Mozillazine 這篇 More Security Flaws in Firefox Than IE This Year 下面的 Pie chart 依據 Secunia 的資料，顯示了今年年初到目前為止 IE 有 9 個與安全性相關的問題，而 Firefox 有 17 個：

如果把程度加上去則是：

至於下面那個「Unfair comparison」就不用看了，沒有人會因為 Firefox 1.x 是第一年就同情他的… 除了 Firefox 親衛隊。

更完整的資料可以在 Vulnerability Report – Microsoft Internet Explorer 6.x 與 Vulnerability Report – Mozilla Firefox 1.x 找到。

Firefox 的 17 個安全性通告中有 15 個已經修正 (Vendor Patched)，有一個部分修正 (Partial Patched) 與一個尚未修正 (Unpatched)：

• Firefox Property Manipulation Cross-Site Scripting Vulnerability (Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.)
• Firefox Multiple Vulnerabilities (Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user’s system.)
• Mozilla / Firefox / Camino Dialog Origin Spoofing Vulnerability (Secunia Research has discovered a vulnerability in Mozilla, Firefox, and Camino, which can be exploited by malicious web sites to spoof dialog boxes.)
• Mozilla / Mozilla Firefox Frame Injection Vulnerability (A seven year old vulnerability has been re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites.)
• Mozilla Firefox Download Dialog Spoofing Vulnerabilities (Secunia Research has discovered two vulnerabilities in Mozilla Firefox, which can be exploited by malicious people to spoof file types in the file download dialog.) Partial Fix.
• Mozilla Firefox Two Vulnerabilities (Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user’s system.)
• Mozilla Firefox Multiple Vulnerabilities (Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user’s system.)
• Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability (A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive information.)
• Mozilla Firefox Three Vulnerabilities (Three vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user’s system.)
• Firefox “Save Link As…” Status Bar Spoofing Weakness (bitlance winter has discovered a weakness in Firefox, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.)
• Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting (Paul has reported a vulnerability in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.) Unpatched.
• Mozilla / Firefox “Save Link As” Download Dialog Spoofing (Secunia Research has discovered a vulnerability in Mozilla and Mozilla Firefox, which can be exploited by malicious people to trick users into downloading malicious files.)
• Mozilla / Firefox / Thunderbird Multiple Vulnerabilities (Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user’s system.)
• Mozilla / Firefox Three Vulnerabilities (mikx has discovered three vulnerabilities in Mozilla and Firefox, which can be exploited by malicious people to plant malware on a user’s system, conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions and compromise a user’s system.)
• Mozilla Products IDN Spoofing Security Issue (Eric Johanson has reported a security issue in Mozilla / Firefox / Camino / Thunderbird, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.)
• Mozilla / Mozilla Firefox Dialog Overlapping Weakness (mikx has discovered a weakness in Mozilla and Mozilla Firefox, which potentially can be exploited by malicious people to trick users into performing unintended actions.)
• Mozilla / Mozilla Firefox Download Dialog Source Spoofing (Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box.)

而 IE6 的 9 個安全性問題中，只有三個修正，一個部分修正，而剩下的五個都是尚未修正：

• Internet Explorer “javaprxy.dll” Memory Corruption Vulnerability (SEC Consult has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user’s system.)
• Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability (Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious web sites to spoof dialog boxes.) Unpatched.
• Microsoft Internet Explorer “window()” Denial of Service Weakness (Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to cause a DoS (Denial of Service).) Unpatched.
• Microsoft Internet Explorer Multiple Vulnerabilities (Some vulnerabilities has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user’s system.)
• Microsoft Internet Explorer Popup Title Bar Spoofing Weakness (bitlance winter has discovered a weakness in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.) Unpatched.
• Internet Explorer/Outlook Express Status Bar Spoofing (bitlance winter has discovered a weakness in Internet Explorer/Outlook Express, which can be exploited by malicious people to trick users into visiting a malicious web site by obfuscating URLs.) Unpatched.
• Microsoft Internet Explorer Multiple Vulnerabilities (Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user’s system.)
• Internet Explorer Global Variables Local File Detection Weakness (Berend-Jan Wever has discovered a weakness in Internet Explorer, which can be exploited by malicious people to detect the presence of local files.) Unpatched.
• Internet Explorer FTP Download Directory Traversal (A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.) Partial Patched.

不管是哪一套，能夠直接攻進系統的安全性漏洞都有修正，而其他類性的 (主要是 DoS 與 Spoofing) 安全性問題 IE6 不太想修的樣子。

總結來說，Firefox 並不是比較安全的軟體，而只是比較願意在發生安全性問題時出 patch 的軟體。