A report by security vendor Cenzic has pegged the popular open source Firefox Web browser right at the top in terms of the total reported vulnerabilities. According to Cenzic, Firefox garnered 44 percent of all reported browser vulnerabilities in the first half of this year. This is in contrast to Safari, which commanded 35 percent and Internet Explorer's 15 percent. Fourth-place Opera garnered just 6 percent of reported flaws.
The Problem with Add-Ons
As to the reason Firefox came out so far ahead (or behind), of even traditional security laggards like Internet Explorer, Lars Ewe, CTO of Cenzic, explained to InternetNews.com that this could be the result of its plug-in architecture. The exact formula used by the company wasn't revealed, though Ewe was quoted as saying:
They've gotten more traction as a browser, which is good for them and the more you get used, the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins.
Ewe admitted that problems with plug-ins often reside outside the control of the Firefox team, saying:
They can't control security aspects of all the plug-ins and the vulnerabilities are a side effect of that.
So does counting the number of vulnerabilities of third-party software even make sense, given that it would not be possible to load every plug-in that exists?
I took a quick glance at my current plug-ins under the "Add-on" menu option in Firefox and saw that I run six. While not a low number, I am sure that many others, especially Web developers or power users, will swear by more. So while it is probably unfair to measure the security-worthiness of Firefox in this manner, it would be inaccurate to exclude them completely.
Moving on, another issue has recently emerged that caught my attention. Brooke Crothers over at CNET News wrote about how Firefox consumes a lot of CPU resources at times. He described his experiences, noting:
I find that tab for tab, Firefox uses decidedly more resources than other browsers -- Safari, for example.
While I never did compare Firefox with other browsers, I have personally found that the processor utilization of Mozilla Firefox does at times spike up to 100 percent for unknown reasons. While this does not happen that regularly, the only way to eliminate the problem once Firefox decides to act up this way is to completely shut down the browser and restart it.
This thorny issue becomes problematic. however, should I failed to notice it in time -- the battery on my laptop ends up lasting only half the normal amount of time thanks to the phantom workload consuming more than the usual amount of power.
To be clear, I've always been an advocate of the Mozilla Firefox browser. I use it as my primary browser across all my workstations, in fact. In view of the above reasons, though, could it be time to rethink the use of this popular open source Web browser? I look forward to hearing your thoughts on this.