Cupertino, CA- Leading internet security watchdog Symantec has issued a report showing that Mozilla browsers, including the latest, patched version of FireFox, contain more vulnerabilities than Microsoft’s Internet Explorer. The company’s report also shows, however, that IE remains the preferred target for hackers.
While Mozilla’s open-source Web browser products have traditionally been considered more secure than their Microsoft-authored equivalents, and IE has a long history of security problems and vulnerabilities which tend to support the idea that Mozilla’s browsers are more secure. Symantec’s “Internet Security Threat Report Volume VIII”, released on Monday, for the first time supplies data that may serve to undermine that assumption.
According to Symantec’s report, there were 25 vendor-confirmed vulnerabilities located for the Mozilla browsers during the first half of 2005, which was “the most of any browser studied,” according to the author of the report. Of those 25 flaws, 18 were classified as “high severity”.
“During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE,” only eight of which were high severity, according to the report.
The average severity rating of the vulnerabilities in both Mozilla browsers and IE was classified as “high”. Symantec defines “high” vulnerability as “resulting in a compromise of the entire system if exploited.”
Symantec also reported that the time gap between vulnerabilities being disclosed and the release of code designed to exploit the vulnerabilities being has dropped to six days on average. The report does specify how quickly Mozilla and Microsoft develop patches for vulnerabilities in their browsers, or how many vulnerabilities in each had been targeted by hackers.
Symantec’s report also states that “at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred,” but further commented that Symantec “expects this to change as alternative browsers become increasingly widely deployed.”
Another weakness in Symantec’s report is that Symantec only counts flaws and vulnerabilities that have been confirmed by the vendor in question. According to another security monitoring company, Secunia ( http://www.secunia.com/ ), there are currently 19 security issues that Microsoft has yet to deal with for IE, while there are only three such unresolved flaws in Firefox.
