Jump to content

Symantec: Mozilla browsers more vulnerable than IE


method77

Recommended Posts

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report.

But the report, released Monday, also found that hackers are still focusing their efforts on IE.

The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows.

more...

Link to comment
Share on other sites

FireFox is more secure in the way it handles things like Java/Java Script.

It allows for far more customization allowing you to choose what you want to use and what not.

As for the kind of vulnerabilities that Symantec is talking about, that is out of the end user's hands.

It makes no difference anyway. No matter what browser you use, it can and will be exploited. It is a piece of software after all.

The frequency that Symantec refers to is nominal. It's not as though IE has far far fewer flaws and besides, flaws in IE are not reported as much (exploiters would keep it to themselves instead of helping MS) and are probably swept under the rug by MS if they catch it.

The open source nature of Mozilla means more bugs are found, which is a good thing as they will actually get fixed.

Link to comment
Share on other sites

Mozilla 'is in much better shape' than Microsoft when it comes to fixing security problems, claims the organisation

ZDNet:

Mozilla has reacted to a Symantec report issued on Monday which said serious vulnerabilities were being found in Mozilla's browsers faster than in Microsoft's Internet Explorer. The study was conducted over the first six months of 2005.

Tristan Nitot, president of Mozilla Europe, hit back by claiming on Monday that when a vulnerability is found Mozilla's "ability to react, find a solution and put it into the user's hands is better than Microsoft."

Nitot said that Mozilla's reaction time was faster than Microsoft's. "If you look at our ability to respond, we are in much better shape. On 6 September an IDN buffer issue was reported to Mozilla. On 8 September it was publicly disclosed. We ask our developers not to mention any problems until we have a fix for them, but for some reason he went public. On 9 September we had a configuration change that disabled the IDN problem, that users could implement manually, or they could use a patch. Within ten days we had a newer version that was fixed completely."

"If you look at Microsoft — this month they decided to skip a security patch," so any vulnerabilities won't be addressed, according to Nitot. "That's not the kind of thing that happens with us," he said.

He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

"Basically their vulnerabilities are more critical. With Firefox — yeah, you have holes, but they're much less serious." Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"

Ollie Whitehouse, a researcher at Symantec, thought that the results were surprising but were due to a number of factors, primarily the short uptake time for Firefox and the fact that it was open source.

"Firstly, there has been a wide adoption of Firefox in a short space of time. More security researchers and people with more nefarious motives have been able to look at the code base. Secondly, as Firefox is open source more people have access to the code base, so they are free to look for bugs. IE is closed source, and so it's more difficult to access the code."

"Rogue Web sites find Firefox is quite difficult to exploit because it runs on a large number of platforms."

When asked to comment on Nitot's point about the short timeframe of the study, Whitehouse responded, "Up until now Firefox has had a lot less holes [than IE] — but it has had a wider adoption in the last six months. It will be interesting to see whether this is a blip, or whether the trend will continue."

"As Firefox becomes more popular, it becomes a more attractive target. People who have swapped [from IE to Firefox], even if this is a blip, should ask whether the assumption that Firefox is more secure than IE is valid anymore. They shouldn't just rely on changing their browser, but may think about having to look at a different configuration."

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Our picks

    • Wait, Burning Man is going online-only? What does that even look like?
      You could have been forgiven for missing the announcement that actual physical Burning Man has been canceled for this year, if not next. Firstly, the nonprofit Burning Man organization, known affectionately to insiders as the Borg, posted it after 5 p.m. PT Friday. That, even in the COVID-19 era, is the traditional time to push out news when you don't want much media attention. 
      But secondly, you may have missed its cancellation because the Borg is being careful not to use the C-word. The announcement was neutrally titled "The Burning Man Multiverse in 2020." Even as it offers refunds to early ticket buyers, considers layoffs and other belt-tightening measures, and can't even commit to a physical event in 2021, the Borg is making lemonade by focusing on an online-only version of Black Rock City this coming August.    Read more...
      More about Burning Man, Tech, Web Culture, and Live EventsView the full article
      • 0 replies
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
×
×
  • Create New...