News

Opera Beats IE in Browser Web Security

• By Jabulani Leffall
• 11/13/2009

Microsoft's efforts on combating server-side Web vulnerabilities, as well as patching its Internet Explorer client, may be paying off.

A report from application security firm Cenzic, announced this week, looked at various Web security issues in the first half of this year. Vulnerabilities in the top four browsers was one focus the study, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

The report found IE placing fairly well. It was second only to the Opera browser in protecting against Web vulnerabilities.

"Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent," the report noted.

Mozilla's Firefox clocked in as the most vulnerable browser on the Web, according to Cenzic's report -- a disappointing showing for IE's closest rival. Firefox reportedly has an estimated 330 million users and recently passed its fifth anniversary, having been launched on November 9, 2004.

Internet Explorer is still the most used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, the report pointed to other areas of concern. Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased compared with such findings from last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers -- and there are now low-cost, turnkey SaaS solutions available -- businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."