Why does Firefox keep finding so many critical security vulnerabilities?
We are on Firefox version 36. Why do you keep finding critical vulnerabilities? Have these vulnerabilities always been there and you are just finding them? Or are your developers so inept that they keep adding them to the product yea rafter year ? Does Firefox have a quality control problem with regards to security and privacy? There is an underlying problem here. Are you able to identify it? Are you able to solve it? Hint: Your concept of 'good enough' may not be 'good enough.'
All Replies (2)
There are several reasons for security vulnerabilities:
- the programming language used to write applications like Firefox has architectural issues that cause a large amount of security vulnerabilities - there are a large number of researchers whose job is to find vulnerabilities. - new features are constantly being added. Most issues come from recently added features.
Most vulnerabilities are patched quickly after they are found, and most issues are found before they are ever exploited.
This is also not a problem unique to Firefox. So far in 2015, there have been 62 security vulnerabilities in google chrome, and last year there were 127. By my count, Firefox has only had 29 security vulnerabilities found so far this year (although I may have miscounted).
Mozilla also has a research project they are testing that uses a new design that will significantly reduce the number of security vulnerabilities.
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://arstechnica.com/security/2015/03/all-four-major-browsers-take-a-stomping-at-pwn2own-hacking-competition/ https://threatpost.com/flash-reader-firefox-and-ie-fall-on-pwn2own-day-1/111720 https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731
The only difference 36.0.4 has over 36.0.3 was for a security fix. These are chemspill updates that are for security and allowed stability fixes that could not wait for next major Release.
https://www.mozilla.org/en-US/firefox/releases/