Firefox accounts for almost half of all browser vulnerabilities. Mozilla’s finest is responsible for 44 percent of all browser flaws, Apple’s Safari takes second place with 35 percent, while the traditionally-reviled Internet Explorer only accounts for 15 percent of browser bugs.
In the first six months of 2009, California-based web security company Cenzic says Mozilla’s browser had the largest percentage of web vulnerabilities, with Safari second, Internet Explorer third and Opera fourth on six percent.
You can download the Cenzic report here.
“It’s not rocket science,” says Lars Ewe, Cenzic’s chief technology officer. “We used several databases, including the CVE (common vulnerabilities and exposures) database to count the number of known vulnerabilities.
“[But] at the end of the day, the number of vulnerabilities is only one measurement of a browser’s security,” adds Ewe. “We’re not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this.”
Mozilla claims the huge number of vulnerabilities is due to Firefox’s increasing popularity amongst hackers and other miscreants. “Firefox clearly has some a momentum,” said a spokesperson. “When you gain momentum, you’re exposed more to security researchers and hackers.”
But it’s not just Mozilla that’s ended up with egg on its face. Although ‘only’ accounting for 35 percent of all vulnerabilities, Safari, including the cut down version for the iPhone, boasts a rather desultory four percent market share, making the flaws : user ratio rather unimpressive. IE, by comparison, has 65 percent of the market and just 15 percent of the flaws.
But Cenzic points out that all browsers still have room for improvement. Added Ewe: “They have to choose between usability and security, and user-demanded behavior that makes them choose usability over security. That being said, all are trying to be better.”
Web metrics company Net Applications puts IE as the most-used browser, with about 65 percent of the market, followed by Firefox with 24 percent, Safari with 4.4 percent, Google’s Chrome with 3.6 percent and Opera with 2.2 percent.
Perhaps, in the interests of consumer choice, the EU’s browser ballot screen should carry details of the number of security issues associated with each of the browsers on offer.