Over the past 3 years, supported versions of Internet Explorer have experienced fewer vulnerabilities and fewer High severity vulnerabilities than Firefox, a result that stands in contrast to early assertions by Mozilla that Firefox “won't harbor nearly as many security flaws as those that have Microsoft's Internet Explorer.”1

1 Mozilla President Baker in CNET article Mozilla: We're more secure than Microsoft.

The analysis in this report uses a set of data that has been compiled, customized and cross-checked using several sources of data available on the Internet:
 Microsoft Security Bulletins as published at http://www.microsoft.com/technet/security/current.aspx and associated web pages.
 Mozilla Foundation Security Advisories as published at http://www.mozilla.org/security/announce/ and associated web pages.
 The National Vulnerability Database (NVD) , a database superset of the Mitre CVE list (http://cve.mitre.org) which provides additional objective information concerning vulnerabilities was the source utilized for severity ratings and exploit complexity assessment. The NVD is also sponsored by the US Department of Homeland Security and makes their data downloadable in an XML format at http://nvd.nist.gov/download.cfm.
 Many security websites were utilized for detailed verification and validation of vulnerability details, and especially dates for when the issue was first discussed publicly. Some of the most commonly utilized were: www.securityfocus.com, the Bugtraq mailing list, www.secunia.com, and www.securitytracker.com, but there were many others.


Discuss.

Microsoft are good at skewing results in their own favor. These results dont really need more discussion, its simple:

Microsofts Internet Explorer has had fewer vulnerabilities. BUT (here is the BIG problem) it has taken them nearly 3 if not 4 times as long to PATCH the exploits as it takes firefox. The length of time a vulnerability is open to the public is FAR worse than the total number of vulnerabilities.

How many times has your firefox updated lately? 2.0.0.9, 10, and 11 came out pretty quickly. Bugs were fixed. IE updates once a month if we are lucky.

The longer an exploit lives in the wild the more people can use it. More code is released on sites like http://www.milw0rm.com/ . If bugs are fixed faster, less people get a chance to use them (sometimes even none.)

It is a very simple thing to understand. IE's bugs are worse because of patch time, and microsoft need to get off the "patch tuesday" system (something nearly every major security vendor and consultant has said multiple times.)

I run both IE and Firefox. I have never had a problem with Firefox even while going to questionable web sites. IE7 is leaps and bounds better than IE6 but its still no Firefox.

Blaspheme! :)

As you've guys mentioned FF has more holes but patches them quicker. If you think about it on a "time the browser is insecure" scale. Then Firefox is far far better.


The biggest selling point to my clients with IE6+7 vs FF is the webpage loading speeds.
My mother for example, she was complaining that all her sites just took forever to load. I checked the network speed and it was fine. I checked on my fathers computer that uses the same network and it was fine. I checked my mothers computer for spyware, viruses and other nasties and it was fine. I did a PC tuneup and it was also fine.

I installed Firefox and BOOM! everything came up almost instantly. It turns out that Firefox will show the page as it loads whereas IE wont show anything until the page fully loads.

I know I am more or less alone in this but I will never use Firefox. I tried it once and it was such a horrible experience. My first major issue was security options it didn't have hardly any IE6(and I think 7 does as well aint really looked at all its settings) gives you million options and as someone who likes more control more options is better. I did what little I could to increase Firefox's security settings and I had already ramped up my IE6 security settings. Now this was back before IE7 so maybe Id try it agian but I doubt it. That is all minor to what made me decide it is terrible application which was it failed to do what it is hyped to do. Yes it failed to be more secure then my IE6 at the time. I was given a link meant to screw up IE I went in IE and nothing happened at all. I tried the link in Firefox and it crippled it to the point the only fix was uninstall and reinstall. I have never had anything cripple IE that wasn't repairable yet an IE attack site did thiss to Firefox. I am not defending IE here just saying why I hate Firefox it failed me completely. I have tried Opera and I actually like it somewhat however I have not tested its vulnerabilities yet or really checked out the menu. I also did not like the look and feel of Firefox at all.

Blues

I think you should try Firefox again, its come a long way in the past few years. FF is highly tweakable and customizable now, and there are some things you can do with FF that you cannot do in IE. like extensions and themes. With IE I would have to download lots of other programs to do the same things I can do wit FF and a few addons. Also with FF you can make it pretty much anything you want, with IE 7 there is very little you can actually change. So, if you don't like the look and feel of FF change it to whatever you like. Also FF can be tweaked to load pages much faster than IE, like 70-80% faster. Comparing the Firefox of just last year to the FF of today would almost be like comparing IE 5 to IE 7, because FF updates so often. FF is also much easer on your OS if you have to uninstall it and reinstall it, on the other hand I have seen IE problems force a reinstall to correct. FF can also be portable, running right off your USB drive so you always have your bookmarks with you ( comes in real handy ).

I'd be willing to bet that study was either directly or indirectly funded by Microsoft. It's their typical FUD machine doing it's work. Not a year goes by where you don't see these studies pop up claiming Microsoft's product X is more secure/better than open source product Y.

As people have already mentioned it mostly comes down to how quickly patches are released. Mozilla isn't perfect, but their patches come out in days/weeks instead of months like you find with IE. Another flaw with these studies is that Microsoft doesn't have to report a vulnerability. Who knows how much stuff they patch that only a handful of people know about. By the nature of open source all of firefox's vulnerabilities are found out about.

Just for the sake of fun let's pretend Firefox is less secure than IE. Personally I would still run it because of standards compatibility and features. Just ask any respectable web designer about IE and I'm sure you'd here quite a rant.

I might be forced to use Windows because of my chosen profession, but there is no way I would ever use IE as my default browser.