Firefox Security Problems Revealed by New Study

Google Browser StudyA new study ordered by Google reports some surprising browser-security problems at Firefox. The search giant has had a close relationship with Mozilla, investing some $57 million in the open-source browser since 2006 (in turn, it’s become its default search engine). That royalty contract is set to end this year and it’s unclear if Google will decide to cancel or extend it.

But back to the study. Google hired the security firm Accuvant to test the top three browsers, Mozilla, Chrome, and Internet Explorer, for security issues. As shown in the chart (above), the study says Google’s Chrome is the safest way to browse the Internet, followed by Internet Explorer. Surprisingly, Mozilla Firefox had some security features like Sandboxing, Plug-in Security, JIT Hardening, and URL Blacklisting that were unimplemented or ineffective.

According to the study, Firefox and Internet Explorer had problems in three areas: “Sandboxing (which limits a website exploiter’s access to a victim’s machine), JIT Hardening (or Just-In-Time, which prevents Javascript on websites from compiling code that it can run on the user’s computer) and Plug-in security (which limits the access of not only exploiters that run without user interaction on a site, but also those that attempt to trick users into downloading an add-on program that contains malicious commands).”

According to Accuvant, Chrome’s Sandboxing had the strictest controls, and cited only its lack of the URL Blacklisting feature. In contrast, Internet Explorer browser had big problems, allowing “hackers some file-reading capabilities even as it prevented them from installing malware.”

Mozilla released a statement through Johnathan Nightingale, the director of Firefox engineering:

Firefox includes a broad array of technologies to eliminate or reduce security threats, from platform-level features like address space randomization to internal systems like our layout frame poisoning system. Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet. We invest in security throughout the development process with internal and external code reviews, constant testing and analysis of running code, and rapid response to security issues when they emerge. We’re proud of our reputation on security, and it remains a central priority for Firefox.

Comments

  1. BY Michelle says:

    It’s interesting how the Google-commissioned study proved the security of the Chrome sandboxing feature. I don’t believe it was something the researchers set out to prove but it does bode well for Chrome adoption. Firefox has become buggy and slow after the last several updates. I personally use Chrome a lot more than Firefox because of this. I hope they patch up the security holes quickly. I would hate to see Firefox on the same list with IE6.

  2. The need for a better and safe web browsing can really start on the system itself which is inclusive of the choice of software. Firefox has been finding all the ways to promote safe searching and identity protection. Nevertheless, the browser will not get the high rank if it cannot provide the security features.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>