Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Kate Greene

A View from Kate Greene

Is Internet Explorer More Secure than Firefox?

A new model predicts that more vulnerabilities are to be found in Firefox than in Internet Explorer.

  • September 21, 2006

New research suggests that there are more flaws yet to be found in the current version of the Firefox web browser (version 1.5) than in the current version of Internet Explorer (version 6, and its updates). Furthermore, the researchers say, a larger proportion of Firefox’s vulnerabilities are severe.

However, the researchers also determined that more vulnerabilities in Firefox are corrected with software patches than flaws in Internet Explorer, which could mitigate the effects, says computer scientist Yashwant K. Malaiya of Colorado State University and his team. The findings will be presented in November at the International Symposium on Software Reliability Engineering in Raleigh, NC.

The researchers’ predictions are somewhat surprising, since Firefox is generally perceived to be more secure than Microsoft’s Internet Explorer. Indeed, security is a popular reason why many people have switched over to the open-source browser in recent years. Firefox’s market share almost tripled, from 4.6 percent to 12.9 percent, between November 2004 and July 2006.

But of course this increased popularity may be one reason why the number of detected flaws in Firefox has been increasing, says Malaiya. From November 2005 to July 2006, 73 vulnerabilities were found in Firefox, 33 of them critical. The number of vulnerabilities detected in Internet Explorer was smaller during a far longer period: from August 2001 to July 2006, it was 60, 15 of them critical.

To get a sense of the number of future vulnerabilities in the two Web browsers, the researchers applied a mathematical model that predicts the rate of detection. The model is based on previous data from software flaws found in operating systems and Web servers, and from earlier detected vulnerabilities in both Web browsers. Using the model, Malaiya and his team now project that Firefox will continue to have roughly 12.4 detected flaws per month, compared with Internet Explorer’s projected 3.5. From the paper:

The available data suggests a higher number of new vulnerabilities can be expected in Firefox 1.5 compared with IE 6.x in the near future; they are also more likely to be of higher severity.

However, the paper adds, the process of finding flaws is only one piece of the security equation. The act of fixing the flaws is an important component–and this is where Firefox seems to have the edge over Internet Explorer. Again, from the paper:

Firefox developers are much better in developing patches with a significantly higher patch rate, thus significantly compensating for the higher vulnerability detection rate.

Malaiya and his team conclude that the evaluation of competing products needs to be repeated periodically so that the most recent data can be used to tweak their models and assess current and future risks.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.