The number of security vulnerabilities in Microsoft’s Internet Explorer Web browser were so numerous for so long that it was routinely flagged as the most vulnerable Web browser on the market—in no small part because it was also the most widely-used browser on the market. However, competitors like Firefox have been gradually eroding Microsoft’s browser share…and now they’re starting to feel more security pressures themselves. In fact, Web security firm Cenzic has just released its application security vulnerability report for the first half of 2009 (PDF), and guess what browser tops the list? Firefox.
According to Cenzic, some 44 percent of the browser vulnerabilities uncovered in the first half of 2009 were in Firefox. Apple’s Safari Web browser came in second with 35 percent, while Internet Explorer came in third place with 15 percent. Opera managed a fourth place finish with 6 percent of browser vulnerabilities found during the first half of the year.
Cenzic notes that the percentage of vulnerabilities reported for Safari is mainly due to problems found in the iPhone’s version of the browser, rather than the desktop version for Mac OS X and Windows.
The figures are a marked change from the second half of 2008, when Internet Explorer accounted for 43 percent of reported browser vulnerabilities—although even then, Firefox wasn’t far behind, with 39 percent.
Firefox’s plug-in architecture is widely seen as one of Firefox’s weakest points; Mozilla has recently launched a plug-in checking service to help users make sure they’re using the latest versions of plug-ins, and the organization released key updates in April 2009 to address several plug-in vulnerabilities.
Cenzic’s analysis doesn’t make any distinction between security vulnerabilities that were corrected and vulnerabilities that have actually been exploited in the real world, which means that although Firefox had the most vulnerabilities reported, that doesn’t actually mean its the least secure browser…or that Opera is the most secure.