“There’s still a lot more spyware that gets through the holes in Internet Explorer than through holes in Mozilla, but it’s changing,” said Anthony Arrott, director of threat research for InterMute, a developer of anti-spyware software.
Mozilla last month announced that downloads of Firefox had hit 25 million since the program was launched, boosting its total global usage share to nearly 8.5 percent, according to web analytics company OneStat.com.
The alternative web browser’s growing popularity has been based in large part on the perception that it is more secure and less prone to spyware attacks than IE, which owns roughly 87 percent of the browser market worldwide.
But Arrott said that as more people migrate to Firefox, users can expect to see more intrusive pop-up ads and spyware attacks because it will become more profitable for spyware and adware developers to create applications that specifically target the browser.
“The reason there is so much spyware in IE and not [Firefox] is not because IE has so many more inherent security problems but because IE has so many more users,” Arrott said.
IE has come under attack recently in the press over security flaws. Niels Brinkman, co-founder of OneStat.com, said that concerns over widely reported IE vulnerabilities may lead many IE5 users to switch to Firefox rather than upgrading to IE6.
“It looks like users of IE5 are switching to Firefox instead of upgrading to IE6,” Brinkman said.
According to web analytics site WebSideStory.com, however, the speed at which Firefox is gaining market share has slowed down. Firefox's market share grew 15 percent over the last five weeks, compared to growth of 34 percent in the period between Nov. 5 to Dec.3 and 22 percent between Dec. 3 and Jan. 14.
What's more, Arrott said Firefox attacks could become so widespread within the next six months that industry analysts and web security experts will stop recommending that users choose it over IE.
Meanwhile, Internet security firm iDefense yesterday reported the discovery of several security holes in Firefox verison 1.0 that hackers could potentially exploit to create what it described as a memory-heap overflow, sometimes called a buffer overflow, and remotely take control of a user’s computer.
In response, Mozilla Foundation released a statement recommending that users update to the latest versions of its browsers, Mozilla 1.7.6 and Firefox 1.0.1, which was released this week to address a different security flaw related to the way it handled international website domains.