The fallout from Symantec's recent report about Internet security threats has continued after the report suggested Firefox's open-source Web browser had more confirmed vulnerabilities than Microsoft's Internet Explorer in the first six months of the year.
Symantec reported that during the first half of 2005, 25 confirmed vulnerabilities were disclosed for Firefox and other browsers based on Mozilla's open-source technology, including 18 flaws classified as 'highly severe'. Over the same timeframe, Microsoft confirmed 13 holes in Internet Explorer, eight of which were deemed to be 'highly severe'.
Both Mozilla and Microsoft have been busy on the browser front: the Mozilla Foundation releasing a new version of Firefox to counter some recently discovered security bugs; and Microsoft discussing its new version of Internet Explorer, IE7, and having to deal with reports from monitoring company Secunia of a flaw that could be used to launch spoof-based attacks.
One of the Firefox flaws concerns the risk that earlier versions of Firefox could execute arbitrary code of an attacker's choosing, allowing the attacker to take control of a user's machine by launching a buffer overflow attack. The new release, Firefox 1.0.7, also fixes a problem - in the way the Mozilla software handles Unix and Linux shell commands - that could allow attackers to run unauthorised software on some systems. A major upgrade, Version 1.5, is due for general release in November or December.
You can expect the propaganda war to continue. Mozilla has done well to capture 9% of the market, but the next version of IE will be considerably more secure. Remember those Netscape battles?