Firefox hit by fewer flaws than IE in 2006

• READ
• COMMENTED
• SHARED

• Exclusive: Gen-i to launch iPhone sales, support
• No mandate for all-of-government tender
• PC assemblers eye massive govt tender
• FryUp: ACTA warmup
• Hosted Drupal CMS planned for midyear

• Deskop Linux is still not happening
• CallPlus unbundles Hamilton, offers 'data banking'
• IE9 proves Microsoft is back in the browser battle, says analyst
• Gen-i to launch iPhone sales, support
• Government outlines rural telecommunications plan

• ‘Veneer’ of integration likely for Auckland
• Exclusive: Gen-i to launch iPhone sales, support
• CallPlus unbundles Hamilton, offers 'data banking'
• Some subtle tips for standout interviews
• Health Ministry staff await word on their future

 

• Tailored enterprise security solutions needed: Trend Micro
• Rent-a-CIO
• Chink in the mobile-phone duopoly
• NASA’s tips for a stellar social media policy
• Tweeps and Facebook friends, let's smarten up

 

• SUBSCRIPTIONS
• NEWSLETTERS
• NEWSFEED

Computerworld is New Zealand's only specialised information systems fortnightly.

Subscribe now for $97.50 (24 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Subscribe to Computerworld's
RSS newsfeed here and get news stories as they break.

According to Symantec's tally, 40 Firefox vulnerabilities were disclosed between August and December 2006; Internet Explorer (IE), meanwhile, was hit with 54 bugs. Opera and Safari -- the browser Apple bundles with Mac OS X -- had four flaws each.

For all of 2006, however, the numbers were nearly neck and neck: Firefox was nailed by 87 flaws during the 12 months, IE by 92.

The trend line also put Firefox in the better light. The open-source browser had 15% fewer vulnerabilities in the second half of the year compared to the first, while IE's total increased 42% during the period.

"Internet Explorer was particularly affected by concerted efforts to 'fuzz' the browser for new vulnerabilities," says the Symantec report, which cites July's 'Month of Browser Bugs' project as a big contributor. "The majority reported affected Internet Explorer or Windows components accessible through the browser," says Symantec.

To add insult to injury to IE, Mozilla developers patched Firefox five times faster than did Microsoft's. On average, Firefox had an attack exposure window -- the amount of time between the disclosure of a bug and when it was patched -- of just two days based on a sample set of 26 flaws. By comparison, Microsoft took an average of 10 days to patch the sample 15 vulnerabilities. Both vendors' attack windows were a day longer in the second half of the year than in the first six months.

"Web browsers continue to be the big exploit area," says Vincent Weafer, senior director of Symantec's security response team "And they will increasingly be more important as more data reside on the back end, as web applications become more popular."

The most recent data pegged IE's market share at 79.1%and Firefox's at 14.2%. Safari and Opera came in third and fourth, respectively, with 4.9% and 0.79%.

Symantec's twice-annual internet security threat report can be found on the Cupertino, Calif., company's website.