Microsoft, Mozilla squabble over browser security

Rarely do we get a chance to hear Microsoft and Mozilla debate the issue.

Which browser is more secure Internet Explorer or Firefox? We all have our opinions, but rarely do we get a chance to hear Microsoft and the makers of the Firefox browser, Mozilla, debate the issue.

On Friday Microsoft Security Strategy Director Jeff Jones released a study "Download: Internet Explorer and Firefox Vulnerability Analysis" that proclaims Internet Explorer 7 is safer than Firefox (Did we expect a Microsoftie to tell us anything else?). The report can be accessed through Jones' blog.

In the study, Jones argues, because Microsoft releases new versions of its Web browsers less frequently and continues to patch older IE browser releases for longer periods of time, IE users are safer from security vulnerabilities than Firefox users.

"Over the past 3 years, supported versions of Internet Explorer have experienced fewer vulnerabilities and fewer High severity vulnerabilities than Firefox," according Jones' report.

He points out Microsoft released IE 6 in August 2004 and IE 7 in October 2006 and that both versions of IE are currently supported by Microsoft. Jones slams Mozilla for halting support on older versions of Firefox, instead directing users in many cases to simply upgrade to a newer version. He gives the example of Firefox 1.5 which Mozilla stopped supporting in May 2007, according to Jones. Mozilla dropped the ball, he argues, because it was only 2 months after a Red Hat Enterprise Linux 5 (RHEL) shipped with Firefox 1.5 bundled with the OS.

Soon after the RHEL5 release Mozilla reportedly urged users to upgrade their Firefox browser to avoid a "severe vulnerabilities."

Jones suggests that because Mozilla chose not to patch the older version of the browser (prompting people to download a new version instead) many who declined the upgrade were left vulnerable.

Mozilla Counters Jones' Claim

As you might guess, Mozilla had a few thoughts on the subject as well. According to a post at the the official Mozilla Security Blog a contributor named Window Snyder responds to Jones' report:

"One of the goals of the bug counting report (Jones' study) is to demonstrate that Microsoft fixed fewer bugs for IE than Mozilla did for Firefox. Unfortunately for Microsoft (and for anyone trying to use this report as analysis of useful metrics) he does not count all the security issues. If he were able to count them all, Microsoft could get credit for all the bugs they fixed."

Synder argues that many of Microsoft's browser bugs are spotted by "contractors" who are "engaged" by Microsoft to stress-test IE for vulnerabilities. Because of this relationship many IE bugs never become publicly known.

"Unfortunately for Microsoft's users this means they have to wait sometimes a year or more to get the benefit of this work. That's a lot of time for an attacker to identify the same issue and exploit it to hurt users."

Synder points to a Washington Post blog by Brian Krebs who wrote in January 2007:

"For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet.

In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."

Synder continues:

"It speaks to the strength of our community based security efforts to actively identify and quickly fix security issues. We don't let fixes languish on the tree waiting for a major release while users are vulnerable. We ship fixes regularly because securing our users is more important than protecting our PR team..."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Spring

PC World
Show Comments

Cool Tech

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >


Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?