News Secunia: Firefox most vulnerable browser

http://www.bit-tech.net/news/bits/2009/04/16/secunia-firefox-most-vulnerable-browser/1

Security firm Secunia has named Firefox as the most vulnerable browser out there after totting up the number of vulnerability reports it published throughout 2008.

 

The fact that having the most security holes doesn't actually equal being the most vulnerable makes this whole thing very misleading. It's bad statistics when the variables give such subjective results. I'd be a bit pissed off with Secunia if I were Mozilla.

 

So just because Firefox announced more vulnerabilities than anyone else, surely makes them more secure, as they're patching them, where as IE are ignoring them.

Stupid research. God I hate bad statistics.

 

Blasphemy!!

 

You must NEVER question Danish research quality. It's the world's best!

By the way, that was sarcasm...

 

Yes it was... I love FF, if it wasn't for it, we would still be in the internet with IE6,2 or something. They really rocked the place. I just think that they should come back to a "light" FF... It's becoming heavier at every update...

 

They did nothing of the sort. If you actually read the report, they simply give the number of vulnerabilities, along with some other statistics, for each browser. No conclusions are drawn - in fact, they note that the statistics necessarily include only those vulnerabilities publicly disclosed.

 

yay for opera

 

which is what research and reporting is..... try doing a degree or a PhD, thats all you will spend 3+ years doing as well as drink till your kidneys hurt

 

at least firefox is a honest browser. i like that.

 

Open source, and higher disclosures.

Comparing the disclosed security vulnerabilities from open source projects to proprietary projects is completely ridiculous.

 

Is it bearded too?

 

I think the number of machines compromised through FF compared to IE would give a much more accurate account of which browser is safest.

I agree though that FF is getting more and more bloated which allows more and more avenues for attack and exploits to be found.

 

I think the number of machines compromised through FF compared to IE would give a much more accurate account of which browser is safest.

I think this sentence gets to the meat of the issue.....right on airchie

 

Didn't a similar report come out a while ago? Conclusion is basically that proprietary products are made by companies which have a vested interest in not revealing how many vulnerabilities they have.

 

ActiveX gets a from me.


Anyway, I think the better way to measure browser safety would be measuring something like how many % of the vulnerabilities are patched within a set period of time.

 

I would have to agree with these findings. If you ever actually bother to look at the fixes though you will notice almost all security problems are due to javascript in one way or another. That's why I use noscript + adblockplus. That combo makes almost all javascript vulnerabilities just bounce off you like a raindrop on glass. I wont stop using firefox. BTW I have seen plenty of firefox browsers with spyware toolbars. Myway is one of them, the search results skew to things that will give you more malware also. Too bad large OEM's package that **** on new computers, I can smell a lawsuit.

 

NoScript+FF=Win tbh

Its unfortunate that so much of the nice features we rely on in turn rely on scripting.
Still, its better than activeX...

 

Well, almost all "Web 2.0" content relies on AJAX. Take a wild guess what AJAX actually is...

 

Indeed it does, but the thing is that scripting really doesn't need to be accessing the domain xycb9865.zxcvb.1vnfv.cn in order to work. That is where noscript comes in. Blocking all sites that are not specifically allowed hence making the virus code unable to do anything useful. While the allowed code on the allowed domain runs just fine. I use all the popular javascripty sites and have zero problems.