News

Opera Beats IE in Browser Web Security

Microsoft's efforts on combating server-side Web vulnerabilities, as well as patching its Internet Explorer client, may be paying off.

A report from application security firm Cenzic, announced this week, looked at various Web security issues in the first half of this year. Vulnerabilities in the top four browsers was one focus the study, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

The report found IE placing fairly well. It was second only to the Opera browser in protecting against Web vulnerabilities.

"Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent," the report noted.

Mozilla's Firefox clocked in as the most vulnerable browser on the Web, according to Cenzic's report -- a disappointing showing for IE's closest rival. Firefox reportedly has an estimated 330 million users and recently passed its fifth anniversary, having been launched on November 9, 2004.

Internet Explorer is still the most used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, the report pointed to other areas of concern. Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased compared with such findings from last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers -- and there are now low-cost, turnkey SaaS solutions available -- businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.