PDA

View Full Version : Firefox not that safe



Argos
2006-Sep-26, 01:10 PM
**********Link (http://arstechnica.com/news.ars/post/20060925-7818.html)**********


According to the most recent update to security-firm Symantec's biannual Internet Security Threat Report, the last six months saw a significant uptick in the number of security vulnerabilities found in web browsers. Leading the way was Firefox, with 47 bugs discovered. Researchers and hackers discovered 38 vulnerabilities in Internet Explorer, 12 in Safari, and seven in Opera.

paulie jay
2006-Sep-26, 01:15 PM
Awwwww damn! 47 bugs? :eek:

Moose
2006-Sep-26, 02:03 PM
Uh huh. And exactly how severe are these bugs, and how long have they been outstanding?

By my observations, Firefox bugs tend to be minor and fixed within days if not hours.

IE bugs tend to be major security holes, and it's not unusual to have certain bugs open for 4-6 months, or longer in certain notorious cases. Lately, third parties (http://www.theregister.co.uk/2006/09/25/unofficial_ie_patch/) have been releasing bug fixes for some of IE's older flaws.

Kebsis
2006-Sep-26, 03:07 PM
I've used Opera for some time now, and I find it to be my favorite browser so far. It's underrated.

GDwarf
2006-Sep-26, 07:34 PM
A quick note:
These are new bugs, not total.
No mention is made of how sever they are, most reports agree that IE's bugs are orders of magnitude above FF's.
Finally, I say they should recheck in a month, odds are that FF will have most of it's bugs fixed, IE will have none.

Moose
2006-Sep-26, 09:46 PM
From the link in the OP, and answering my own question:


The numbers cover a six-month period from January 1 through June 30, 2006.

[...]

When it comes to patching, all of the browsers are improving. Firefox is the fastest to get its patches out, with a one-day window of exposure. Opera had a two-day window of exposure, down from 18 days during the last half of 2005. The window of exposure for Safari is up to five days (from zero), while Internet Explorer typically has a nine-day window, down from 25 days in the previous study.

I have to grant that Mickeysoft has been improving over the past year on this score.

The other hole in this statistic, and GDwarf has brushed close to this point, is that while this statistic is new vulnerabilities reported, the real question is how many bug reported in earlier periods remain outstanding? I've already pointed out two serious long-standing bugs in IE from the El Reg link above.

I know this isn't saying all that much, but I'm not aware of any non-trivial, outstanding flaws in either Firefox or Opera. (Granted, though, I don't follow Opera news very closely.)

Kebsis
2006-Sep-27, 12:17 AM
Safari is the Macintosh browser, right? Are they talking about the Mac version or a version for PC? Is there a Safari for Windows?

weatherc
2006-Sep-27, 01:27 PM
Safari is the Macintosh browser, right? Are they talking about the Mac version or a version for PC? Is there a Safari for Windows?Nope. Safari is Mac only, developed by Apple itself (because at the time it was developed, there weren't any decent web browsers for the Mac; that has changed quite a bit since then). As a Mac user, I happen to use Firefox, but Safari is pretty usable for most sites.

Moose
2006-Sep-27, 01:35 PM
There are Safari extensions/skins for Firefox and Firebird, however. Just search on Safari for Windows and you'll find links and reviews. Doesn't affect the vulnerabilities, though, just the look.