LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A Firefox zero-day vulnerability

A Firefox zero-day vulnerability

Posted Oct 27, 2010 15:27 UTC (Wed) by gerv (subscriber, #3376)
In reply to: A Firefox zero-day vulnerability by nix
Parent article: A Firefox zero-day vulnerability

Firefox is an order of magnitude larger, a lot more complex, and takes at least 15 times as many different forms of input (HTML, XHTML, CSS, JavaScript, SVG, MathML, JPEG, PNG, GIF, ICO, Vorbis, Theora, VP8, WAV, SMIL) as a mailserver. All those forms of input have complicated specs. It has 400 million installs, and deals with people's sensitive financial information, and is therefore a very tempting target for hackers.

In addition, number of vulnerabilities is a much worse measure of risk than "days of vulnerability" - how many days in a year users of that software are vulnerable to a critical bug, before a fix is provided. In 2006 (no-one has done the study since that I can find), it was Firefox: 9, IE: 286.

1 vulnerability is 1 too many, but you could at least try and compare apples with apples. :-)

Gerv

(Log in to post comments)

A Firefox zero-day vulnerability

Posted Oct 27, 2010 16:14 UTC (Wed) by nix (subscriber, #2304) [Link]

Oh, yes, I'm quite aware that this is a completely useless comparison in as many ways as you care to measure it, but every day is a good day to be facetious :)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds