According to November market share data from Net Applications, Mozilla's Firefox added about 0.7 percent market share last month to its 24.72 percent, while Internet Explorer's (IE) share dropped from 64.64 percent in October to 63.62 percent in November. IE has been mostly on a downward spiral all year, starting at 69.72 percent in January.
The bad news for Firefox is it had more vulnerabilities than IE in the first half of the year. For the first and second quarters of 2009, IE had about 15 percent of all browser bugs, Safari had 35 percent, and Firefox had 44 percent, according to Cenzic's Web Application Security Trends Report (PDF), which was released last month. Overall, 90 percent of Web vulnerabilities during that period were in commercial Web apps, 8 percent in browsers, and 2 percent in Web servers, according to the report.
The report doesn't drill down into the trends of the types of vulnerabilities found in Firefox, but it was a busy year for Mozilla's security team. The first zero-day exploit for version 3.5 of the open-source browser was unleashed in July as Mozilla rushed to patch the vulnerability in its Just-in-Time JavaScript compiler.
No browser is foolproof, of course. And the only way to avoid many browser-borne attacks is to go forgo Web 2.0 and go retro with an old-school, text-based browser like Lynx. Uh -- no thanks. I'll just keep on patching.
-- Kelly Jackson Higgins, Senior Editor, Dark Reading