Reports from a recent study conducted by Symantec indicate that with one exception, browser vulnerabilities have increased across the board. The most surprising finding in the study was the number of vulnerabilities detected in Mozilla’s Firefox browser. 47 vulnerabilities were discovered in a six month study from January through June of this year. Up from a total of 17 vulnerabilities in a similar study conducted in July through December of 2005. By comparison Microsoft’s Internet Explorer reported 38 vulnerabilities in this year’s study, up from 25 vulnerabilities last year. Despite a disappointing result in the sheer number of vulnerabilities discovered in their browser, Mozilla led the pack with the fastest turn around time for patches. Firefox’s turn around for patches showed a one-day window of vulnerability compared to Internet Explorer with a nine-day window.
Of the four browsers studied (IE, Firefox, Safari, and Opera) Opera was the only browser that showed a decline in the number of vulnerabilities.
There are two important notes concerning these findings. First and foremost is that your choice of browser does not necessarily guarantee that you’re safe from attack. IE certainly gets more attacks than any other browser, but 85 percent of the market is using Microsoft’s product. It makes economic sense for malware writers to single out their product. Secondly, it is as important as ever that users practic skeptical computing, and be wary of suspicious content or pages while browsing the Internet. Regardless of browser platform, nobody is 100% safe.