We fixed nine security fixes, three of them critical. That’s a total of 29 separate issues which were deemed worthy of a write-up since the release of 1.0. So does this add some weight to the argument that previously, Firefox only seemed secure because no-one has bothered to attack it?
Frank Hecker made an important point about this issue very eloquently in an email to drivers, which I’m sure he won’t mind me quoting here:
Yes, Firefox is a lot more popular now and has a much higher
profile. Yes, a lot of smart hackers are working now to break Firefox.
And what a surprise: These hackers aren’t making life miserable for
Firefox users, they’re working with us to make Firefox more secure. Why
is that? Because we pay attention to security bug reports, we try to treat people who find and report security bugs with respect, we invite them to work closely with us, we reward them for finding bugs (both with money and with credit), and most important: we actually fix bugs in a timely manner as opposed to sitting on them and treating security as just a potential PR problem.