In the past, there was a time when I thought Firefox was without a doubt more secure than Internet Explorer. Why? At the time it was something new, people would rave about how much more secure Firefox was-- it's open source platform meant a lot of Microsoft bashers saw a good opportunity to jump on board and scare people towards a rival product. Security aside, Firefox also had some rather nice little features that Internet Explorer was missing at the time--tabbed browsing was a must have and I don't know how I survived without it. After being a faithful Firefox user for a couple of years, I found myself frequently switching back to Internet Explorer. What happened? First and foremost Internet Explorer 7 introduced tabbed browsing and a few other ‘new' features that seemed to have been lifted straight from Firefox.
Equipped with tabs, Internet Explorer became a much more convenient browser to use day-in and day-out because some Web sites only support Microsoft's browser. Sure I could use Firefox and switch to IE when I needed to, but that soon becomes cumbersome. Maintaining two sets of bookmarks is a real pain, so it wasn't long until I stopped using Firefox altogether.
So how about the feeling of security that Firefox gave? Was it justified in the first place? Is Internet Explorer just as secure anyway? There have already been vulnerabilities uncovered.
I found an interesting paper written by Jeff Jones (yes, taken from Microsoft TechNet) which gives a vulnerability comparison between Internet Explorer and Firefox. Now I understand that this is hardly likely to be deemed impartial analysis, but it's claimed that over the three years from November 2004 - October 2007 Microsoft patched 87 vulnerabilities (54 critical) versus Firefox, who patched a total of 199 (75 critical) over the same period. Now you may suggest that those statistics only address patched vulnerabilities and Microsoft left a lot more unpatched in IE than Firefox have. The same report suggests that while Firefox 2 has at least 24 unpatched disclosed vulnerabilities; IE7 only has eleven.
I don't really think you can win-no one will ever be completely safe while surfing the Web, and staying clean depends as much on common sense and keeping your patching up to date as it does on which particular browser you use. I'd like to hear people's opinions on browser security. If you have any statistics opposing those cited by Jeff Jones, leave a comment and share the link.