Number Of Browser Vulnerabilities Rising, Firefox leads the pack

Software, Cloud and Development Software & Tools
1

http://img154.imageshack.us/img154/8927/vulnerabilitieszr8.png

According to the most recent update to security-firm Symantec’s biannual Internet Security Threat Report, the last six months saw a significant uptick in the number of security vulnerabilities found in web browsers. Leading the way was Firefox, with 47 bugs discovered. Researchers and hackers discovered 38 vulnerabilities in Internet Explorer, 12 in Safari, and seven in Opera.

The numbers cover a six-month period from January 1 through June 30, 2006. Symantec says its data comes from over 40,000 sensors the company has deployed around the world as well as its database of vulnerabilities.

In addition to leading the pack in sheer number of vulnerabilities, Firefox also showed the greatest increase in number, as the popular open-source browser had only logged 17 during the previous reporting period. IE saw an increase of just over 50 percent, from 25; Safari doubled its previous six; and Opera was the only one of the four browsers monitored that actually saw a decrease in vulnerabilities, from nine to seven.

Looking at the data, it is apparent that one’s choice of browser does not automatically confer invulnerability while surfing the web. Security through obscurity—which has been a popular strategy with some users—doesn’t guarantee safety. That said, Internet Explorer remains the most popular target for attacks, with 69 percent of all browser attacks targeted specifically at that browser alone. 20 percent of the attacks monitored during the period in question were targeted at Firefox.

When it comes to patching, all of the browsers are improving. Firefox is the fastest to get its patches out, with a one-day window of exposure. Opera had a two-day window of exposure, down from 18 days during the last half of 2005. The window of exposure for Safari is up to five days (from zero), while Internet Explorer typically has a nine-day window, down from 25 days in the previous study.

If there is one clear takeaway from Symantec’s report, it’s that one’s choice of browser does not convey automatic immunity from browser-based attacks. Yes, most attacks target Internet Explorer, which makes economic sense for malware writers looking to make a quick buck. IE still accounts for almost 85 percent of all browsers in use today, making it the proverbial low-hanging fruit. However, no one is absolutely safe, making it important that surfers everywhere practice skeptical computing.
Source
Whitepaper

2

People always like to target popular softwares, simply cause the number of people affected is more. Also no point comparing microsoft to mozilla which inspite of the huge resources it’s got is still vulnerable to attacks. Firefox on the other hand is managing to do quite a good job with the limited resources that it’s got.

3

I think it’s worth noting that Opera is the only browser where security risks have actually decreased over time instead of increasing more than two-fold.

4

rise in browser vulnerabilities is directly proportional to the rise in popularity of that browser. so, it comes as no surprise that firefox is the current leader closely followed by IE and safari. opera despite being made available for free failed to make up any ground in terms of actual userbase.

The thing worth noting which comes as a relief for FF users is that “Firefox is the fastest to get its patches out”.

5

Ha .. still Firefox rocks … and i seriously doubt this report … no matter how less IE is vulnerable .. the exploits are far more dangerous …