How Secure Is Firefox?

Firefox in the wild

Naturally, Firefox's popularity has brought out the attackers. Many different attacks "in the wild" specifically target Firefox users, making it the second-most-attacked browser behind Internet Explorer. Firefox 3.0 has had at least 39 separate vulnerabilities in less than six months (as compared to 154 vulnerabilities for Firefox 2.0 during its lifetime). Seventy-five percent of these exploits were ranked high-criticality, and a third allowed complete system compromise.

One of the common complaints about Firefox is its lack of support for the enterprise. Although Mozilla doesn't directly offer tools to ease large installations or to centrally manage Firefox through Group Policy, these are available from independent providers including FirefoxADM and FrontMotion.

All in all, Firefox is a sophisticated open source browser that has earned its place as a market leader. Like Internet Explorer, Firefox enjoys widespread popularity and third-party support. And like Internet Explorer, it continues to struggle with frequently found vulnerabilities, perhaps due in part to the vendor's commitment to SDL (Security Development Lifecycle) processes, which initially lead to more vulnerabilities being uncovered during testing. Firefox makes a good browser choice for anyone, but especially for users who want to purposefully avoid Internet Explorer (and ActiveX) or who don't need the finest granularity (e.g., multiple security zones) in their browser's security.

Subscribe to the Best of PCWorld Newsletter