Firefox celebrated its fifth birthday yesterday, but security vendor Cenzic spoiled the party with a report that Mozilla's browser was the most vulnerable browser in the first half of 2009. Cenzic claims 44 percent of all browser vulnerabilities were found in Firefox, followed by Apple's Safari with 35 percent of all reported vulnerabilities. Microsoft Internet Explorer does relatively well with just 15 percent, and Opera takes the best place with only 6 percent of all reported browser vulnerabilities.
Cenzic CTO Lars Ewe believes the large number of vulnerabilities in Firefox is a result of the large exposure of Firefox and the way the browser handles plug-ins. However, he also added that the large number of vulnerabilities doesn't necessarily mean that Firefox users were more vulnerable.
Ewe said that Cenzic looked at all reported vulnerabilities. There is no specific differentiation for zero day bugs in the browser vulnerability count either. All that raises the question of how Cenzic actually came up with their vulnerability counts in the first place.
"The process that we follow is looking at a number of different vulnerability databases and sources that we have and trying to come up with a fair percentage based on the deviations we see between the databases," Ewe said. "You could make the argument, that's its 40 percent or 42 percent and there might be some variation on how you analyze it, but certainly it's not off by 20 percent."