Firefox On Fire

Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.

Dark Reading logo in a gray background | Dark Reading

Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.It's no surprise that Mozilla's browser's rise in popularity also makes it a more attractive target. (Apple, take note). But for those who had made the switch from Internet Explorer to Firefox for security reasons, it makes you wonder if it may be time to re-evaluate your browser of choice again.

According to November market share data from Net Applications, Mozilla's Firefox added about 0.7 percent market share last month to its 24.72 percent, while Internet Explorer's (IE) share dropped from 64.64 percent in October to 63.62 percent in November. IE has been mostly on a downward spiral all year, starting at 69.72 percent in January.

The bad news for Firefox is it had more vulnerabilities than IE in the first half of the year. For the first and second quarters of 2009, IE had about 15 percent of all browser bugs, Safari had 35 percent, and Firefox had 44 percent, according to Cenzic's Web Application Security Trends Report (PDF), which was released last month. Overall, 90 percent of Web vulnerabilities during that period were in commercial Web apps, 8 percent in browsers, and 2 percent in Web servers, according to the report.

The report doesn't drill down into the trends of the types of vulnerabilities found in Firefox, but it was a busy year for Mozilla's security team. The first zero-day exploit for version 3.5 of the open-source browser was unleashed in July as Mozilla rushed to patch the vulnerability in its Just-in-Time JavaScript compiler.

No browser is foolproof, of course. And the only way to avoid many browser-borne attacks is to go forgo Web 2.0 and go retro with an old-school, text-based browser like Lynx. Uh -- no thanks. I'll just keep on patching.

-- Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights