I have lost count of the number of times I have read reviewers telling people that they should switch to Firefox because it is secure, unlike Internet Explorer. This is simply untrue. Mozilla-based browsers are somewhat more secure than IE, for two main reasons: one, they don't support ActiveX controls (although with Service Pack 2, the likelihood of being attacked by an ActiveX control has dropped dramatically); and two, because most virus/spyware writers have historically targeted the IE platform. But the more successful Mozilla/Firefox becomes, the more likely it is that bad guys will start targeting it too. Over time you will see more alerts like this one:
SecurityTracker.com Archives - Mozilla Buffer Overflow in Processing NNTP URLs Lets Remote Users Execute Arbitrary Code

This vulnerability is fixed in the version of Mozilla that forms the core of Firefox 1.0, so don't worry if you're running the released version of Firefox.)

Virtually every virus and spyware attack in recent memory has taken advantage of a vulnerability for which there was a patch. Windows users who conscientiously apply patches and security updates (a painless process using Automatic Updates) don't get hit. Those who ignore updates become victims.

Firefox does script. It uses buffers. Most viruses and many spyware programs use buffer overflows and hostile scripts to force unwanted software onto users' machines. If you install a copy of Firefox and then don't update it when a security patch comes out, you are vulnerable to these exploits.

The programmers who put together Firefox have done a remarkable job. But I guarantee you they are on the lookout for reports like this one. When (not if) someone discovers a critical flaw in Firefox, they'll write a patch. Will all 14 million people who have downloaded Firefox 1.0 also install each new patch? We'll see.


Source: Ed Bott

I think the irony of the Mozilla Firefox situation is becoming quite obvious, as for quite some time now the Firefox users have always ragged on Microsoft Internet Explorer for having security holes, and now it's starting to happen to their hallowed browser as well.

Personally I don't believe that any one particular browser is more secure than another, it just depends upon which one is the flavour of the month and who the hackers and script kiddies decide to target, and it look's like Firefox is starting to be the target of choice.

Another *big* security concern I would have if I were using Firefox is the whole "extension" system, as it is probably just as likely to become a problem in the same way ActiveX controls have/did with IE. At the present time there are countless unsigned *.xpi files there for download in order to add "core functionality" to the rather bare-bones Firefox which one initially downloads. The worst part about this is the potential for somebody to exploit the system and upload a "destructive" *.xpi masquerading as a normal extension. With the current security model (or lack of) that Mozilla.org employs, it's only a matter of time.

To me the best bet at the moment is to use Opera, or one of the many IE-Shell browsers on top of a "Windows Update" patched IE.

My opinion is that not one internet browser is 100% secure , just that since alot of people use IE, this gives the 'hackers' insentive to find exploits. Since the boom in firefox users, they targeted that

But why isn't Opera so popular as Firefox, Al? Because they didn't borrow IE interface?

For me (and over 80% of users) IE is still the best and - as you said - with few patches/updates you solve many security holes.