Speedy updates matter for browser security
11 March 2007
In the last post on this website, I noted that both Firefox 2 and Internet Explorer 7 should be considered secure browsers. Both browsers, according to Danish computer security service provider Secunia, had the same number of unfixed vulnerabilities at the time.
However, I was (and still am) hesitant to fully endorse Internet Explorer. Fixes for Internet Explorer have traditionally been much slower in coming than they have been for rival browsers, including Firefox. This may be the case, now, too.
Security report today and 19 days ago
Today, Secunia’s website says that Internet Explorer has 8 vulnerabilities, 6 of which remain unpatched. For comparison, Firefox has 6 vulnerabilities, 3 of which remain unpatched.
What does this mean? Well, the figures above need to be contrasted with what I wrote 19 days ago:
Firefox is affected by 5 security vulnerabilities, 4 of which remain unpatched, whereas Internet Explorer is affected by 6 vulnerabilities, 4 of which remain unpatched.
Thus, in the last 19 days, Firefox has gained one vulnerability and fixed two. Over the same period, Internet Explorer has gained two new vulnerabilities and has not fixed these or any of the previously known vulnerabilities.
I don’t want to make too much of this just yet. It could be that we caught Internet Explorer on a bad week or that a bunch of its weaknesses will be patched in the next couple of days, making the difference between Internet Explorer and Firefox, at least in security terms, negligible once again. But we should all realize that if slow patching becomes a pattern with Internet Explorer 7, as it was with Internet Explorer 6, using it should be considered unsafe. I’ll update this topic when more evidence is available, one way or the other.
Read more about browsers