this post was submitted on 25 Feb 2025
11 points (100.0% liked)

Firefox

85 readers
621 users here now

The latest news and developments on Firefox and Mozilla, a global non-profit that strives to promote openness, innovation and opportunity on the web.

You can subscribe to this community from any Kbin or Lemmy instance:

Related

Rules

While we are not an official Mozilla community, we have adopted the Mozilla Community Participation Guidelines as far as it can be applied to a bin.

Rules

  1. Always be civil and respectful
    Don't be toxic, hostile, or a troll, especially towards Mozilla employees. This includes gratuitous use of profanity.

  2. Don't be a bigot
    No form of bigotry will be tolerated.

  3. Don't post security compromising suggestions
    If you do, include an obvious and clear warning.

  4. Don't post conspiracy theories
    Especially ones about nefarious intentions or funding. If you're concerned: Ask. Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources.

  5. Don't accuse others of shilling
    Send honest concerns to the moderators and/or admins, and we will investigate.

  6. Do not remove your help posts after they receive replies
    Half the point of asking questions in a public sub is so that everyone can benefit from the answers—which is impossible if you go deleting everything behind yourself once you've gotten yours.

founded 2 years ago
MODERATORS
[email protected]
11
Assessing Browser Security: A Detailed Study Based on CVE Metrics. (doi.org)
submitted 3 days ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

This is pretty interesting:

The results highlight significant differences in browser security: while Google Chrome and Samsung Internet exhibited lower threat indices, Mozilla Firefox demonstrated consistently higher scores, indicating greater exposure to risks. These observations a slightly contradict widespread opinion.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 3 days ago

I'm not anywhere near qualified to comment on their methodology. This is a full blown whitepaper... but I'm going to run my mouth anyway!

It seems like a significant factor for their assessment of how "bad" the situation is involves weighting against the browser popularity. They seem to have an assumption that a higher userbase would naturally mean more CVE discovery/disclosure, so their formula seems to have weighting such that each individual CVE for Chrome is worth less than each individual CVE for Firefox.

I personally think that while it is admirable they have tried to account for this mathematically, it’s trying to assume a hard statistical link between popularity and CVE amount where only a "loose" correlation may exist.

Chrome, by the paper's admission, has more actual CVEs over the same period of time as Firefox, but with their complex weighting formula they argue that each one means less than Firefox's CVEs.