Man, I am seriously disappointed with this kind of irresponsible reporting. Since when is the "number of vulnerabilities repoted" (and often quickly fixed, by the way) any kind of global measure - or justification of a headline such as "more vulnreable".

To start with, there's been a cash bounty available for people who find security loopholes in Mozilla/Firefox. That alone helps to up the count of vulnerabilities found and fixed before they end up in the wild and doing real damage.

Absolute, pro-Miscrosoft spin doctoring!

Here's another recent thread about the "vulnerability count" issue:
[webmasterworld.com...]

Symantec admitted that "at the time of writing, no widespread exploitation of any browser except Microsoft Internet Explorer has occurred"

Says it all, really.

Speaking generally, I think Firefox is just as vulnerable as any other browser, including IE, to exploitation. And, by and large, the consequences will be just as serious. Much is made of IE's tight integration with Windows, but that's only really true to the extent that the IE engine is a control that can (and is) hosted within some Windows applets and third party apps. The same is, or will be, true of the GRE.

Where ActiveX was the bane of IE, Firefox has extensions and themes. Whether or not these are signed (they usually are not), they have the same havoc-causing potential; there is no easy way for a user to verify the safety or otherwise of an extension -- even hosting on Mozilla.org is no guarantee.

The truth is, Firefox seems to be suffering from the same sorts of vulnerabilities that have plagued IE (and company) in the past. URL mangling, Javascript problems and Framing exploits have all had their turn. It's true that the fx team can learn from the mistakes of others, but it's also true that IE is a mature product that has endured the scrutiny of just about everyone -- the easy exploits are largely a thing of the past.

Can the open nature of the Firefox source really improve security that much? Only in the technical reality. The source is open to scrutiny by any "security researcher" out to make a name for himself, and I can see no more likely outcome than a steady stream of vulnerability notices. Never mind that the exploitation windows are narrow, or problems are restricted to a minor platform or user group -- the public will see only the constant repetition of "super-ultra-critical vulnerability report" (and that's just for non-remotely exploitable bugs).

Given the large surface area to attack, and the high profile of any and every security bug found, it's probably only a matter of time before public confidence in Firefox as a secure browser drops into the background noise.

25 vendor-confirmed vulnerabilities were disclosed for the Mozilla browsers during the first half of 2005.... Eighteen of these flaws were classified as high severity.

That bothers me. 18 are high severity? I don't know what they rate as high severity, but considering that it's not tied into the OS like IE is, that's a little troubling for me. Maybe someone can shed a brighter light on this for me, is there something else I'm not taking into account?

Jennifer