Mozilla's browsers global usage share is still growing

[homaquebec]

Mozilla's browsers have a total global usage share of 11,51 percent. The total usage share of Mozilla increased 2.82 percent since April 2005. Microsoft's Internet Explorer still dominates the global browser market with a global usage share of 85,45 percent which is 1.18 percent less as at the end of April.
[…]
Microsoft's Internet Explorer has less global usage share in the USA as in the UK. Mozilla's browsers are more popular in USA and Canada.

More details and lists of the most popular browsers on the whole web, in USA, in UK and in Canada

[KY Dave]

September 9, 2005

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs, said Mike Schroepfer, director of engineering at Mozilla. IDNs are domain names that use local language characters. The fix disables support for such Web addresses, he said.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year's end, Schroepfer said.

Though vulnerabilities in Microsoft's Internet Explorer have been the focus of much of the concern, other browsers also have had their fair share of flaws. Security has been a main selling point for Firefox over IE, which has begun to see its market share dip slightly--for the first time in years.

However, Firefox has had its own security woes. Several serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist.

When users are contemplating a switch from IE to another browser, they should consider the fact that they maybe moving to a browser that is even less secure.

[Rdsok]

KY Dave brings up a very good point. The way that I've started explaining it to my customers is that it has become an "urban legend" that one browser is more secure than another, when in fact it simply that one browser (IE currently) is targeted more for attack than the other browsers are.

[ComputerBob]

According to what I've read, no browser can ever be declared "secure," but Firefox has had far fewer security vulnerabilities than Internet Explorer; Firefox's vulnerabilities have been far less severe than IE's; and Mozilla has fixed FF's discovered vulnerabilities far faster than Microsoft has fixed IE's.

I switched from Internet Explorer to Firefox a year ago, on the day that v1.0 was released, and I've never looked back.

[KY Dave]

According to what I've read, no browser can ever be declared "secure," but Firefox has had far fewer security vulnerabilities than Internet Explorer; Firefox's vulnerabilities have been far less severe than IE's; and Mozilla has fixed FF's discovered vulnerabilities far faster than Microsoft has fixed IE's.

I switched from Internet Explorer to Firefox a year ago, on the day that v1.0 was released, and I've never looked back.

I'm not here to defend IE, but I've read just the opposite. That FireFox had more security issues than IE in the last six months and they were rated higher more often.

[Updated: 9/16/2005 7:22PM] Now that Firefox has become the first viable contender to Microsoft Internet Explorer in years, its popularity has brought with it some unwanted attention. Last week's premature disclosure of a zero-day Firefox exploit came a few weeks after a zero-day exploit for Internet Explorer appeared on the Internet. Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months.

As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005. Since that time, new exploits are being released almost on a monthly basis.

There are charts located at the url linked below that shows
FIREFOX had 40 vulnerabilities in the time period IE had 10
and FIREFOX had 11 exploits while IE had 6.

Security article

[ComputerBob]

These are what convinced me:
http://secunia.com/product/11/
http://secunia.com/product/4227/

[KY Dave]

IMO - That's like saying McDonald's hamburgers taste better than Wendy's hamburgers because they have sold more...

Sure there are more advisories for IE than Firefox, look at the number of users per browser and the number of attackers aimed at those users as mentioned in rdsok's statement.

It's the same arguement Mac users have used for decades about their systems being more secure, when in fact there are holes all thru it that haven't even had anyone looking for them. Same with Firefox. They didn't know about the vulnerabilities until they started offering 'reward money' for users finding them.

Just my point of view, you are welcome to have yours

[ComputerBob]

It's the same arguement Mac users have used for decades about their systems being more secure, when in fact there are holes all thru it that haven't even had anyone looking for them. Same with Firefox. They didn't know about the vulnerabilities until they started offering 'reward money' for users finding them.

No, it's not the same argument at all. In fact, I'm not arguing at all. I simply stated that the Secunia statistics that I cited were what convinced me to switch to Firefox a year ago. If they don't convince you, then that's fine, too.

I'm not here to defend IE...

It appears that you are.

[KY Dave]

I'm not here to defend IE...

It appears that you are.

Sorry if you see it that way.

I had read info that disagreed with your statements and so does the pages you linked.

I'm just wanting users to realize that there is 'hype' around the use of FireFox and Internet Explorer and they should research both browsers' strengths and weaknesses before making a choice.

In other words, make an informed choice.

[Rdsok]

I've seen a very sharp increase in the attacks on Firefox and I think we all have seen how much IE has been attacked already and that goes without question. (I think)...

I've also learned long ago to not take the word of these other companies or organizations since we can't know their true intentions or their motivations. Remember many are biased in their opinions also for one reason or other.

Personally... I now concider myself undecided as to which is the most or least secure anymore... and I don't think that is the important part of this discussion. The important part is that there is no secure browser, OS or any other type of computer related software period. To use an analogy.. "we're not in Kansas anymore Toto" and if you don't take the proper precautions you are likely to get "bitten".

I use Internet Explorer, Opera, and Firefox and the only problems (spyware related) that I've seen are the occasional new tracking cookie and as soon as I learn of them, I block them period. If you take the time to configure your software in a secure manner, you shouldn't have a problem no matter which browser you choose to use.

I now tell my customers, choose the browser you like the most and use it but take the time to secure it against any threats that are found. Then just in case... test often to make sure you haven't had your defenses broached.

[ComputerBob]

Unpatched IE Flaw Is Worse Than Expected

[KY Dave]

If you read the article linked by Computer Bob,

please be aware that the article links to a

PROOF OF CONCEPT page that will try to install a VIRUS on your computer during the proving of the concept.

AVG FREE caught the installation and the virus was deleted before installation occured on my system.

[ComputerBob]

If you read the article linked by Computer Bob,

please be aware that the article links to a

PROOF OF CONCEPT page that will try to install a VIRUS on your computer during the proving of the concept.

There is no need for an alarm in boldface and capital letters.

Anyone who reads the article can see that it already makes it very clear that the page to which it links is a proof of concept page that is provided only for those who want to see proof that the MSIE vulnerability exists. No one is required to click on the proof of concept link in order to read the article. And the proof of concept page itself requires the user to click on a link to make it "do its thing."

No tricks. No surprises. No need for panic.

You read what the article said about the proof of concept; then you read the information on the proof of concept page. After all of that, you chose to click on the link on the proof of concept page. You told it to prove the concept. You shouldn't have been surprised that the proof of concept page did what you told it to do.

The point of the article to which I linked is that there is a very dangerous unpatched vulnerability in MSIE.

[nicolas]

I switched to Firefox a year ago too... My choice wasn't a security issue but I needed tab browsing and the extension technology embedded into Firefox.

In the last 3 years, I was using MyIE2 and then Avant Browser that are some kinds of IE clones.

[KY Dave]

There is no need for an alarm in boldface and capital letters.

Anyone who reads the article can see that it already makes it very clear that the page to which it links is a proof of concept page that is provided only for those who want to see proof that the MSIE vulnerability exists.

No tricks. No surprises. No need for panic.

After all of that, you chose to click on the link on the proof of concept page. You told it to prove the concept. You shouldn't have been surprised that the proof of concept page did what you told it to do.

The point of the article to which I linked is that there is a very dangerous unpatched vulnerability in MSIE.

No, you are WRONG! Users should be informed that someone has posted a link to a web page that links to a virus installing web site.

IMO - The vulnerability is something completely different than the virus that the page also tries to install.

Also, I don't consider "please be aware" as showing panic.

[ComputerBob]

There is no need for an alarm in boldface and capital letters.

Anyone who reads the article can see that it already makes it very clear that the page to which it links is a proof of concept page that is provided only for those who want to see proof that the MSIE vulnerability exists.

No tricks. No surprises. No need for panic.

After all of that, you chose to click on the link on the proof of concept page. You told it to prove the concept. You shouldn't have been surprised that the proof of concept page did what you told it to do.

The point of the article to which I linked is that there is a very dangerous unpatched vulnerability in MSIE.

No, you are WRONG! Users should be informed that someone has posted a link to a web page that links to a virus installing web site.

Dave, I think it's a waste of time for you and me to argue about this. I agree with you that users should be informed. BUT, as I've already said, and as you've chosen to ignore, the article itself already very clearly informs users that it contains a link to a proof of concept page. And the proof of concept page states very clearly what it is. And the proof of concept page requires users to manually click on a link to tell the proof of concept page to do whatever it tries to do on their computers, to prove that the MSIE vulnerability exists on their computers. And no one who reads the article is required to click on the link in the article that goes to the proof of concept page. In fact, it seems to me that it would be pretty foolish for anyone to choose to go to that proof of concept page and then tell the proof of concept page to try to mess up their computer. That would be like "asking for trouble," so personally, I would never do it.

However, if someone chooses to click on the article's link to go to the proof of concept page (like you chose to do), and they also choose to click on the link to tell the proof of concept page to try to do whatever it does on their computer (like you chose to do), then the proof of concept page will try to do whatever it does on their computer, just like it tried to do to your computer. You "asked for trouble" and you got it.

Like I already said: No tricks. No surprises. No need for panic. And there is nothing inherently dangerous about a proof of concept page. In fact, even the original advisory about this particular MSIE exploit (now labeled by Secunia as "Extremely Critical") contains a link to that exact same proof of concept page.

But for anyone who doesn't understand what a proof of concept page is, here are links to articles about the MSIE exploit that do not contain any link to the proof of concept page:

http://secunia.com/advisories/15546/

http://www.kb.cert.org/vuls/id/887861

IMO - The vulnerability is something completely different than the virus that the page also tries to install.

But what you keep ignoring is the fact that the proof of concept page only tries to do whatever it tries to do to your computer after you have told it that you want it to try to do so. And from what I've read about it, I don't think the proof of concept page tries to install a virus on your computer, despite what you've said.

Also, I don't consider "please be aware" as showing panic.

As I already stated, your unnecessary use of boldface, capital letters and alarmist language showed panic. BTW, from now on, if you quote one of my posts, please don't add your own boldface codes to what I wrote like you did in your reply above.

If you want to make your points again, go ahead, but I've made the exact same points twice, and I don't think there'd be any value in making them again, so I'm done.

[quosego]

I use AvantBrowser which is a IE based tabbed browser. Recently Avant's developer launched a second browser with same functions (and looks) as in Avant but now based on firefox. This name of this software is Dr. Orca (what's in a name:) )
I tried this program of curiousity but i will stay with Avant.

[Renier]

I went from IE to NetCaptor to Maxthon to FireFox.

[mpot]

Mozilla's browsers have a total global usage share of 11,51 percent. The total usage share of Mozilla increased 2.82 percent since April 2005. Microsoft's Internet Explorer still dominates the global browser market with a global usage share of 85,45 percent which is 1.18 percent less as at the end of April.

My website stats indicate ~60% IE users, ~38% Mozilla/Firefox, and the remaining 2% using Opera and other browsers.
Some of the much less technical websites I maintain have ~11% Mozilla/Firefox usage.

Admittedly, my website tends to cater for the "geekier" people among us, who tend to be more likely to use Firefox rather than IE...but the IE percentage has been steadily decreasing over the last few years.

Cheers,
Martin.

[KY Dave]

[IMO]
Statistics on browser use are misleading at best, because several other browsers identify themselves as Internet Explorer in order to gain access to sites, such as M$ Update. This would tend to inflate IE's percentage of use.
I do agree, that IE's usage is declining, no matter if the stats are inflated or not.

I also use AVANT, which is a custom web browser application that uses the IE browser engine. I have tried Firefox 1.5 and earlier versions and they just don't compare to the customization offered by AVANT, and AVANT is just a lot easier to use.

I don't recommend downloading the newest versions of AVANT though, as the developer has changed a few things that have created some problems that need corrected.
[/IMO]