Firefox more security holes than IE?

talk random
1

Just when you thought it was safe?

Mozilla Firefox has managed to rack up 10 security holes in 4 months compared to 7 security holes in Internet Explorer within 4 months. The statistics show that having a product that isn’t used by 1000s makes it “more secure” as less hackers/spammers need to attack it. As the release of XPSP2 has just finished up we should see less IE holes over the coming months but if this trend contines then where will Firefox be in 6 months time?

Source: Secunia

2

maybe firefox has the old IE security holes

3

that makes it even worse. To have someones old holes :trout:

4

One of them is not a security hole in mozilla, it’s a windoze security hole (the shell: protocol)

IE suffers from one of them as well (the XPInstall bug).

Many of the bugs listed on that page are technically possible to exploit, yet very difficult in practice - many of the IE bugs are easy to exploit.

Also, look at the past records. Everybody/thing has off months :wink:

5

As programs get more users, you are bound to get more people discovering security holes. Current usage statistics rank with FF with 4% vs IE with 95%.

6

I think it is amusing and wish to see the excuses as this becomes more prevalent. NJS pointed out that 1 of them holes is not really a hole. But what about the other 9…lol. FF was supposed to be hole free.

7

i agree with kirupa and ddd - the people so far using the software want to keep it untainted, however as it joins the mainstream these will become more and more prevalent.

8

FF was supposed to be hole free.

I don’t think that can ever be done.

9

Agrees^^^

10

FF is open source and therefore the holes are fixed sooner & faster and it’s a good thing that ff is patched up faster :wink:

11

No software is hole free (except software that doesn’t have security holes because they don’t apply, like some GUI apps for instance). Every software has bugs. Bugs are a fact of life. Some software is more buggy than others. Open source as a model has been shown to be good at preventing extremely buggy software, but it doesn’t eliminate bugs as a whole. It just makes them quicker & easier to patch, and causes less of them (generally) because all code is reviewed a few times.

12

Good point NJS
I just want to be around when FF becomes a largely used browser and here the complaints. Because it is talked about like it is the second coming of Jesus or something. Like all problems will go away with this browser. I share the same sentiments as you do. Which is a realistic one. The holes will be more apparent as the browser is widely accepted. But let the M$ haters say it. There wil be no holes and it is the best browser int he world…lol.

13

theres a exploit on firefox to install a malware toolbar but the funny thing is it doesnt install into firefox. it installs it to ie :slight_smile:

14

I’ve been using Mozilla since about a month before Firefox’s release. Is this valid information or is it just bull?

15

Well… in general there are less actual “in the wild” exploits for FF, so your chances of getting hacked (realistically) are lower than with IE.

16

Basically it all comes down to this…

As FF gets used more and more, more people will try to exploit the holes that are found within. I’m pretty sure hackers / hole-diggers are not even putting 5% to finding these holes right now because the lack of majority in usage across the boards…

Then again, like stated above, no program can ever be 100% perfect… :slight_smile:

17

The thing is, there are hundreds of people hacking the code base that are putting 100% into the finding of holes :wink:

18

But still not as hard as they are with ie though… IE is being rocked by so many angles to try and find everything wrong with it that I’m surprised that it has made it this far with the way it is.

Comparing hundreds of people to a at the least thousands of people is a big jump as well…

I mean, come on… If you were going to write a major exploit right now njs, and try to take the most advantage of everyone out there… Which would you be more focused into routing through… FF or IE?

19

Yes, you’d write it for IE. But… but… it’s much easier to find holes if you have the source code, meaning that bugs are easier to fix, and the trivial bugs have already been fixed, and people are working on the harder ones. Hell, half the exploits that are discovered are discovered by people working inside the Mozilla Foundation.

20

“Hell, half the exploits that are discovered are discovered by people working inside the Mozilla Foundation.”

Further proof that there are so few people actually savagely scouring for firefox exploits in the first place. If the majority of the issues are found by the people actually making the software, it’s a safe bet that there aren’t many others hunting them. Hence the entire concept of public beta testing of software.

How many known bugs in flashmx2004 do you expect would as yet be undiscovered if 96% of the current flash users instead used a competing product? And, to tell you the truth, that’s a false analogy… because quite the minority of those actually using firefox are prowling for security holes and issues.