Tuesday, November 10, 2009

FireFox: more vulnerable, or just a bigger target?

Firefox Tops Vulnerability List
New study places Firefox at the top of vulnerability list for for the first half of 2009.
Application security vendor Cenzic today released its security trends report for the first half of 2009 application. In it, Cenzic claims that the Mozilla's Firefox browser led the field of Web browsers in terms of total vulnerabilities.

According to Cenzic, Firefox accounted for 44 percent of all browser vulnerabilities reported in the first half of 2009. In contrast, Apple's Safari had 35 percent of all reported browser vulnerability, Microsoft's Internet Explorer was third at 15 percent and Opera had just six percent share.

The 2009 figures stand in contrast to Cenzic's Q3/Q4 2008 report, where IE accounted for 43 percent of all reported Web browser vulnerabilities and Firefox followed closely at 39 percent.

As to why Firefox's numbers were so high, Cenzic has a few ideas.

"It's a combination of different things," Lars Ewe, CTO of Cenzic, told InternetNews.com. "They've gotten more traction as a browser, which is good for them and the more you get used the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins."

[...]

Though Firefox had the highest number of vulnerabilities, that doesn't necessarily mean that Firefox users were more vulnerable. [...]

It goes on to explain how the study was done, what they found and what it actually means. Higher usage means more vulnerabilities found more quickly. But how quickly the vulnerabilities are patched also counts toward the browsers overall security. I'm not worried about Firefox, I just find the report interesting.
     

No comments: