Internet Explorer has constantly come under fire for its numerous security vulnerabilities, so much so that the U.S. Computer Emergency Readiness Team (CERT) issued an advisory that recommends that people consider using a different browser. (For more details, see my weblog about it.)
That recommendation brought a gleam to the eyes of some Mozilla and Firefox users who have a holier-than-thou attitude when it comes to Internet Explorer. They gloated that once again, the world’s most popular browser has been shown to have the world’s biggest security holes.
But they should gloat no more. All browsers, Mozilla and Firefox among them, are bedeviled by security holes. Just recently, for example, it was discovered that a security bug makes Mozilla and Firefox vulnerable to phishing attacks. That’s certainly not the first security bug, and it will be far from the last.
Now, it’s true that Mozilla and Firefox are inherently more secure than IE, in large part because they’re more isolated from the operating system. And the Mozilla Foundation has been more willing than Microsoft to confront the problem head-on, even announcing a $500 bounty for every critical security bug anyone can find. But the browsers are also more secure because they lack some of IE’s functionality, such as the ability to run ActiveX controls. I’m a big fan of Firefox, but for me, that’s still one of the browser’s biggest drawbacks.
As Mozilla and Firefox slowly gain popularity because of Internet Explorer’s security flaws, expect them to be increasingly targeted. Expect more attacks, more flaws uncovered, and less security. It’s going to be the price of success.
What do you think about security bugs in IE, Mozilla, and Firefox? Let me know.