Internet Explorer and Firefox are vulnerable on Windows. This is not surprising; the question is, which is worse? ZDNet‘s George Ou took a close look at the numbers — measuring the vulnerability of the programs themselves, and how quickly the programs are fixed with patches (responsiveness). Here are excerpts from his Detailed Firefox and IE vulnerability report:
If you look at vulnerability activity before March of 2005, Microsoft Internet Explorer had a consistent drip of monthly vulnerabilities and a huge rash of problems in October 2004. During that same period of time, Firefox was fairly quiet. After March of 2005, the trend reversed and Firefox had a continuous drip of monthly vulnerabilities while Internet Explorer was relatively quiet. Internet Explorer appears to have had an ugly history but seems to be maturing and stabilizing while Firefox appears to be going through some growing pains in the last seven months. From these results, it is clear is that there is no clear victor and neither camp has anything to be proud of with all these security vulnerabilities.
On the other hand, the report points out that Firefox has the edge in patch responsiveness:
Microsoft has five “moderately critical” issues that have not been addressed yet. There is even a “highly critical” vulnerability from October 2003 that Microsoft has not addressed yet…
Abandoning Windows is the safest bet. Once on the Mac or Linux platform, Firefox is clearly the better choice (or some other browser besides IE).