Web Browsers Security. Opera, Internet Explorer, Safari, Firefox
July 12, 2007
After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.
Opera 9.x - Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)
Internet Explorer 7.x - Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.
Safari 2.x - Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.
Firefox 2.0.x - Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.
I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?
1. Opera 9.x - Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x - Most Insecure Web Browser?
Be the first to know. Subscribe to our RSS Feed 
It’s true, if you care about your security, choose Opera!
http://weblogs.mozillazine.org/asa/archives/2007/06/real_world_secu.html
http://weblogs.mozillazine.org/asa/archives/2007/05/security_is_abo.html
http://developer.mozilla.org/devnews/index.php/2006/09/26/better-metrics-for-security-understanding-the-symantec-internet-security-threat-report/
It’s actually quite a bit more complicated a question than just counting vendor disclosed bugs.
- A
Yes, you are right Asa, it also depends on share itself, the more popular product is, more bad stuff you can find here. But the fact is: Firefox is least patched browser (security patches) according to Secunia.
Complicated? A security whole is a security whole no matter the user share. And if you are right , it’s even more reason to use Opera.
While it’s accurate to say that the greater percentage of open security holes, the more unsecure the browser; it is more accurate to evaluate the rank of the most critical open security hole.
1. Opera 9.x - Most Secure Web Browser?
2. Safari 2.x
3. Internet Explorer 7.x
4. Firefox 2.0.x - Most Insecure Web Browser?
Either way you slice it, Opera wins.
As far as what Asa said, I’m confused. Does Firefox have a greater marketshare than IE? The IE team has had to deal with hundreds of security holes, and they still manage to have a better secunia ranking than Firefox. So isn’t that saying that with a smaller marketshare, the browser vendor should be held to a higher expectation, because they receive fewer holes, and so have fewer holes to patch. Yet within the 2.x branch, Firefox has patched an amazing 4 security holes.
Opera’s marketshare is roughly 15 times less than that of Firefox. Opera has fixed 6 security holes. Using this statistic, Firefox would have to fix 90 holes. Yet they haven’t. In fact, Firefox is acting like it has a smaller marketshare than Opera, by fixing only 4 security holes. Firefox is acting like it has a smaller marketshare than Opera. Either that, or Firefox just doesn’t care if they infect millions of users. Wouldn’t that make Firefox earn the title of Malware?
You aren’t actually vulnerable to the highly critical flaw if you use Firefox. You’re only vulnerable if you have Firefox installed but use a different primary browser. That way a page can do the exploit if the opening browser doesn’t sanitize what is passed (Safari does IIRC)
I believe Asa’s point is that the rankings are apple-to-oranges comparisons due to the policy of the two companies (Opera/Moz) on disclosing security issues. (I’m aggregating stuff I’ve read from his site and OperaWatch.com). For example, one difference *could* be that Opera may have patched/unpatched bugs/issues that is has not disclosed to anyone, where FF has all of it’s issues tracked. (I say could because I’m not sure exactly what the policies are in both camps)
Of course… all the nit-picking of stats and numbers etc makes it difficult to get a straight answer on security. I choose Opera because I trust them to create a quality, fast, secure product that adheres the *web’s standards* Regardless of where they rank on Secunia against proprietary and open source clients and companies that have different policies on disclosing problems.
I agree with Eddie. There are most likely many flaws in Opera that we never hear about, whereas we hear about all of the flaws in Firefox due to it being Open Source. However, being Open Source is even more reason for Firefox to have an edge on Opera and the other browsers. Correct me if I’m wrong, but they already have a large community of users who inspect the code and provide fixes. Shouldn’t the user base be able to provide fixes/patches in a very short amount of time?
I’m also a pure Opera fan (regardless of the fact that I truly believe that Open Source is the way to go). Firefox has no excuse to not have their security flaws patched immediately. both companies are working on next releases (Opera and Firefox..as well as IE), however, focus should be set on keeping current releases 100% secure. Opera has always done a fantastic job of fix security flaws with the next build they release which usually only takes a week or two at most. It really surprises me that more people aren’t choosing Opera as their daily browser, but I’m glad to see that this is slowly changing!
Also, like Icy said..percentages really mean nothing. It’s the level of the security flaw that matters most. Safari has patched 2 of 6 flaws, whereas IE has patched 6 of 13. Based on the percentages one might assume that Safari is less secure than IE when in reality the security flaws in IE weigh heavier than those in Safari. And to add to what Vygantas Lipskas said..it really does depend on the market share of a browser. As Opera’s market share grows we will indefinitely see more security flaws surface, but the fact still remains..Opera is the most secure full featured browser available today..and that should be appealing to everyone.
Good writeup!
Wow… genious math. Have you ever took some classes on statistics? These numbers don’t have any significance at all. It’s like deciding how many percent of the people smoke, by just asking 50 passengers at the entrance of the mall.
For those of you who did not follow Aza’s link above. Here is the crucial section, an indirect quote from “The Symantec Internet Security Threat Report”:
On “window of exposure”:
The window of exposure is the difference in days between the time at which exploit code affecting a vulnerability is made public and the time at which the affected vendor makes a patch available to the public for that vulnerability.
And…
In the first half of 2006, Internet Explorer had a window of exposure of ninedays, down considerably from 25 days in the second half of 2005 (figure 4). Apple Safari had a window of exposure of five days, up from zero days in the second half of 2005.12 In the first half of 2006, Opera had a window of exposure of two days, down considerably from 18 days during the second half of 2005. In the first half of this year, Mozilla had a window of exposure of one day. In the second half of 2005, Mozilla had a window of exposure of negative two days, meaning that exploit code in that period was generally released after patches were available.
More market share = Better product ?? FALSE
Opera is the best… i try and use all of them for months, i always return to opera, the others just cant match the security, easy customize, create own buttons, mouse gestures, widgets, toolbars, fast, memory efficient, etc.
i like firefox and like it is takin IE market share, cause IE is the worst by far as opera is the best.
if opera were free since the begining, or beat firefox in make money from google searchs… maybe could have more market share.
Firefox born because 5 years microsoft not developing IE and grown frustation of IE users, it born at the peak time of spyware and virus so easily installed by IE, it born with good star and as much i love Opera i will love more the day IE market share go to 1 digit, IE is crap spread the word
this thing may be true but SOMEHOW after 2 years of using firefox i NEVER had problems with advare and security issues!
I’m not too sure that IE has a higher security then Firefox. I’ve had a fair amount of problems while using IE, but when I switched to Firefox I haven’t had any virus related problems since. I doubt its luck.
I think opera is the best
[...] Originally Posted by tella.star my vote goes to firefox. because it is more secured, fast and easy to use plus it has a lot of add-ons to use. FF isn’t necessarily more secure than IE. Here are two studies that support this claim: Firefox vs. Internet Explorer: No real security winner | George Ou | ZDNet.com Web Browsers Security. Opera, Internet Explorer, Safari, Firefox [...]
[...] Web Browsers Security - Internet Explorer (IE), Firefox, Safari, OperaJune 16, 2008Some time ago we’ve posted an article about web browsers security which is based on Secunia reports. Well, before the Firefox 3 and [...]
But, how could Firefox get the title of Malware? If you use Safari on Mac, it is even rarer, 1 percent of online threats!(except if you use Safari on Windows, it will be 57 percent.) . So, I installed Opera 9.5 on my sister’s computer. As you know, Linux and Macintosh are very hard to be attacked by viruses… so Windows HAD TO make up a firewall. 0_0
[...] system that Firefox follows definitely helps it become safest browser of all. Read this, this and this; you will be in a real [...]
Maybe the Firefox folks have been concentrating on Firefox 3 which has been available for a couple of months. Secunia reports all reported vulnerabilities have been fixed.
Could the creators of opera make an operating system to match their browser..?