Thursday, May 3, 2007

Standards support

Mozilla Firefox supports many software standards, including HTML, XML, XHTML, CSS, ECMAScript (JavaScript), DOM, MathML, DTD, XSLT, XPath, and PNG images with alpha transparency.[21] In addition Firefox supports the SVG standard, however what exists in the current stable version should only be treated as a "technology preview", as it is not a full implementation.[22] Firefox also supports standards proposals created by the WHATWG such as the offline storage[23][24] and canvas element.[25] Although Firefox 2 does not pass the Acid2 standards-compliance test, development builds of Firefox 3 pass the test.[26]

Security

Firefox uses SSL/TLS to protect communications with web servers using strong cryptography when using the HTTPS protocol.[27] It uses a sandbox security model[28] and the developers use a "bug bounty" scheme, for finding fixes for some security[29] and feature additions. Official guidelines for handling security vulnerabilities discourage early disclosure of vulnerabilities so as not to give potential attackers an advantage in creating exploits.[30]

Because Firefox has fewer and less severe publicly known unpatched security vulnerabilities than Internet Explorer (see Comparison of web browsers), improved security is often cited as a reason to switch from Internet Explorer to Firefox.[31][32][33][34] The Washington Post reports that exploit code for critical unpatched security vulnerabilities in Internet Explorer was available for 284 days in 2006. In comparison, exploit code for critical security vulnerabilities in Firefox was available for 9 days before Mozilla shipped a patch to remedy the problem.[35]

A 2006 Symantec study showed that Firefox had surpassed other browsers in the number of vendor-confirmed vulnerabilities that year through September; these vulnerabilities were patched far more quickly than those found in other browsers.[36] Symantec later clarified their statement, saying that Firefox still had fewer security vulnerabilities, as counted by security researchers.[37] As of April 17, 2007, Firefox 2 has three security vulnerabilities unpatched, the most severe of which was rated "not critical" by Secunia.[38] Internet Explorer has seven security vulnerabilities unpatched, the most severe of which was rated "moderately critical" by Secunia.[39] (Note that the number of "Secunia Advisories" listed for each doesn't reflect on the actual number of vulnerabilities reported for each. Advisory SA23282 for Mozilla Firefox 2.0.x contains multiple vulnerabilities.)