Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Internet Explorer has fewer security holes than Firefox

By Simon Bisson & Mary Branscombe in Editorial

Posted in Web browser, Firefox, Security, Internet, Microsoft on December 4, 2007 at 7:02 pm

Permalink | Author Profile

You type most of your passwords into it - and you type your credit card details into it every time you shop online. It’s how you unlock an iPhone so you can install applications on it. It’s the home of many of your applications and it’s the first avenue of attack for most malware. Really, if you wanted to be secure, you might never use a Web browser again.

You don’t have to be a hacker in the criminal sense to want to get around some security lockdowns. The latest iPhone cracker uses an image security issue in the Safari browser to open the system up. If you have a Buffalo NAS box you can use a security hole in the Web administration interface to make yourself root to install Perl so you can run SlimServer and get music onto your Squeezebox. I’d like to run SlimServer on something other than our main server - but I’m not cracking the security on our backup and media store to do it.

I’ve never switched away from IE to Firefox; originally it was because I had to have IE on my system for work and didn’t want the hassle of managing two browsers. Since IE 7 came out and I found IE 7 Pro I just haven’t bothered. It’s not perfect, but it’s good enough for me. Given that it took me five hours of browsing dubious sites and downloading known spyware to infect a machine running XP SP2 when I tried a few years ago, and given that everything that interested me in Firefox turned out to be Greasemonkey scripts (and I’m probably unfair to carry on thinking of that as a security problem waiting to happen, but I do), I’ve been assuming the security (dis)honours are about equal.

Jeff Jones at Microsoft has done another vulnerability survey, this time for IE and Firefox. Since Firefox 1.0 came out in November 2004, Mozilla has patched a total of 199 bugs: 75 high severity, 100 medium severity, 24 low severity. Microsoft has only patched 87 IE bugs in the same time (and we’re assuming fewer bugs patched is a good thing rather than avoiding the problem): 54 high, 28 medium and 5 low severity. Honours are more equal comparing just Firefox 2 and IE 7 for known bugs that haven’t been fixed: eight high severity bugs for Firefox versus ten for IE, 15 medium severity bugs

12345
Not yet rated
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Trackback by Dwain Hatchette - February 9, 2012 on 8:15 am

sopa glasses…

[…]the subsequent news from the courts is now anticipated in the […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Qualcomm vulnerabilities power saving BitLocker how do I get the back off? HSDPA Tim Berners-Lee ProCurve greenplum battery life CUDA london ucsd futura isp IDF IT transformation Dell national museum of computing Seagate Adobe Opteron codec mash-up control panel geek tourism windows 7 Motorola quiz user interface legislation security demo09 disaster recovery identity theft demo yahoo training Silverlight mythbusters T-Mobile Visual Studio utilities 64-bit ontier goview no signal office politics cam SSD switch outlook lost server office 2010 teched Windows Server 2008 search wireless USB mapping NAS maps MING robot cables geotagging hold music analytics Tablet Kiosk ANR identitity power smartphone bombe VSSAdmin bug venture capital dual boot Windows Live MIX Asus phone management g-1 christmas processors task bar competition webkit accelerator HTML 5 old software TouchSmart co-processor BBC privacy forensics Bing design office toshiba GPU Greasemoneky isps flex spam fighting WinHEC d2c logitech malware biometrics amherst 2.0 mobile ofcom network cloud service google online applications information rights management Netscan relocation troubleshooting AIR data centre transformation Tom Hogan aws griffin windows Firefox innovation distributed computing mobile broadband data loss exabytes streaming media security theatre Tripit Previous Versions routing Windows Server Credentica flash screencam applications media center DOSBox remove back todo list ClipMate Mini-Note O2 BlackBerry dvi mobile working radeon machine learning lawsuit business Pal CTO police Mozilla conferences IM BES Java Live Mesh mobile uninstall visualisation active digitiser AuthenTec appstore MIX08 Apple usb accessories macro netiquette BT credit crunch video spam TechEd 2008 web2expo wes ec2 virus IO OEM direct access moblin Embarcadero hacking business model hierarchical temporal memory Delphi Opsware citrix pen computing 2009 target Gartner IBM navteq Mercury apps Ray Ozzie Nuance ruggedized congestion charge project Mark Hurd eu Crossfader macbook Acrobat Pro html CardSpace community LiveID gamer web drivers gameboard display fingerprint LHC Windows 7 vs Windows Vista city thin client server sprawl Internet Explorer 8 HSPA mobile Linux monitor system center service oriented enterprise Express Gate wildfire Loki ATI AMD pixetell Corsair Salesforce wifi Safari Dopplr UMPC desktop. PC .NET IT automation benchmark conference Volume Shadow Copy Netscape ultraportable Google Toshiba Portege R500 screen bea icons multiple monitors high performance computing Istanbul claims transcoding market share cellcrypt productivity DOS Nokia hibernation Trend Micro SBS green IT Bill Cheswick data tariff bbc iplayer Google Sets colossus Quest ikea OQO installer clean install Xen Jeff Jones browser virtual desktop telecoms microsoft research DSL Verbatim case etech october wave business technology optimisation regulations WPF hyper-v CPU keyboard Jeff Hawkins MacBook Air netbook timezones voice Moonlight Ruby On Rails acquisitions geneva instant messaging terabytes Bill Gates infrastructure emulator connectivity SP1 rich client MRDA WWW politics ipsec support xT9 business continuity designer it pro bletchley park CERN Microsoft TSA mms 2009 education RBL Tombstone Objects management database future in review annotation oracle Large Hadron Collider power cuts safend fibre turing email beta test Palm navigation Xobni Secunia anti-patterns meaning Vodafone context Fire Eagle mobility ribbon hard drive public cloud trends advertising Intel MWC fingerprint scanner ports encryption pre-boot culture gabriola Palladium business technology automation disk mobile network NGSCB pgp setup identity metasystem WEI Wimbledon 3G Facebook storage Smartbook deperimeterization rc hp microsoft research Vista Linux EEE traffic geocaching mysql augmented reality Skyfire anti-trust collaboration insert SIM business intelligence fonts 965 Web 2.0 social networking ubuntu evernote mainframe AskEraser android Ruby Gears Ask.com tele atlas thermo fault regulation tennis NexT Enterprise 2.0 rtm user experience Mono performance private cloud Magny-Cours open source Frauenhofer microsoft security essentials security paradox interoperability RAZR Girl Geek Dinners camera winhec2008 information cards enterprise architecture utility docking station hardware FUD Protected View Windows Mobile p2v cisco parallel computing cracking Internet Explorer hdmi Reqall netbooks SapphireSteel SMB 2 virtualisation DLP upgrade offload HTC Google IO QWERTY patch Tuesday Chrome bolt system management voice recognition information Numenta networks CES merger Tablet PC Hugh Thompson legacy Trampoline adfs i-mate cloud computing bandwidth dual display RSS search iPass enterprise application compatibility CIO numbers Wyse nvision08 catalyst migration Treo Pro fire development power supply windows server 2008 r2 MacWorld 2008 people O'Reilly moscow GPS DisplayLink Opera Trolltech Internet twitter ipv6 whitelist consolidation mscape verdana magic NVIDIA Sony IT policy international roaming anti-virus tablet network developer sun natural interface phone settings deborah adler downturn workflow cosmic rays calit2 atom Clear RX ADFS 2.0 MAX Location Eee PC RSA 2008 cold fusion data loss prevention images amazon optical interconnects open ballmerbot server flash drive semiotics patent g-2 EMC bugs data Beacon web 2.0 expo secure electricity price OpenID beta T9 lockdown RIA vmware installation data centre SKU Barracuda cloud appzero RIM green printing iPhone exchange Hp 2710p backhaul firewall Itanium Lenovo Google Spreadsheets GPL IIW2008b OFCOM media social engineering wubi IT value history laptop M&A Active Directory gaming mobile data tariffs HP disk space HMT licensing software
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement