In the eight months since Firefox 1.5 was released, the Mozilla Foundation has published 56 security advisories, 26 of which involved vulnerabilities that “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” Those flaws have been fixed in a series of six maintenance releases.Ĭounting the security bulletins for Internet Explorer is a little more difficult, because Microsoft doesn’t break them out neatly by product.
There’s no shortage of vulnerabilities for either IE or Firefox. Let’s look at the two new browsers and compare how each one handles different threats. The challenge for the browser designer is to give the user enough information so that he or she can make an intelligent decision.
A computer user who has administrative rights over a computer can override any security feature or protective program. Some of these threats are technical, but the majority take the form of social engineering. A rogue program can be merely annoying – hijacking your home page and spewing unwanted pop-ups – or it can take the form of a Trojan horse or dialer that can drain its victim’s bank account. The most popular form of browser-based crime in 2006 is the phishing e-mail, which tries to sucker its victim into filling in valuable personal information – bank passwords, credit card details – in a phony web form. Some of the nastiest bits of spyware and malware walk through the front door, disguised as or piggybacking along with benign or harmless-sounding programs. This is the worst threat of all, because a successful attack can give an intruder complete control of your computer and every bit of information on it.