of Opera having hidden or failing to talk about exploits that were widely available for the platform.

KDE also has a bug tracking system : https://bugs.kde.org/ So bugs filed against the KHTML based Konqueror are again, like Mozilla and Chrome. The bugs are out there, no hiding, no obfuscating.

Now, from Chromium and Konqueror compiled against Mach BSD, we can get an idea of what kind of bugs Safari actually has, and what exploits could be used against Safari as all 3 share the same type of engine: KHTML / Webkit. That doesn't mean Apple's own behind-the-scenes mixing doesn't produce other odd errors.

Given what we know of the background data of the engines, and those producing the engines, I'm not really sure the author of the article knows what he's talking about if he's suggesting that we reconsider FireFox because of reported exploits. I'd almost say that sort of statement immediately disqualifies the author from any sort of credibility.

 

[NKDietrich]

I'm more worried about the "unreported" vulnerabilities in a browser. The reported ones imply they are fixed or being fixed.

 

[zero2dash]

So does this mean Apple will start coming out with pro-Safari, anti-Fx ads now that things are "reported"?

I like Chrome, I like the speed; the extension support is still in infancy though so I'll stick with Fx.

 

[Morphes]

The only reason I am not using Chrome is because of ad-blocking, I HATE ADS and the add-on for firefox is really well built and easy to block new ads that it doesn't block. I know there are other ways to block ads with chrome but the ones I have used are really annoying and inconvenient.

Once Chrome implements add-ons that have an adblocking feature I will stick with Firefox.

 

[Morphes]

Oh and because of pipe lining, which I can reallly tell the difference with.

(it wouldnt let me edit my previous post)

 

[Valset]

security is largely a user issue, not a browser one. that article fails there. and really, if you want safe browsing then nothing beats FF with NoScript. sorry but at the end of the day no browser is secure enough to overcome user ineptitude.

and seconded the comment about more likely to report and respond to bugs / security issues. Microsoft still thinks WGA prevents piracy. That already tells me that they don't have a clue.

 

[synapsis]

Lately about the only Firefox problems I'll have randomly is when you close it, firefox.exe would stick in your task manager. A pain in the butt when you're trying to install or update addons. It won't restart properly or the addons won't work because Firefox was never restarted completely due to stuck firefox.exe.

It's happened on multiple computers in the company and at home, so I know it's not just me.

I've had this issue and on my box it only happens when a page has to load the Java Runtime, and only when you X the browser with a Java app running. IIRC, you can File -> Exit and it'll properly end the JRE process and firefox.exe will terminate normally.

 

[devil22]

Where did MS ever state WGA prevents all piracy? It makes casual piracy harder, a lot more people would pirate Windows if it had no protections whatsoever and you could just pass the dvd around to all your friends.

As far as number of vulnerabilities, well it's not really important, what's important is that ALL browsers have and will have vulnerabilities, and how the browser prevents the user from being infected by such vulnerabilities. IE has sandboxed mode (for 3+ years now), so does Chrome, Firefox still doesn't have sandboxing by default. Noscript is nice, but you get 95% of that by using Zones in IE (don't know about Chrome), that's why I stick with IE, if mozilla took security seriously their browser would be sandboxed, period.

 

[Bgrngod]

Eh... I'm not sure what this whole "reconsider" and such is. Does it really take a sit down meeting with yourself to decide to start using another browser for awhile?

Hell, I use both Firefox and IE at the same time all the time. Alt-Tab ftw!

 

[Azhar]

Where did MS ever state WGA prevents all piracy? It makes casual piracy harder, a lot more people would pirate Windows if it had no protections whatsoever and you could just pass the dvd around to all your friends.

As far as number of vulnerabilities, well it's not really important, what's important is that ALL browsers have and will have vulnerabilities, and how the browser prevents the user from being infected by such vulnerabilities. IE has sandboxed mode (for 3+ years now), so does Chrome, Firefox still doesn't have sandboxing by default. Noscript is nice, but you get 95% of that by using Zones in IE (don't know about Chrome), that's why I stick with IE, if mozilla took security seriously their browser would be sandboxed, period.

Not really harder, just inconvenient. They would be too restricted.

 

[Wolfie]

If Micro$oft put half the effort into fixing their products, as they put into undermining and hacking other people's products; the world would be a much safer place....

 

[Azhar]

If Micro$oft put half the effort into fixing their products, as they put into undermining and hacking other people's products; the world would be a much safer place....

Haven't used a Microsoft product in awhile, haven't you?

 

[devil22]

You don't realize, not everyone is tech sauvy enough to even google for "wga crack" - also the activation code provides a way of knowing for sure if the software is pirated or legit, this doesn't concern the consumers much, but corporate customers can't pirate windows on their 15,000 workstations because it's auditable and one anonymous call from a disgruntled worker will cost them dearly. Seriously, you think MS, in this age of 6mbit connections in every city, should have absolutely no protection on their software? All software is crackable given enough time and effort, all you can do is try your best to make non-tech sauvy users have too hard of a time trying to figure out how to bypass it to make it worth pirating.

 

[devil22]

Damn I wrote sauvy twice, I meant suavy.

 

[Phoenix333]

Adblock Plus + Noscript = win. Oh, and Nuke Anything. I love being able to remove pictures of people or things I dislike when browsing news sites.