Security
See also: Browser securityFirefox uses a sandbox security model, and limits scripts from accessing data from other web sites based on the same origin policy. It uses SSL/TLS to protect communications with web servers using strong cryptography when using the HTTPS protocol. It also provides support for web applications to use smartcards for authentication purposes.
The Mozilla Foundation offers a "bug bounty" (up to 3000 USD cash reward and a Mozilla T-shirt) to researchers who discover severe security holes in Firefox. Official guidelines for handling security vulnerabilities discourage early disclosure of vulnerabilities so as not to give potential attackers an advantage in creating exploits.
Because Firefox generally has fewer publicly known unpatched security vulnerabilities than Internet Explorer (see Comparison of web browsers), improved security is often cited as a reason to switch from Internet Explorer to Firefox. The Washington Post reports that exploit code for known critical unpatched security vulnerabilities in Internet Explorer was available for 284 days in 2006. In comparison, exploit code for known, critical security vulnerabilities in Firefox was available for 9 days before Mozilla issued a patch to remedy the problem.
A 2006 Symantec study showed that, although Firefox had surpassed other browsers in the number of vendor-confirmed vulnerabilities that year through September, these vulnerabilities were patched far more quickly than those found in other browsers – Firefox's vulnerabilities were fixed on average one day after the exploit code was made available, as compared to nine days for Internet Explorer. Symantec later clarified their statement, saying that Firefox still had fewer security vulnerabilities than Internet Explorer, as counted by security researchers.
In 2010 a study of the National Institute of Standards and Technology (NIST) based on data compiled from the National Vulnerability Database (NVD) Firefox was listed as the 5th most vulnerable desktop software, Internet Explorer ranked 8th, and Google Chrome as 1st.
InfoWorld has cited security experts saying that as Firefox becomes more popular, more vulnerabilities will be found, a claim that Mitchell Baker, president of the Mozilla Foundation, has denied: "There is this idea that market share alone will make you have more vulnerabilities. It is not relational at all."
In October 2009, Microsoft's security engineers acknowledged that Firefox was vulnerable since February of that year due to a .NET Framework 3.5 SP1 Windows update that silently installed a buggy 'Windows Presentation Foundation' plug-in into Firefox. This vulnerability has since been patched by Microsoft.
As of February 11, 2011, Firefox 3.6 had no known unpatched security vulnerabilities according to Secunia. Internet Explorer 8 had five unpatched security vulnerabilities, the worst being rated "Less Critical" by Secunia.
Mozilla claims that all patched vulnerabilities of Mozilla products are publicly listed.
Famous quotes containing the word security:
“Thanks to recent trends in the theory of knowledge, history is now better aware of its own worth and unassailability than it formerly was. It is precisely in its inexact character, in the fact that it can never be normative and does not have to be, that its security lies.”
—Johan Huizinga (1872–1945)
“Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.”
—Franklin D. Roosevelt (1882–1945)
“We now in the United States have more security guards for the rich than we have police services for the poor districts. If you’re looking for personal security, far better to move to the suburbs than to pay taxes in New York.”
—John Kenneth Galbraith (b. 1908)