Report: Firefox buggier, but issued fixes quicker

Discussion in 'other software & services' started by Thankful, Mar 6, 2009.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
  2. tlu

    tlu Guest

    Secunia is a respected company but their comparison is a little bit like comparing apples and oranges.
    1. IE (and Opera) is closed source software, Firefox is open source software. Everybody can look into the sourcecode of Firefox and possibly detect security leaks while nobody can look into the sourcecode of IE. You can only test IE against specific threats and try to find out if it's vulnerable. But you can never be sure if there are other vulnerabilities in the sourcecode.
    2. Mozilla publishes all vulnerabilities in Bugzilla, even the ones detected by their own developers. Microsoft surely searches internally for IE vulnerabilities, too, but it's very doubtful that they publish their internal findings. It's probable that many bugs have been fixed in IE which have never been published before or after.
    3. Firefox 3 is still relatively new software. Large parts of the code are completely rewritten compared to FF 2. For new software it's rather normal that there are more bugs (which are fixed rather fast as Secunia confirms). IE7, on the other hand, is actually more a higher patchlevel of IE5. If you look into the Secunia site for details you'll find that nearly all vulnerabilities in IE7 also exist in IE5. That means that these vulnerabilities are several years old. This says something of the quality of its sourcecode and of Microsoft's internal quality process.

    Having said that, it's obvious that all browsers have their vulnerabilities and it's important to always use the newest version. And it's also very important to block active content by default as many vulnerabilities are related to bugs in ActiveX (which isn't used in Firefox and Opera at all), Javascript and plugins. This is difficult to accomplish in IE on a by-site basis but much easier and more comfortable in Firefox (with Noscript) and Opera.
     
    Last edited by a moderator: Mar 6, 2009
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    There is some good information on how to make your browser of choice more secure here.


    :D
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Couldn't have said it better myself.

    And if that track record is any indication of whats yet to come, not only in the IE browser field, the Operating Systems they intend to roll out are going to follow suit in some similar manner, and the beat goes on in that camp.

    EASTER
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Article
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    That may very well be a prophecy in the making but time will surely tell if FF can safely be soldily secured eventually.

    Heres hoping.

    Thanks ronjor
     
Loading...
Thread Status:
Not open for further replies.