IE Vulnerabilities, why not in other browsers?
 

i have been wondering and can't figure this out. why are there so many security leaks in ms internet explorer, but not in other browsers? or are there? or are they patched? or are most of the attacks targeted towards ie? what makes ie inferior to the other browsers?

this is not exactly a linux question, but as a linux user i'd like to know why i'm supposedly safe from www threats. or even why i'm more safe in windows using firefox or mozilla than ie.

There're at least a couple of potential answers to this:

1) MSIE is integrated directly with the Windows OS and has things like ActiveX that can do things to the OS. Mozilla and other browsers are not integrated with the OS, and so there's less of a chance that they can actually exploit vulnerabilities within it. This is probably part of the answer.

2) MSIE is simply a poorly written piece of software. Without seeing the code, no one knows if this is the case or not. I personally doubt this, but you never know...

3) Mozilla and friends are just as buggy as MSIE, but they have comprised such a small share of the browser market (this is changing) that the exploit writers haven't bothered to go through them looking for holes to exploit.

Bear in mind, there have been arbitrary code vulnerabilities found recently in Mozilla, so it's not totally secure. I think that it not being integrated with the OS makes it more secure in that it can't play directly with the OS. This is cold comfort, though, if there's an arbitrary code vulnerability that allows an attacker to do rm -rf * in your home directory.

Of course, the really paranoid can create a user account just for running their browser, and then run it from a chroot jail. :D

I agree for some of the above. But apart from the fact the IE is integrated, the active x and everything actually is not the problem. I mean you have the same thing even with linux, were lots of security holes exist, but just they are not uncovered because not that many people use linux because it is more complicated to deal with. If IE was completely free from holes, it still would not stop people to hack and exploit machines, you do not have to have IE to exploit a machine, take linux and the libpng, yes innocent png library but alows hacking of your machine. And then with jpeg as well, Someone found out how to put a virus into a jpeg file. So the only way not to be exploited is to rip out that cable running from the pc to the dsl and not use internet at all.

Besides all the very good comments from btmiller, there is another problem with IE, which is that it uses "zones of trust" for allowing active scripting. Up until XP SP2, you couldn't restrict the "my computer zone" at all, so any script that managed to trick IE into thinking the script was started locally could freely modify the system. I'm not aware of any OSS browsers that have this "security" concept. There are certainly manually added "trusted sites", so if an attacker could trick the browser into thinking it was dealing with one of it's trusted zones, then you could have some problems; however the attacker would probably need to know what zones you're trusting.