Which Web browsers are the most vulnerable?

[rpm]

Web browsers: which ones are most vulnerable?

A new security trends report highlights the web technologies and applications most vulnerable to hackers

 

[NomNom]

Behind every good web browser is a good anti-virus lying in wait to be summoned for the kill.

 

[bawrak]

Firefox had 44% of all browser vulnerabilities

Glad I switched to Opera recently

But 44% for firefox is shocking... so much for being more secure than ie :erm:

 

[Bosvark@]

Good ol' IE works for me...

 

[rurapente]

whichever one the user keeps updated, properly configured and combined with an updated working AV.

Its like asking which house alarm is best. The R20 000 that no one can bypass but that you forget to turn on, or the R3999 one you turned on when leaving the house

The weakest point of any PC's security is the user.

 

[eltherza]

Funny how the results vary, with http://www.securityfocus.com ranking firefox better than IE7.

 

[Drake2007]

Funny how the results vary, with http://www.securityfocus.com ranking firefox better than IE7.

Sorry, but where exactly is the ranking?

 

[McGuywer]

Chrome is one of the pictured web browsers, yet not listed? Or mentioned?

 

[Moederloos]

I find the article confusing - mixing of browsers (client side) with web servers (server side).
Also, no mention of what OS the browsers run on - or what OS the server runs on.

 

[Sharrow]

Firefox has hundreds upon hundreds of extensions, each of which is a potential hazard, and this is the reason it "scores so highly" on what is clearly a survey compiled by a bunch of amateurs trying to get some exposure.

I agree 100% though - the weakest point of any PC security is the user.

 

[Kloofvreter]

Good ol' IE works for me...

+1

 

[kifoth]

But 44% for firefox is shocking... so much for being more secure than ie :erm:

Badly written article. That 44% is for reported vulnerabilities. FF is open source, so every vulnerability found gets reported. All the other browsers on that list are closed source, so if their developers find something wrong, they keep quiet about it and sneak a fix through in the next patch.

 

[eltherza]

Sorry, but where exactly is the ranking?

Click on Vulnerabilities

Choose Microsoft, then Internet Explorer, check the issues
Choose Mozilla, then firefox, check the issues

Ok, ranking isn't a good word to use, but never the less, there are 2 conflicting opinions on the matter - so which do you really trust?

EDIT:
here is a nice easy graph to look at

 

[Devo-sa]

I have to agree that this article really was written poorly, without any real work done to clarify any statement and its numbers in any real way.

The statement of companies not focusing on their web applications' security, and then basically blaming the browsers, the mentions of XSS & server-side etc..?

Whoever wrote this doesn't seem to even have a basic idea of what he/she wrote about.

 

[adrianx]

Badly written article. That 44% is for reported vulnerabilities. FF is open source, so every vulnerability found gets reported. All the other browsers on that list are closed source, so if their developers find something wrong, they keep quiet about it and sneak a fix through in the next patch.

+1

The last 2 reports that I have read from Cenzic makes me wonder if they are not on MS's payroll.

...so if their developers find something wrong, they keep quiet about it and sneak a fix through in the next patch.

and sometimes they don't even do that much.

Edit: Even Opera (who came first!) think it is a bunch of crap:

According to Computerworld, security firm Cenzic has released a report showing that Firefox and Safari were the least secure browsers in the first half of 2009. That's the impression you get by simply skimming the article anyway. The actual report from Cenzic only counts the number of security flaws, and concludes that Firefox had 44% of all vulnerabilities, Safari had 35%, IE had 15%, and Opera a mere 6%.

Does that really mean that IE is more secure than Firefox and Safari?

I'm not sure a conclusion like that can be drawn at all. There are other aspects to security vulnerabilities that were not covered, such as the severity, and how long the vendor takes to fix them. Furthermore, security reports sometimes elevate standard crash bugs into security bugs, for example referring to them as "Denial of Service Vulnerabilities".

It's great to see that Opera has a low number of vulnerabilities, and I am confident that we would look good if severity and "time to fix" were taken into account as well. But until the report actually includes those relevant details, it isn't really that useful.

Statistics are great, though. You can make them show just about anything.

http://my.opera.com/haavard/blog/2009/11/10/cenzic-security

 

[reddevilandy10]

Who cares? FF is still by far the best browser!! Besides, NoScript + Greasemonkey + ABP + SiteAdvisor + FoxyProxy + Firewall + AV = a pretty safe browsing experience. You'd have to be an idiot and click on a red link to compromise your pc.

 

[Synaesthesia]

Safest way to browse: don't use windows!

Anyway I thought Chrome has an excellent sandboxing model - it was the only browser not to be hacked at that challenge.

 

[Xyber]

I have to agree that this article really was written poorly, without any real work done to clarify any statement and its numbers in any real way.

The statement of companies not focusing on their web applications' security, and then basically blaming the browsers, the mentions of XSS & server-side etc..?

Whoever wrote this doesn't seem to even have a basic idea of what he/she wrote about.

Exactly, why should XSS and injection and all that be the browser's problem when some n00b can't code a secure site?