Skip to Content
Uncategorized

Is Internet Explorer More Secure than Firefox?

A new model predicts that more vulnerabilities are to be found in Firefox than in Internet Explorer.
September 21, 2006

New research suggests that there are more flaws yet to be found in the current version of the Firefox web browser (version 1.5) than in the current version of Internet Explorer (version 6, and its updates). Furthermore, the researchers say, a larger proportion of Firefox’s vulnerabilities are severe.

However, the researchers also determined that more vulnerabilities in Firefox are corrected with software patches than flaws in Internet Explorer, which could mitigate the effects, says computer scientist Yashwant K. Malaiya of Colorado State University and his team. The findings will be presented in November at the International Symposium on Software Reliability Engineering in Raleigh, NC.

The researchers’ predictions are somewhat surprising, since Firefox is generally perceived to be more secure than Microsoft’s Internet Explorer. Indeed, security is a popular reason why many people have switched over to the open-source browser in recent years. Firefox’s market share almost tripled, from 4.6 percent to 12.9 percent, between November 2004 and July 2006.

But of course this increased popularity may be one reason why the number of detected flaws in Firefox has been increasing, says Malaiya. From November 2005 to July 2006, 73 vulnerabilities were found in Firefox, 33 of them critical. The number of vulnerabilities detected in Internet Explorer was smaller during a far longer period: from August 2001 to July 2006, it was 60, 15 of them critical.

To get a sense of the number of future vulnerabilities in the two Web browsers, the researchers applied a mathematical model that predicts the rate of detection. The model is based on previous data from software flaws found in operating systems and Web servers, and from earlier detected vulnerabilities in both Web browsers. Using the model, Malaiya and his team now project that Firefox will continue to have roughly 12.4 detected flaws per month, compared with Internet Explorer’s projected 3.5. From the paper:

The available data suggests a higher number of new vulnerabilities can be expected in Firefox 1.5 compared with IE 6.x in the near future; they are also more likely to be of higher severity.

However, the paper adds, the process of finding flaws is only one piece of the security equation. The act of fixing the flaws is an important component–and this is where Firefox seems to have the edge over Internet Explorer. Again, from the paper:

Firefox developers are much better in developing patches with a significantly higher patch rate, thus significantly compensating for the higher vulnerability detection rate.

Malaiya and his team conclude that the evaluation of competing products needs to be repeated periodically so that the most recent data can be used to tweak their models and assess current and future risks.

Deep Dive

Uncategorized

Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.