David Fenton is one of the more prolific posters on the WWWAC list, one of the my favorite online hangouts, and he made some good points in regard to Firefox and browser security the other day. He's allowed me to post 'em here.

This fix highlights the HUGE difference between Firefox and IE in terms of safety. The vulnerabilities announced just a few days have already been patched.

And Secunia shows quite clearly that Firefox's open vulnerabilities are much less serious than IE's. Compare these two charts:

Firefox Criticality http://secunia.com/graph/?type=cri&period=all?=4227

IE Criticality http://secunia.com/graph/?type=cri&period=all?=11

Open those two graphs in separate tabs and then flip back and forth between them. You'll see that Firefox has a much lower number of discovered vulnerabilities in the most serious 3 of the 5 classes of vulnerability.

Also, if you look at Firefox's unpatched vulnerabilties, all are in the bottom 2 of the 5 classes of vulnerability. IE, on the other hand, has several unpatched class 3-5 vulnerabilities.

Although Firefox certainly has (and will continue to have) vulnerabilities:

1. its vulnerabilities are generally less serious than IE's.

2. none of the serious vulnerabilities remain unpatched, while some of IE's remain unpatched.

3. the Firefox vulnerabilities get patched much more quickly than IE's.

All the media bobbleheads who wrote articles about how Firefox was now showing vulnerabilities just like IE really ought to do followups that make these 3 points clear.

It won't happen, of course.

Thanks for letting me post your thoughts, David! And let me add one thing: check out the Known Vulnerabilities in Mozilla page. Notice that all of them are fixed, as David intimated above. Bookmark that page next time a hole is announced. Notice that it is fixed … fast.

(Check out all my postings on Firefox.)