Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Internet Explorer has fewer security holes than Firefox

By Simon Bisson & Mary Branscombe in Editorial

Posted in Web browser, Firefox, Security, Internet, Microsoft on December 4, 2007 at 7:02 pm

Permalink | Author Profile

You type most of your passwords into it - and you type your credit card details into it every time you shop online. It’s how you unlock an iPhone so you can install applications on it. It’s the home of many of your applications and it’s the first avenue of attack for most malware. Really, if you wanted to be secure, you might never use a Web browser again.

You don’t have to be a hacker in the criminal sense to want to get around some security lockdowns. The latest iPhone cracker uses an image security issue in the Safari browser to open the system up. If you have a Buffalo NAS box you can use a security hole in the Web administration interface to make yourself root to install Perl so you can run SlimServer and get music onto your Squeezebox. I’d like to run SlimServer on something other than our main server - but I’m not cracking the security on our backup and media store to do it.

I’ve never switched away from IE to Firefox; originally it was because I had to have IE on my system for work and didn’t want the hassle of managing two browsers. Since IE 7 came out and I found IE 7 Pro I just haven’t bothered. It’s not perfect, but it’s good enough for me. Given that it took me five hours of browsing dubious sites and downloading known spyware to infect a machine running XP SP2 when I tried a few years ago, and given that everything that interested me in Firefox turned out to be Greasemonkey scripts (and I’m probably unfair to carry on thinking of that as a security problem waiting to happen, but I do), I’ve been assuming the security (dis)honours are about equal.

Jeff Jones at Microsoft has done another vulnerability survey, this time for IE and Firefox. Since Firefox 1.0 came out in November 2004, Mozilla has patched a total of 199 bugs: 75 high severity, 100 medium severity, 24 low severity. Microsoft has only patched 87 IE bugs in the same time (and we’re assuming fewer bugs patched is a good thing rather than avoiding the problem): 54 high, 28 medium and 5 low severity. Honours are more equal comparing just Firefox 2 and IE 7 for known bugs that haven’t been fixed: eight high severity bugs for Firefox versus ten for IE, 15 medium severity bugs

12345
Not yet rated
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Trackback by Dwain Hatchette - February 9, 2012 on 8:15 am

sopa glasses…

[…]the subsequent news from the courts is now anticipated in the […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

migration biometrics CPU RSA 2008 Delphi logitech CTO yahoo conferences 64-bit IIW2008b power atom Enterprise 2.0 tele atlas Asus Embarcadero DisplayLink regulations Windows Server 2008 identity theft IBM Sony design gamer offload Moonlight parallel computing mobile broadband thin client images wave disk todo list performance Bill Cheswick media center information cards WinHEC education BBC anti-patterns control panel IM developer gabriola old software context utility Facebook visualisation Trampoline usb system management international roaming GPU greenplum mobile ofcom network Gears WPF setup Windows Live history it pro Windows Server system center server private cloud MIX08 dual boot data loss upgrade tablet target meaning moblin Jeff Jones machine learning i-mate mobile data tariffs isps Ruby On Rails netbook productivity culture disaster recovery high performance computing Internet secure service oriented enterprise Clear RX HMT ikea Salesforce Google IO applications networks amazon windows 7 backhaul competition green printing patent cold fusion bolt Istanbul OEM database fibre wireless USB network Microsoft mainframe workflow mobile Linux rc RSS search ruggedized data tariff no signal cisco business continuity OQO ipv6 deperimeterization Live Mesh gaming virtualisation social engineering Ask.com user interface co-processor mash-up bug community flex wes anti-trust Ray Ozzie mobile network Nokia FUD evernote hyper-v vmware anti-virus Girl Geek Dinners calit2 dvi Tablet PC london Intel xT9 .NET desktop. PC accessories RIM optical interconnects business intelligence Trend Micro electricity price ClipMate venture capital geneva TouchSmart smartphone open source moscow identitity people privacy virtual desktop verdana SBS TechEd 2008 apps DOS bugs aws ipsec cracking Fire Eagle BES Google Spreadsheets Linux MING BT HSDPA voice project BlackBerry development VSSAdmin telecoms nvision08 beta infrastructure acquisitions market share geek tourism web 2.0 expo office Chrome ontier cellcrypt mms 2009 turing Reqall security theatre business Tripit hierarchical temporal memory enterprise architecture open accelerator Previous Versions search hibernation p2v Seagate T9 Dell netiquette MAX whitelist demo Internet Explorer Frauenhofer merger numbers 3G Acrobat Pro M&A beta test christmas Greasemoneky GPL Opera Hp 2710p semiotics distributed computing EMC malware DSL MacBook Air WEI phone management hardware Adobe virus citrix IO SapphireSteel Corsair mscape office politics Magny-Cours lost server emulator data centre transformation colossus teched cloud gameboard ec2 Netscape lockdown encryption data centre case Jeff Hawkins HSPA rtm police flash iPhone safend vulnerabilities Toshiba Portege R500 GPS flash drive politics camera annotation catalyst Wyse deborah adler geotagging fonts AuthenTec NexT Smartbook analytics mapping bea Tim Berners-Lee Windows 7 vs Windows Vista Vista Tablet Kiosk pgp ports magic IT automation user experience installation hdmi interoperability Active Directory 2.0 Motorola spam fighting HTML 5 how do I get the back off? Netscan SP1 winhec2008 IT value navteq application compatibility screencam OpenID timezones Express Gate collaboration DOSBox bombe connectivity robot O'Reilly Opsware T-Mobile installer Tom Hogan CardSpace exabytes RIA outlook office 2010 augmented reality conference Palladium email business model data geocaching microsoft security essentials Gartner security oracle HTC CUDA Volume Shadow Copy 2009 NGSCB exchange server sprawl power saving BitLocker business technology optimisation mythbusters Hugh Thompson Nuance voice recognition wubi management Skyfire designer Mercury CERN regulation Wimbledon spam WWW information rights management QWERTY navigation MWC griffin traffic software mysql Palm Xen ANR ultraportable mobility direct access ucsd Lenovo Apple radeon downturn keyboard claims ATI LiveID AskEraser screen DLP ribbon city identity metasystem Opteron Vodafone Credentica power cuts monitor Itanium wifi MacWorld 2008 natural interface utilities icons storage wildfire Large Hadron Collider multiple monitors html media TSA Pal drivers Internet Explorer 8 maps web Secunia RAZR Mini-Note transcoding clean install licensing Dopplr patch Tuesday Xobni browser future in review ballmerbot public cloud web2expo power supply pen computing AMD Visual Studio hard drive pre-boot pixetell isp g-1 instant messaging appzero NAS RBL SMB 2 troubleshooting rich client SKU processors d2c Google fingerprint scanner display microsoft research Loki Web 2.0 green IT fire eu support forensics credit crunch routing Safari dual display AIR cam security paradox phone settings october advertising consolidation LHC Bing O2 Numenta EEE adfs Treo Pro enterprise CIO benchmark demo09 relocation Mono webkit quiz NVIDIA remove back codec mobile working docking station UMPC Trolltech Beacon streaming media Mozilla Location business technology automation Silverlight netbooks macro Qualcomm cloud computing terabytes legislation OFCOM national museum of computing windows server 2008 r2 sun HP Firefox g-2 hacking tennis information bandwidth Quest SSD CES Google Sets amherst MIX IT transformation innovation etech macbook android lawsuit task bar Bill Gates Ruby MRDA firewall ubuntu social networking toshiba data loss prevention battery life hold music cloud service google online applications congestion charge insert SIM ADFS 2.0 hp microsoft research laptop switch Windows Mobile fingerprint windows futura Verbatim training bletchley park Crossfader iPass ProCurve Tombstone Objects Mark Hurd disk space cables cosmic rays mobile Barracuda Eee PC Protected View 965 thermo bbc iplayer IT policy appstore IDF goview trends video active digitiser legacy Java uninstall fault twitter
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement