Just now, one of my co-workers asked me (over the cubicle wall) “Did you hear about the security flaws in Firefox?” I told her that I had. Then I composed the following email to her:
You can read more about the flaw here:
Flaws are constantly discovered (usually a few every month) in every web browser (Internet Explorer, Firefox, Opera), and they’re usually patched pretty quickly. Mozilla tends to patch flaws within a week of their having been discovered. Microsoft sometimes takes months to patch their Internet Explorer flaws.
No matter what browser you use, it’s always a good idea to avoid any sites you don’t trust and to keep your browser version up to date.
You can see from the release notes of the previous versions of Firefox that almost all the new releases are due to the patching of security flaws in previous versions:
Hope that helps!
I don’t ever want to make it sound as if one company (Mozilla or Microsoft) is the “good guy” or the “bad guy” or that one browser is a good browser and the other bad. Firefox vulnerabilities, for some reason, tend to make headlines more than Internet Explorer ones, even during the times that Internet Explorer has more vulnerabilities, more severe vulnerabilities, or a longer time between patches. I don’t want people getting the impression that Firefox is inherently more insecure than Internet Explorer (when some might argue the opposite to be true… and actually have a good case).
Bottom line: most end-users are not going to install NoScript and whitelist sites one by one. Even I’ve grown tired of doing that. It’s always a fine line between convenience and security, so I think the advice I gave was the most sound I could give in trying to find that balance—Ultimately, it doesn’t matter what browser you use. Just don’t visit fishy (or phishy) sites, and always keep your software up to date.
Anything anyone want to add?