Firefox Now The Most Vulnerable Browser?

November 9, 2009 By Geoff Duncan

Where Internet Explorer used to rule the roost, Web security firm Cenzic says Firefox topped the list for total vulnerabilities in the first half of 2009.

The number of security vulnerabilities in Microsoft’s Internet Explorer Web browser were so numerous for so long that it was routinely flagged as the most vulnerable Web browser on the market—in no small part because it was also the most widely-used browser on the market. However, competitors like Firefox have been gradually eroding Microsoft’s browser share…and now they’re starting to feel more security pressures themselves. In fact, Web security firm Cenzic has just released its application security vulnerability report for the first half of 2009 (PDF), and guess what browser tops the list? Firefox.

According to Cenzic, some 44 percent of the browser vulnerabilities uncovered in the first half of 2009 were in Firefox. Apple’s Safari Web browser came in second with 35 percent, while Internet Explorer came in third place with 15 percent. Opera managed a fourth place finish with 6 percent of browser vulnerabilities found during the first half of the year.

Cenzic notes that the percentage of vulnerabilities reported for Safari is mainly due to problems found in the iPhone’s version of the browser, rather than the desktop version for Mac OS X and Windows.

The figures are a marked change from the second half of 2008, when Internet Explorer accounted for 43 percent of reported browser vulnerabilities—although even then, Firefox wasn’t far behind, with 39 percent.

Firefox’s plug-in architecture is widely seen as one of Firefox’s weakest points; Mozilla has recently launched a plug-in checking service to help users make sure they’re using the latest versions of plug-ins, and the organization released key updates in April 2009 to address several plug-in vulnerabilities.

Cenzic’s analysis doesn’t make any distinction between security vulnerabilities that were corrected and vulnerabilities that have actually been exploited in the real world, which means that although Firefox had the most vulnerabilities reported, that doesn’t actually mean its the least secure browser…or that Opera is the most secure.

Showing 8 comments

Mozilla names Gary Kovacs new CEO (Digital Trends) | techkochi.com at 6:16am 19th October 2010 [...] While once known as the most lean and secure browser, its reputation in recent years has lagged. The successful launch of Firefox 4 among computing and mobile platforms will be Kovac’s first [...]
Mozilla names Gary Kovacs new CEO at 10:06am 15th October 2010 [...] While once known as the most lean and secure browser, its reputation in recent years has lagged. The successful launch of Firefox 4 among computing and mobile platforms will be Kovac’s [...]
DANNY CONWAY at 1:57pm 24th July 2010 i agree. i just got a virus on fire fox that sent all my data to a third party. i had to change all my passwords. a real pain in the as.
The Ides of December at 4:23am 3rd December 2009 Of course the Firefox and Apple apologists will come out in force on this. When IE was consistantly the least secure browser NOBODY question the data. BUt now that FF and Apple topthe list, of course the data is false, misleading, and the result of shady security companies. The facts are this: Criminals will exploit anything. So it only makes sense that as FF and Safari usage grows so will the number of cyber criminals that target them.
Ian Bell at 2:26pm 9th November 2009 It made sense to me. Vulnerable doesn't mean it's the least secure.
Ian Bell at 2:26pm 9th November 2009 These security firms are shady, they expose leaks and then ask the companies to hire them to fix them. MY questions: Were they really leaks in the first place, or were they just simply hacked?
Veri at 1:29pm 9th November 2009 All the document contains are a list of percentages with no explanation of what they consider a vulnerability. Are extensions included for instance?

It's better to go to their security center rather than enlist the help of this scammer like company.
http://www.mozilla.org/security/
TamaracGuy at 9:38am 9th November 2009 "which means that although Firefox had the most vulnerabilities reported, that doesn’t actually mean its the least secure browser". If that's true, then why the title of "Firefox Now The Most Vulnerable Browser?" Comeon guys, how about learning to come up with titles like real reporters?