Theface-off between the most prominent browsers on the market is not onlya question of audience and uptake, but also one of security. Asbrowsers are often a preferred attack vector, developers aim tobulletproof the product as much as possible. As far as the browsermarket is concerned, Internet Explorer, Firefox, Safari and Operapretty much dive the users, with IE having the dominant position, as aresult of the Windows-near monopoly, but with Mozilla's open sourceproduct coming hard from behind. Safari is Apple's proprietary browserand a component of the Mac OS X operating system, also made availablefor the 32-bit and 64-bit Windows XP and Windows Vista platforms in2006. Out of all, Opera is the undisputed underdog, having the smallestreach. But in terms of the amount of security vulnerabilities, eachbrowser brings to the table, exposing users to inherent risks, Secuniarevealed an entirely different top.
"Fourteen vulnerabilities were reported in Safari this year; while fifteen were reported for Opera, one of which is dependent if the browser is using a vulnerableversion of the Adobe Flash Player. Forty-three vulnerabilities werereported in Internet Explorer (covering IE 5.x, 6.x, and 7), both thosepublicly disclosed prior to vendor patch, and those included inMicrosoft Security Bulletins, while a total of 64 vulnerabilities weredisclosed for Firefox", Secunia commented.
It has to be mentioned, at this point in time, that the sheer number ofsecurity vulnerabilities is not an accurate measure of the browsers'security level. In this context, there are additional factors to takeinto consideration, such as the window of exposure. The window ofexposure is defined as the amount of time that passes between avulnerability is discovered and before a patch is applied. During thistime, users are at risk because there is nothing to protect them fromactive exploits.
"Mozillahas patched five out of eight vulnerabilities, three of them in alittle more than a week, while Microsoft has patched only three out often vulnerabilities, with the earliest patch coming in almost threemonths from disclosure. The criticality of the vulnerabilities in IEare in the less- and not-critical range, while Firefox’svulnerabilities include one highly critical issue, and one moderatelycritical issue, both patched within eight days", Secunia added.