Microsoft & Mozilla Row Over Browser Security

Mozilla, the company behind the Firefox browser, have dismissed a Microsoft study claiming Internet Explorer has fewer security problems.

The study was produced by Jeff Jones, a Microsoft security researcher. He compared the publicly-announced problems of both new and old versions of both browsers. His figures say that in the past three years, Internet Explorer has had 87 'vulnerabilities' (potential security problems that need fixing), while Firefox has had 199.

He also found that Microsoft was improving security at a quicker pace; looking at vulnerabilities for each version of a browser in the 12 months after it was released, he had Internet Explorer (IE) improving from 26 vulnerabilities with version 6.0 to 17 with version 7.0 (and just seven with the Vista edition of version 7.0).

Meanwhile, Firefox which had 66 vulnerabilities for version 1.0, actually rose to 77 for version 1.5, and only fell to 56 for version 2.0. (Source: arstechnica.com)

However, Mozilla's Mike Shaver attacked the study's methods. He claims Microsoft fail to count problems they find and fix themselves without telling the public. He also says Microsoft will often release a security update that fixes several problems, but only count it as a single vulnerability. In contrast, Mozilla count every problem separately, no matter who discovers it. (Source: off.net)

Shaver also suggests the figures might not be a true indicator of security because Internet Explorer could have more bugs that haven't been fixed. Mozilla's official security blog was even more outspoken: "We're not building fixes for our PR team, we're building them for our users. Go ahead and count." (Source: mozilla.com)

Meanwhile, independent Internet writer Jeremy Reiner suggests Microsoft deliberately chose to measure the period that gave them the best results because it coincided with the release of Service Pack 2, a major update to Windows that fixed many security problems.

It's commonly believed that Firefox has fewer security issues than Internet Explorer, so it's not surprising people are questioning the way Microsoft carried out their study. But such arguments will benefit everyone if they increase the pressure on firms to develop more secure browsers in the first place.