Broken Record: Firefox Bugfixes

Posted on 7 March 2009 by Thom

Every time an update to Firefox is released, I hear the same conversation:

“Oh no, does this mean Firefox isn’t secure?”
“I think so…  There were six critical vulnerabilities in this release!”
“Did you know that more vulnerabilities were reported for Firefox last year than for any other browser?  Firefox had four times more vulnerabilities than Internet Explorer?”
“ROFL that’s why I just use IE.”

I really do hear this conversation every time, and unfortunately it’s an apples-to-oranges scenario.

Myth:

Because Firefox has so many vulnerabilities and bugfixes, it must not be as secure as people think.

Fact:

Firefox has so many publicly disclosed vulnerabilities because it is the most popular open-source browser.  This means thousands of people can look at the program code and see where there are vulnerabilities.  Compare this to IE, where only Microsoft programmers have access to the raw code.  If they discover a vulnerability, they don’t have to report it or even patch it until it becomes an active threat.  I’m guessing, in most cases, they don’t patch any but the most serious vulnerabilities, because it’s a waste of man-hours to attempt to perfect an old version of the browser.  (Most of their resources are probably focused on Internet Explorer 8 at this point.)

So of course Internet Explorer will have fewer disclosed vulnerabilities…  However, I’m willing to bet that a very high percentage of these vulnerabilities are actually exploited by hackers.  As for Firefox, the public bug tracker might be loaded with reported vulnerabilities, but I can count on a single hand the number of times these have translated to an actual, real-world exploit on the loose.

And more bugfixes is a good thing–it means Firefox is being patched and made secure more quickly than IE and other browsers.

If you still need convincing, try this:

  • Ask 10 Firefox users and 10 Internet Explorer users how frequently they have been infected by a virus or spyware in the past year.
  • Ask 10 Firefox advocates, who have forced their families and friends to switch to Firefox, if their family’s computer woes have increased or decreased since the change.

I have switched my entire family over, and the only one who’s had problems is my Aunt, whose kids were smart enough to create an administrator account for themselves and undo the security I put in place, but not, apparently, smart enough to forego Internet Explorer.  I’ve run Firefox for the past five years at work, and the only time I’ve gotten a virus is the five minutes I loaned my laptop to someone else, after which they handed it back with…  sigh…  Internet Explorer up and running.  Do the math.

This entry was posted in Broken Records, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *