Mozilla Web browsers are currently potentially more vulnerable to attack than Microsoft's Internet Explorer (IE), according to a Symantec report out on Monday; the same report also found that today's hackers are still focusing their efforts on IE.
Mozilla browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, insisted earlier this year that Mozilla browsers were fundamentally more secure than IE, and would not face as many problems as IE even as their marker share grows. But Symantec's Internet Security Threat Report Volume VIII contains data for the first six months of this year that may contradict this perception.
According to the report, 25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005, "the most of any browser studied". Eighteen of these were classified as high severity.
"During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," according to the report.
The average severity rating of the vulnerabilities associated with both Internet Explorer and Mozilla browsers in this period was classified as "high", which Symantec defined as "resulting in a compromise of the entire system if exploited".
Symantec reported that the gap between vulnerabilities being reported and exploit code being released has dropped to six days on average. However, it's not clear from the report how quickly Microsoft and Mozilla released patches for their respective vulnerabilities, or how many of the vulnerabilities were targeted by hackers, though Microsoft only generally releases patches on a monthly basis.
Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred", but added that it "expects this to change as alternative browsers become increasingly widely deployed."
The Mozilla Foundation had not responded to requests for comment at the time of writing.
The report also highlighted a trend away from the focus of security being on "servers, firewalls, and other systems with external exposure". Instead, "client-side systems — primarily end-user systems — [are] becoming increasingly prominent targets of malicious activity".
Web browser vulnerabilities are becoming a preferred entry point into systems, according to the report.
The report also highlighted the trend of hackers operating for financial gain rather than recognition, increased potential exposure of confidential information, and a "dramatic increase in malicious code variants".
Update: After this story was published, Mozilla responded to Symantec's claims and defended its security record. Click here to read more.
Talkback
More lies and damned lies. Read all about the nonsense here: http://yahoolian.dyndns.ws:3000/articles/2005/09/17/firefox-vs-ie-security
Look at their own statistics, current situation:
Firefox: http://secunia.com/product/4227/
IE: http://secunia.com/product/11/
Firefox - Less Critical (3 of 22 unpatched)
Internet Explorer - Highly Critical (19 of 85 unpatched)
Horsefeathers!
yeeeaaaaa right...wow ...symantec...i will never recomend you ever to another customer. Your wasted all your credit on LIES. You might even say that the easter bunny do exist. The comment is so stupid.
Symantec is rite mozilla sucks ive noticed it many time on computers ive fixed the ones with mozilla have more sever problems than the ones that just use regular IE those who do not belive this report are just plain stupid
I think there's a difference between breaking an entry and knowing that a locked down vault is waiting for you versus breaking an entry and knowing that the keys and security codes to the vault are just waiting for you. And not just for the vault you're breaking into but also the keys and codes of some vaults nearby.
Another thing to keep in mind is that when comparing different vendor's roofs you might want to take into account the kind of foundations, structural design specification, etc they actually recommend and those they supply for.
As such it would be best to know exactly what Symantec is saying about what how.
Only illiterate MSCE technicians prefer MS browser......
Symantec knows that with better products like Mozilla, people are less prone to viruse and attacks leading to a decline in Symantec Sales.
Why do you give these losers any press? The stuff they make for the Mac is causes more problems than it prevents. They make garbage and spout lies to sell it.
**Quote by Mark***
-----------------------------------------------------
Only illiterate MSCE technicians prefer MS browser......
-----------------------------------------------------
Is it? So you mean all users of IE are MSCE? Wow man, you gotta be kidding!! Then Im to is an illiterate MSCE.
What you're saying is pure hearsay!!!
It's about time security firms make people aware of this. Hackers will hit the most popular software, and as Firefox grows in popularity, it will be targeted.
The fact that early reviewers advocated switching to Firefox because it was more secure -- Walter Mossberg at the Wall Street Journal is a visible example -- demonstrates how ignorant the public is about software security.
Diebold's voting machines, the same ones used in the 2004 elections, had exploitable flaws that were even recognized by U.S. Homeland Security. http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold
Rather than bashing Microsoft at every turn, fun as it may be, the security and open-source communities must increase their vigilance as new software gains in popularity.
Rubbish.... Reports have been missread AGAIN.
Rubbish - crap as usual.... I've had more problems than I can count with IE but none EVER with Firefox.
What a comment... utter crap lol.
Symantec is just as bad as MS, there's gaping flaws in NIS 2005 & still gaping flaws in NIS2006, open to hackers... have they fixed it... no..! So why take notice of stupid comments like that.
Tell you what, when I had Norton and Exploder I had over 120 cookies in just 10 minutes + a worm that Symantacrap could not remove... I had symantec 8 months before ditching it after corrupted downloads which ended up with three reformats.
So I switched and ditched now....
I can be on Mozilla all day with AVG and just get a dozen cookies... thats why I say the comment is crap... oh, and no problems to date
Hell will freeze over before taking note of comments like that.
Boils down to Symantec and Internet Exploder running scared because of all the flaws they get.
Davy