Popularity won't make Firefox insecure, says Mozilla head

Even with increased popularity, the Firefox web browser won't face as many security problems as Internet Explorer, according to the president of the Mozilla Foundation.

"There is nothing that will be perfect," said Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, during a panel discussion at PC Forum here.

Still, Firefox, developed by the Mozilla Foundation, won't harbour nearly as many security flaws that have hurt Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.

Some critics challenge that assumption. Symantec CEO John Thompson and other security executives have claimed that open-source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.

Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.

"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."

Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have slated Firefox because it couldn't run Active X.

"It turns out it is only less convenient until you get hacked," she said. "Then it becomes a disadvantage."

Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications like Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple Computer, and plug-in makers Sun Microsystems, Macromedia and Adobe Systems.

In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behaviour, like phishing.

"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."

On another note, Baker added that the open-source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open-source licensing, particularly because they are familiar with traditional licensing models.

She also said that new forms of public licenses are inevitable, as are conflicts and inconsistencies between different public licenses.

"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.

Michael Kanellos writes for CNET News.com