Firefox is the most vulnerable browser, says Sourcefire

By Danny Palmer
04 Mar 2013 View Comments
Mozilla Firefox logo

Internet Explorer's poor reputation for security is undeserved, with Mozilla Firefox actually the most vulnerable internet browser in common usage.

That's according to research by network security solutions provider Sourcefire, which examined vulnerability data from the past 25 years.

Further reading

In the Common Vulnerability Scoring System (CVSS) framework, factors including the location of the vulnerability, what it affects and whether confidential data is at risk are combined to give a CVSS score: Low (0-4), Medium (4-7) High (7-9) or Critical (10). Mozilla Firefox came out of the research as the browser with the highest number of "critical" vulnerabilities, and second in terms of both "high" and total vulnerabilities.

"One of the conclusions that we saw was Internet Explorer's bad reputation might not be completely deserved because Firefox actually has a lot more vulnerabilities than [Microsoft] Internet Explorer," Dr Yves Younan, senior research engineer in Sourcefire's Vulnerability Research Team and author of the report told Computing.

"Firefox is the one with the most critical vulnerabilities: 174 over the period we looked at. Then we found that actually the top three products are Mozilla products, so SeaMonkey and Thunderbird are numbers two and three. Because they share code bases, the same vulnerabilities will be in all these products from Mozilla," said Younan.

Of Firefox's main competitors in the browser market, Google Chrome was found to have the second highest number of critical vulnerabilities (95), followed by Internet Explorer then Safari.

Younan also told Computing that Abode's Flash Player may also be undeservedly getting the blame for poor security.

"Another interesting thing we saw is although Flash Player has a bad reputation for security, it's actually only number five in the critical vulnerabilities list," he said.

Sourcefire also tested mobile operating systems and discovered Apple iOS for iPhone has more vulnerabilities overall than its three main rivals combined.

"iPhone had a total of 210 vulnerabilities, followed by Android with 24, Windows 14 and BlackBerry with 11. So even though Android has a larger market share, it actually has fewer vulnerabilities than iPhone," said Younan, adding that Google Android is subject to more malware "due to its open system and fragmented OS."

According to Sourcefire, the way to prevent vulnerabilities in software on all systems and products is to improve the quality of the code they're built upon.

"The best approach is better programming: better quality control that adheres to programming standards. Making sure that programmers don't use vulnerable functions," said Younan. 

Adobe Flash Player and Oracle's Java are among products that have suffered from security scares in recent months because of vulnerabilities within their code.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 9 - what do you want?

What would your business require from Windows 9 "Threshold" to make it an attractive proposition?

32 %
4 %
8 %
7 %
49 %