14 DAY TRIAL // The face-off between the most prominent browsers on the market is not only a question of audience and uptake, but also one of security. As browsers are often a preferred attack vector, developers aim to bulletproof the product as much as possible. As far as the browser market is concerned, Internet Explorer, Firefox, Safari and Opera pretty much dive the users, with IE having the dominant position, as a result of the Windows-near monopoly, but with Mozilla's open source product coming hard from behind. Safari is Apple's proprietary browser and a component of the Mac OS X operating system, also made available for the 32-bit and 64-bit Windows XP and Windows Vista platforms in 2006. Out of all, Opera is the undisputed underdog, having the smallest reach. But in terms of the amount of security vulnerabilities, each browser brings to the table, exposing users to inherent risks, Secunia revealed an entirely different top.
"Fourteen vulnerabilities were reported in Safari this year; while fifteen were reported for Opera, one of which is dependent if the browser is using a vulnerable version of the Adobe Flash Player. Forty-three vulnerabilities were reported in Internet Explorer (covering IE 5.x, 6.x, and 7), both those publicly disclosed prior to vendor patch, and those included in Microsoft Security Bulletins, while a total of 64 vulnerabilities were disclosed for Firefox", Secunia commented.
It has to be mentioned, at this point in time, that the sheer number of security vulnerabilities is not an accurate measure of the browsers' security level. In this context, there are additional factors to take into consideration, such as the window of exposure. The window of exposure is defined as the amount of time that passes between a vulnerability is discovered and before a patch is applied. During this time, users are at risk because there is nothing to protect them from active exploits.
"Mozilla has patched five out of eight vulnerabilities, three of them in a little more than a week, while Microsoft has patched only three out of ten vulnerabilities, with the earliest patch coming in almost three months from disclosure. The criticality of the vulnerabilities in IE are in the less- and not-critical range, while Firefox's vulnerabilities include one highly critical issue, and one moderately critical issue, both patched within eight days", Secunia added.
