We've got two bits of good news, and one bit of bad news about Mozilla's Firefox web browser. Starting with the bad news - in 2008, Fiefox suffered from considerably more security holes than Internet Explorer and Safari. However, the first bit of good news is that Mozilla was much faster at patching zero-day exploits, according to a report by Secunia. The zero-day flaws of Firefox were also less severe than those of IE. The other bit of good news is that Firefox' upcoming Tracemonkey JavaScript engine is so good, the next Firefox release has been bumped from 3.1 to 3.5.In 2008, Firefox faced 115 reported security flaws, which is nearly four times as many as any other popular web browser. Microsoft, Apple, and Opera respectively reported 31, 32, and 30 security flaws in their browser. It is valuable to note, though, that Firefox is an open-source product, and therefore, security flaws may be be dragged kicking and screaming into the light of day easier than with its closed-source brethren. Still, if that can account for such a major difference is debatable, at best.
Like I said, there is good news on the security front as well for Firefox. In 2008, Internet Explorer faced 6 zero-day flaws, two of which were rated "moderate" or "high" in severity. Firefox faced only three zero-day flaws in 2008, and none of them were labelled moderate or severe by Secunia. Mozilla also responded much, much faster to these zero-day flaws than Microsoft did, with three of them still unfixed in Internet Explorer (the higher-rated flaws were fixed, though).
The other bit of good news is Tracemonkey's excellent performance, which, according to BetaNews, approaches that of Safari 4. Betanews believes that further down the development line of Firefox 3.1 3.5, it will be a neck-and-neck race. As a consequence, Mozilla will bump the version number from 3.1 to 3.5 for the next Firefox release.
