This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Is Firefox really less secure than Internet Explorer?

more options

I need help settling a professional debate that I am having at work regarding browser security. A colleague of mine is making the case that open source is less secure than closed source software. He says that Firefox is a good example of this and says that Internet Explorer is more stable, reliable and secure.

Although articles and opinions can be found supporting either side, he says that high quality/unbiased sources often credit IE as being better and uses these two as examples:

I thought, rather than looking up my own information, why not go to this support forum and get some feedback from a different point of view.

I need help settling a professional debate that I am having at work regarding browser security. A colleague of mine is making the case that open source is less secure than closed source software. He says that Firefox is a good example of this and says that Internet Explorer is more stable, reliable and secure. Although articles and opinions can be found supporting either side, he says that high quality/unbiased sources often credit IE as being better and uses these two as examples: *https://www.nsslabs.com/reports/browser-security-comparative-analysis-socially-engineered-malware *http://www.accuvant.com/capability/accuvant-labs/security-research/browser-security-comparison-quantitative-approach I thought, rather than looking up my own information, why not go to this support forum and get some feedback from a different point of view.

Modified by cor-el

All Replies (5)

more options

It depends on your definition of Secure. Firefox on average will fix reported vulnerabilities much faster than IE (often in 24 hours or less) while IE takes weeks or months to fix reported vulnerabilities. Once a security vulnerability is reported it's important to fix it ASAP, as bad guys will being using it until it's fixed.

Open Source is also more secure as anyone can see the source and fix holes. Also, there is less change of a privacy issue in Open source. In IE, you have to trust they aren't doing anything to invade your privacy, in Firefox, you can prove it by reading the source.

more options

Thanks for your feedback. Can you point to any quality research done that confirms what you say?

For what it's worth, I've always been in agreement with what you say regarding open source but I'm trying to keep an open mind about this topic and basing any new opinions on supporting documentation.

more options
more options

Thanks for the link. That article reminded me that PGP is one of the best examples of secure software that is open source.

more options

When you review the NSS report, you see that Microsoft has an excellent reputation filter that blocks dangerous downloads. Google's isn't quite as good, but you can see that by comparison, the SafeBrowsing service Google licenses to Mozilla is much less potent than the one it uses in Chrome. Regardless of browser, users should supplement built-in reputation filters with regularly updated security software.

But that has nothing to do with open source vs. closed source development methodology. It simply reflects the allocation of resources toward one particular feature: compiling a really thorough database of malicious URLs.

The second paper, which evaluated Firefox 5, is a bit out of date now. This part is particularly quaint, as users upset about constant releases can confirm:

"As seen in Figure 9, Firefox has no pre-set pattern that determines release updates. In some instances, Mozilla has released updates in quick succession, within only a few days. Other times, up to three months passed without an update release."

The paper's negative assessment of Firefox 5 compared with Chrome in the sandboxing tests results from different designs. Again, there is nothing about open source vs. closed source development that dictates a product's design.

The bottom line is that each comparison needs to be made on its own merits; there is no reason to think that any given closed source software will invariably be more secure than any given open source software.