Main image of article Firefox Security Problems Revealed by New Study
Google Browser StudyA new study ordered by Google reports some surprising browser-security problems at Firefox. The search giant has had a close relationship with Mozilla, investing some $57 million in the open-source browser since 2006 (in turn, it's become its default search engine). That royalty contract is set to end this year and it's unclear if Google will decide to cancel or extend it. But back to the study. Google hired the security firm Accuvant to test the top three browsers, Mozilla, Chrome, and Internet Explorer, for security issues. As shown in the chart (above), the study says Google's Chrome is the safest way to browse the Internet, followed by Internet Explorer. Surprisingly, Mozilla Firefox had some security features like Sandboxing, Plug-in Security, JIT Hardening, and URL Blacklisting that were unimplemented or ineffective. According to the study, Firefox and Internet Explorer had problems in three areas: "Sandboxing (which limits a website exploiter’s access to a victim’s machine), JIT Hardening (or Just-In-Time, which prevents Javascript on websites from compiling code that it can run on the user’s computer) and Plug-in security (which limits the access of not only exploiters that run without user interaction on a site, but also those that attempt to trick users into downloading an add-on program that contains malicious commands)." According to Accuvant, Chrome's Sandboxing had the strictest controls, and cited only its lack of the URL Blacklisting feature. In contrast, Internet Explorer browser had big problems, allowing "hackers some file-reading capabilities even as it prevented them from installing malware." Mozilla released a statement through Johnathan Nightingale, the director of Firefox engineering:
Firefox includes a broad array of technologies to eliminate or reduce security threats, from platform-level features like address space randomization to internal systems like our layout frame poisoning system. Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet. We invest in security throughout the development process with internal and external code reviews, constant testing and analysis of running code, and rapid response to security issues when they emerge. We’re proud of our reputation on security, and it remains a central priority for Firefox.