A newsletter from PC Advisor, a UK based magazine, links a recent article about a report by Censic on vulnerabilities in browsers. Censic is a "security systems" provider specializing mostly in enterprise/corporate system security.

The article, which may be of some interest to some of us, is at Firefox accounts for half of all browser bugs

The "headline" is obviously intended to startle people into reading; but information in the article is of some interest.

[quotes]

November 10, 2009

Firefox accounts for half of all browser bugs
Report says Firefox is more vulnerable than IE

Gregg Keizer

Firefox accounted for almost half of all browser vulnerabilities in the first six months of 2009, according to Cenzic.
The web security company claims Mozilla's browser had the largest percentage of web vulnerabilities over the six-month span, while Apple's Safari had the dubious distinction of coming in second. Microsoft's Internet Explorer (IE) was third, while Opera Software's flagship browser took fourth place.

... ...

Firefox accounted for 44% of all browser bugs reported in the first half of the year, said Ewe, while Safari vulnerabilities came to 35% of the total. IE, meanwhile, accounted for 15%, while 6% of all the flaws were in Opera.

... ...

Data from web metrics company Net Applications puts IE as the most-used browser, with about 65% of the market, followed by Firefox with 24%, Safari with 4.4%, Google's Chrome with 3.6% and Opera with 2.2%.

[end quotes]

It's unfortunate that the Censic survey didn't assess how critical the vulnerabilities were; and a Censic spokesman offered the opinion that the results don't mean anyone needs to change browsers because of it. (The Censic spokesman says he uses Firefox and doesn't intend to change.)

The important point is that all browsers (and Operating Systems) are vulnerable and it is necessary - regardless of which you choose to use - to keep your browser up to date as its vulnerabilities are closed, and to have good AV and other protections in place while you practice "safe surfing."

The full Censic report can be downloaded (pdf) at AppSecTrends_Q1-Q2-2009, but probably won't be too interesting except to those with real technical concerns. The PC Advisor article (link at top) will be of more general inteest.

John