Remember that Firefox is Open Source so bugs are out there for all to see. IE *may* have the same amount of bugs or more or less – who knows.. they would be buried in secret code.

Hackers, generally, are very lazy guys who really only target bugs that are well known and usually patched. The guys who target bugs that are not generally well known are scary but are the exception.

So, your risk measurement is not really “how many bugs are there” but “how long are known bugs unpatched for”. Firefox is really good at patching – I’d be browsing and a pop-up will happen that says “new version downloaded and applied, reboot” and voila – I am sorted. Extensions are not automatically downloaded and applied but I do get notifications when updates are available. The new feature that checks plug-ins is very new and green but has lots of potential.

The nice thing is that when I started my browser the other day it complained to me in big letters (friendly but not vague) that I must upgrade my flash plug-in. Very nice.

I haven’t used IE7 or IE8 for very long but IE 6 has none of those lovely features even if it is covered by “Patch Tuesday”.