According to the latest SANS Institute Top 20 Internet Security Vulnerabilities, a rapid growth in critical Firefox vulnerabilities is listed as the No. 4 trend. Johannes
Ullrich, chief research officer with SANS, said hackers are actively searching for vulnerabilities in Firefox and lesser-known Opera, as some users abandon Microsoft Internet Explorer (IE).
Not only are they targeting a growing market share, but attackers also are drawn to alternative browsers because they want to test their skills in a new environment, said Mark Loveless, a former hacker who now is a security architect for Vernier Networks.
The main draw of Firefox is its promise of a more secure web surfing experience supported by faster, automatic patching. While Firefox’s open-source nature makes it easier for hackers to discover vulnerabilities, many "good guys" also are auditing the source code, said experts.
But because web browsers allow attackers to avoid traditional perimeter defenses, none are immune from threats. Firefox recently endured a rough April, in which it patched 21 vulnerabilities, 13 of which it deemed critical.
"While it looks like a lot or an increasing amount, most of this was fixed prior to any public issue," said Mike Schroepfer, Mozilla’s vice president of engineering.
Still, experts seem to agree that no one browser is safer than another — what makes them distinct is how they respond to flaws. For example, Microsoft often moves slower on patches because they must be designed to mesh with the Windows operating system, whereas Firefox patches do not impact any software.
Jason Reed of consulting firm SystemExperts suggested clients configure their browsers to run only essential functions and trusted applications.
"We recommend our clients stay with what [browser] they have and secure it the best they can," he said.
