I just got mildly dissapointed in Firefox.

Posted by xanfirefox on Wed, 07/11/2007 - 18:55Stats

For the past four months I have been making a security chart that showed the statistics by secunia to help "evangelize" Firefox by showing people how much better Firefox is in security compared to Internet Explorer 7.

When I first started making it Firefox was three times more secure than Internet Explorer. That changed gradually. Now, since yesterday, a no. 4 (with a 0-5 criticality rating, highly critical) criticality was fund in Firefox's most recent version. That was also a day when Microsoft did some security updates.

Now Firefox is 1% less secure than internet explorer!I hope this will be patched soon, and that it won't stay in Firefox 3, because for the past twenty or so hours, it would be lying to say that Firefox is more secure. This is kind of dissapointing.

Go Firefox!!!

 I have attached the chart, and the text information, which gives all the details.

 

Internet Explorer 7 has greatly improved in security compared to Internet Explorer 6,
with Internet Explorer 6's criticality rating now 46 and Internet Explorer's Criticality rating being 14.

April 19, 2007:
Criticality is based on a scale of 0-5, 0 being not critical at all and five being extremely critical.
The Criticality rating is a rates how critically a browser is infected.
Where a vulnerability with a criticality of "1" adds on to the criticality, "2" adds 2, and so on.

The ones that sat "-now patched" means that during the date recorded, they were a vulnerability, but are now patched.
---------
Firefox: (3 vulnerabilities)
Criticality rating: 5

SA20442 (2)
SA23046 (2)
SA24153 (1)

Internet Explorer: (7 vulnerabilities)
Criticality rating: 15

SA24535 (2) -now patched
SA24314 (2)
SA23014 (2)
SA22628 (3)
SA22542 (2)
SA22477 (2) -now patched
SA20449 (2)
-----------

June 2, 2007:

Firefox: (5 vulnerabilities)
Criticality rating: 8

SA25481 (1)
SA12580 (2)
SA20442 (2)
SA23046 (2)
SA24153 (1)

Internet Explorer: (7 vulnerabilities)
Criticality rating: 15

SA24535 (2) -now patched
SA24314 (2)
SA23014 (2)
SA22628 (3)
SA22542 (2)
SA22477 (2) -now patched
SA20449 (2)
-----------

July 2, 2007:

Firefox: (6 vulnerabilities)
Criticality rating: 9

SA25904 (1)
SA25481 (1)
SA12580 (2)
SA20442 (2)
SA23046 (2)
SA24153 (1)

Internet Explorer: (7 vulnerabilities)
Criticality rating: 14

SA25663 (1)
SA25564 (2)
SA24314 (2)
SA23014 (2)
SA22628 (3)
SA22542 (2)
SA20449 (2)
-----------

July 10, 2007

Firefox: (8 vulnerabilities)
Criticality rating: 15

SA25990 (2)
SA25984 (4)
SA25904 (1)
SA25481 (1)
SA12580 (2)
SA20442 (2)
SA23046 (2)
SA24153 (1)

Internet Explorer: (7 vulnerabilities)
Criticality rating: 14

SA25663 (1)
SA25564 (2)
SA24314 (2)
SA23014 (2)
SA22628 (3)
SA22542 (2)
SA20449 (2)
-----------


login or register to post comments | previous forum topic | next forum topic | 4183 reads
I did that myself..for 2 hours!
Submitted by h313n on Wed, 12/19/2007 - 15:52.

Got disappointed with Firefox! I read many "reports" and being in a "devil may care" mood, found a "super-duper  make IE7 professional [and like Firefox]" (paraphrased by myself).

Great, for a whole 2 hours I believed it until I was on a major search site NOT clicking on any of the links just looking at the main search page when my av made a warning noise and informed me " it had detected 'JS/Iframe.1094" malware class.

I was upset, been using Firefox since January this year and had not seen my av catch anything since then until I broke out the crock 'o' c*** called IE.

Firefox will be getting more vulnerabilities now, it's more popular and more of a target for hackers etc. Thing is, I remember reporting something that had gone wrong and it was fixed within a matter of hours, M$ have vulnerabilities years old.

login or register to post comments
These are not the vulnerabilities you are looking for...
Submitted by JustZisGuy on Wed, 12/19/2007 - 21:00.

Also, remember that MS has the power to hide vulnerabilities from the public. So it is going to look more and more like Firefox has more vulnerabilities when that is not the case. 

They are also good at convincing the public that a serious vulnerability is not a vulnerability at all. (Just think about IE 4 on Windows 98 and Active X for a minute - shudder!)

login or register to post comments
IE security
Submitted by jagdragon on Wed, 12/19/2007 - 01:24.

the security rating of IE may be higher than firefox because they ask every single time you click on something. Do it now, go to IE7 and try to download something from sourceforge. how many popups and "cancel or allow" "and are you sure you want to open this?"'s did you have to click past? so many that some IE users have given up trying to download stuff

login or register to post comments
Yes, But...
Submitted by LIJI on Thu, 08/02/2007 - 11:54.

Yes, but how many of you got hacked when using your browser?
Or surfed the internet and suddenly a spyware was installed?
OR a toolbar was added you to browser without asking you?

100% of Firefox users would answer no. most of IE users would say yes.
 

login or register to post comments
Firefox 2.0.0.5 has been released
Submitted by aggro on Wed, 07/18/2007 - 09:55.

Firefox 2.0.0.5 has been released. That should fix the situation:
Firefox 2.0.0.5 Release notes

login or register to post comments
wow
Submitted by techman94 on Mon, 07/16/2007 - 13:40.

I'm actually a bit nervous using firefox now.

login or register to post comments
Security compromised
Submitted by waterbird on Thu, 07/12/2007 - 02:56.

I have to agree with you.  I had been using FIreFox version 1.5, and never ever had any problems but decided a few days ago to install 2.   I was shocked to find that a program [?] calling itself Freeware cache buster had installed a pop up!,  despite my having chosen the "block pop up option." This pop up could not be removed.  I finally got rid of it..it was a pop up insisting that I absolutely had to get their "porn site history remover" because I had hundreds of them on my P.C. which is ofcourse is a total lie....   Showed up as an "error" on FF.

login or register to post comments
Including IE6?
Submitted by 3518742690 on Wed, 07/11/2007 - 19:10.

At one time, Firefox 2.0.x had no vulnerabilities, and so did IE.



Look at this blog entry... if it becomes outdated.

Also, Visit my Top 20½ reasons to use Firefox page!

login or register to post comments
No, this does not include IE6
Submitted by xanfirefox on Wed, 07/11/2007 - 19:22.

This does not include IE6.

 Yes, there was a point when 2.0x had no vulnerabilities. So? Not any more...
 

login or register to post comments
That's what I mean.
Submitted by 3518742690 on Wed, 07/11/2007 - 19:41.

If you include ALL versions of the browsers, you find that Firefox has MUCH less security vulnerabilities.



Look at this blog entry... if it becomes outdated.

Also, Visit my Top 20½ reasons to use Firefox page!

login or register to post comments
Well, Yes
Submitted by xanfirefox on Thu, 07/12/2007 - 01:22.

Of course! I wouldnt be suprised if Internet Explorer 6 alone would be less secure than all versions of Firefox, but that wasn't my point.

I just compared the most recent of both browsers.

login or register to post comments
The thing is, though...
Submitted by 3518742690 on Thu, 07/12/2007 - 03:36.

Fx2 has been out longer than IE7... so more vulnerabilities would have been discovered during that time. Doesn't mean there are more, just that more have been discovered.



Look at this blog entry... if it becomes outdated.

Also, Visit my Top 20½ reasons to use Firefox page!

login or register to post comments
Yes,,,
Submitted by xanfirefox on Thu, 07/12/2007 - 13:44.

But there was a difference of about twenty days. Not a whole lot of difference.<p>What bothers me is that it is still unpatched!

login or register to post comments