Firefox myths

Due to Mozilla Firefox's quick rise in popularity, it has become the subject of much praise and criticism. Somewhere in the midst of it all, some misconceptions have popped up here and there. This article will address some false claims and hot topics found in the public and media regarding the Firefox web browser.

Some claims below are partially true, partially false. In these cases, this article will attempt to put the situation into better perspective.

This page does not mean to give the illusion that all hype or criticism about Firefox is false. Depending on the individual, there may be very good reasons to use Firefox or there may be very good reasons to use something else, and not all reasons either way are touched upon in this article.

See also: Internet Explorer myths and Opera myths.

Table of Contents

  1. Features
    1. Firefox is fully standards compliant
    2. Firefox often displays webpages incorrectly
    3. Microsoft sets the standards (or should)
    4. Firefox was the first browser with tabs
    5. New versions of Firefox break extensions and themes
  2. Security
    1. Firefox is completely secure
    2. Secunia lists an extremely critical Firefox vulnerability
    3. Firefox had more known vulnerabilities than IE at some point
    4. Two speakers at the ToorCon 2006 hacker conference found serious Firefox vulnerabilities
  3. Performance
    1. Firefox is faster than Internet Explorer
    2. Firefox 1.5 leaks more memory than previous versions
  4. Miscellaneous
    1. Firefox is a relatively young browser
    2. Firefox achieved 10% market share in its first year
    3. Firefox 2.0 won't support Windows 9x and ME
  5. Full disclosure
  6. Other Firefox Myths article

Features

Up

Firefox is fully standards compliant

Up

Claim sources: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11

No web browser is 100% standards compliant. The web technology standards are very extensive and it often takes many years to implement all of the features of a standard, plus additional time to fix the bugs. In addition, the standards are always evolving and becoming more and more robust. Firefox — along with Opera, Safari, and Konqueror — is certainly a leader in the field of standards support and is quickly adopting new emerging technologies, but it, like the others, does not yet have complete support for the current CSS, DOM, or even HTML standards.

Below is a brief summary of how well Internet Explorer, Firefox, and Opera support some of the most significant standards and emerging technologies. A “Y” indicates perfect support, while a “100%” is the result of rounding. More information is available in the Web browser standards support resource.

Although CSS 2.1 and CSS 3 are not technically web standards yet because they haven't reached the Recommendation status, the detailed sections have at some point reached Candidate Recommendation status, which is the stage during which web browsers are supposed to begin implementing support. No browser has full support for CSS 2 either, and several sections of CSS 2 have been removed in CSS 2.1 for this reason.

Standards support
Technology IE 6 IE 7 Firefox 2 Firefox 3 Opera 9
HTML / XHTML 73% 73% 90% 90% 85%
CSS 2.1 51% 57% 92% 93% 94%
CSS 3 changes 10% 13% 24% 27% 19%
DOM 50% 51% 79% ? 84%
ECMAScript 99% 99% Y Y Y

Firefox often displays webpages incorrectly

Up

Claim sources: 1, 2, 3, 4

People usually make this claim when they see a webpage that looks different in Firefox than it does in Internet Explorer, and they assume that Internet Explorer is the one displaying it “correctly” because it looks how the author intended it.

Webpage layouts are designed by specifying sets of rules for how things should appear. The rules are primarily written in a language called CSS, which is defined and developed by the World Wide Web Consortium. It is up to the individual browsers to implement these sets of rules and handle them how they are defined. Internet Explorer is far behind the competition in implementing this support, as you can see in this standards support summary. Many CSS features are not implemented, and many are implemented incorrectly.

Since Internet Explorer usage has been so high for so long, web developers have had to make sure that their pages work as intended in Internet Explorer, or else risk losing a majority of their potential visitors. For some time, many web developers even felt safe developing only for Internet Explorer, paying no attention to the other browsers. Therefore, if they ran into an Internet Explorer display bug, they would simply adjust their CSS to compensate. This compensation, if not done correctly, could actually cause display problems in browsers that don't have that particular bug. It would also cause display problems in future versions of Internet Explorer that have the bug fixed.

In the vast majority of webpages that don't work as intended in Firefox, the problem is due to relying on an Internet Explorer bug, relying on non-standard Internet Explorer features that could easily be replaced with standardized cross-browser alternatives, or relying specifically on Internet Explorer's ActiveX technology, which other browsers deliberately do not support by default due to an extensive history of security problems with ActiveX, and which will no longer be enabled by default in future versions of Internet Explorer for this reason.

As explained above, no browser has perfect standards compliance, and there are a few parts of some web standards that Internet Explorer supports and Firefox does not, so it is theoretically possible for a standards-compliant webpage to be rendered more correctly in Internet Explorer than Firefox, but this is extremely rare in practice.

Microsoft sets the standards (or should)

Up

Claim sources: 1, 2

Some people believe that, due to Internet Explorer's current domination in the market, Microsoft should be the one who defines the standards and other browsers like Firefox should follow Microsoft rather than the World Wide Web Consortium (W3C). This claim is often presented as if Microsoft and the W3C each think that its respective sets of rules are correct and the other's are wrong, which isn't the case. Microsoft is a member of the W3C and has played a role in the development of their standards. The Internet Explorer development team admittedly strives to support W3C standards, but has simply fallen far behind due to the five-year development halt and some lack of direction beforehand. Internet Explorer Group Program Manager Chris Wilson stated in an official blog post, “I want to be clear that our intent is to build a platform that fully complies with the appropriate web standards, in particular CSS 2 ( 2.1, once it's been Recommended).”. They have lately been working closely with the Web Standards Project (WaSP) to direct Internet Explorer development to support the most demanded web standards in upcoming versions.

Many of the rendering aspects of Internet Explorer that some claim to be Microsoft standards are actually bugs and incomplete implementations of W3C standards, and many of these oddities are being fixed in future versions. This means that websites that rely on Internet Explorer's current behavior may fall apart in future versions just as they do today in more standards-compliant web browsers. This is a fact of which Microsoft has warned web developers, and before Internet Explorer 7 was released, they called for web developers to fix their pages for the new version.

Firefox was the first browser with tabs

Up

Claim sources: 1, 2

This isn't very widely believed, but every now and then someone expresses this assumption. The first known web browser with tab support was InternetWorks, back in 1994. Opera made a public release with a tabbed MDI in 1996. NetCaptor offered tab support in 1997, followed by IBrowse in 1999, and finally Mozilla offered it natively in 2001. Firefox has supported tabbed browsing since its first release in 2002. Firefox was the first web browser to really make mainstream awareness of browser tabs, but it didn't invent the idea.

See the Wikipedia article on Tabbed Document Interfaces for more information.

New versions of Firefox break extensions and themes

Up

Claim sources: 1, 2, 3

When users notice that extensions often have to be updated for each new version of Firefox, they assume that the Firefox developers are disregarding backwards compatibility. The source of the compatibility problems is actually a safeguard that the extensions themselves choose to use. When someone creates a Firefox extension, he or she usually wants to ensure that the extension doesn't cause problems for the user if there happens to be some major unanticipated interface change in a future version of Firefox that would conflict with how the extension works. So a maximum Firefox version number is hardcoded into the extension by the extension's author. When you upgrade Firefox, the browser looks through all of the extensions you have installed and only activates the extensions that claim compatibility with your new version. If an extension author so desires, he or she can tell Firefox to never let it expire, in which case the risk of future problems would depend on how much the extension relies on Firefox's particular interface setup.

Oftentimes an extension that Firefox thinks isn't compatible simply needs the maximum version number to be updated. You can wait for the extension developers to update it, or if you're daring you can install the Nightly Tester Tools extension which allows you to install and activate extensions that claim to be expired.

All of the above also applies to themes.

Security

Up

Firefox is completely secure

Up

Claim sources: 1, 2, 3

Word-of-mouth advocacy among the general public tends to oversimplify relatively complex ideas. An example is security, and the occasional misconception that a piece of software can make your system perfectly secure. Something as complex as a web browser will almost certainly have security vulnerabilities crop up from time to time. No major web browser or operating system has a perfect security record.

There are some fundamental differences between the architecture of Firefox compared to Internet Explorer with regard to security (as is true with Linux or Mac OS X versus Windows), and Mozilla has shown a much better record than Microsoft at fixing its browser's vulnerabilities. However, there is never any guarantee that Firefox is perfectly safe, even when run supposedly isolated in VMware's Browser Appliance or a similar virtual machine. Although you may be significantly less prone to attacks, it is still important to use reasonable caution when manually downloading files and plugins from untrusted websites, and make sure you are running an up-to-date version.

The following is a brief summary of the vulnerability levels in the three most popular web browsers. The information was collected from Secunia, a leading computer software security monitoring company. This information was last updated February 10, 2009. For more charts and figures, see the Web browser security summary resource.

Security vulnerabilities
Aspect Internet Explorer Firefox Safari Opera
Highest values at one time
Vulnerability reports 39 9 2 4
Vulnerability issues 41 13 3 8
Relative danger 204 44 20 27
Present values
Vulnerability reports 38 5 2 1
Vulnerability issues 40 6 3 1
Relative danger 161 19 8 1

Secunia lists an extremely critical Firefox vulnerability

Up

Claim sources: 1, 2

When comparing Firefox's security offerings to those of Internet Explorer, some people note that Secunia lists an “extremely critical” vulnerability that was discovered in Firefox (before being fixed the next day). Some who haven't read the advisory details have mistaken this to be a vulnerability that affects Windows users, or otherwise pass it off as such. The only extremely critical vulnerability Secunia lists for Firefox is actually a problem with a shell script file that came with Unix and Linux versions of Firefox 1.0.6, and it never affected users on Windows. See the advisory for details.

It should be noted that Firefox 1.0.3 for Windows was affected by an older weakness that Secunia briefly listed as “extremely critical”, but it was quickly downgraded to “highly critical” after the primary attack vector was closed without the need for a user-installed patch. The problem was fully fixed four days after discovery.

Different security monitoring institutions use different rating systems, and it is possible that other organizations have given an “extremely critical” rating to a vulnerability on Firefox for Windows. Secunia is a particularly popular reference for security vulnerability information in web browsers, and it tends to be the source most often cited in these kinds of claims.

For some perspective, using the default installation and applying all automatic updates, Internet Explorer for Windows has been affected by 16 “extremely critical” vulnerability reports over time and is currently affected by none, and Opera for Windows has been affected by 1 “extremely critical” vulnerability report and is currently affected by none.

Firefox had more known vulnerabilities than IE at some point

Up

Claim sources: 1, 2, 3, 4

Some news reports have misinterpretted a security report from Symantec to imply that Firefox has at some point had more publicly known vulnerabilities than Internet Explorer. The report in question actually referred only to newly discovered vulnerabilities (and only vendor-confirmed ones, a policy that Symantec has since changed) in the first six months of 2005, ignoring the dozens of long-unfixed vulnerabilities in Internet Explorer. As you can see from the graph above, according to Secunia's data, Firefox has never had as many publicly known vulnerabilities as Internet Explorer. It did have more newly discovered vulnerabilities in those six months, although it can be argued that a higher rate of vulnerability discovery is expected when a new version of a product with added functionality is first released.

Two speakers at the ToorCon 2006 hacker conference found serious Firefox vulnerabilities

Up

Claim sources: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12

It was big in the news: a pair of speakers at the ToorCon 2006 hacker conference claimed to know of dozens of security vulnerabilities in Firefox, including one that they said was “impossible to patch”, and supposedly even demonstrated it in front of the audience. After the event, one of the two hackers cleared up the issue, saying that the presentation was meant to be a joke and that they actually didn't know of any vulnerabilities.

The main purpose of our talk was to be humorous.

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.

Sincerely,

Mischa Spiegelmock

Performance

Up

Firefox is faster than Internet Explorer

Up

Claim sources: 1, 2, 3, 4

This blanket statement is not always true. Relative speed results depend on many factors, including hardware-related.

The Internet Explorer window typically comes up faster than Firefox the first time you double-click on the program icon. This is mainly because core Internet Explorer libraries are actually loaded into memory as your computer is starting up. Furthermore, not all components of the web browser are in memory when the browser window comes up. Some components, such as the favorites manager, are only loaded into memory when you access them, while Firefox loads everything at once.

Internet Explorer also has a lighter architecture, using your operating system's native interface controls. In order to allow for its extension and theme systems, Firefox has an elaborate custom interface system that it must load on startup. This additional complexity to the program makes it slower than it would otherwise be.

In regard to webpage rendering, Firefox is most often faster than Internet Explorer, even with its more extensive support for web technology. But different browsers use different algorithms to determine and display the page layout, and Internet Explorer is sometimes known to be faster under certain conditions, especially with pages that are small, have a simple layout, or contain errors in the source.

Firefox is also generally faster than Internet Explorer when using the back and forward buttons to navigate webpages you have recently visited. This is because the last several pages are retained in the browser's memory, while Internet Explorer must reload the page each time you navigate to it.

A self-admitted Opera fan who was later hired as a technical writer for Opera ASA developed a series of browser speed tests that is often cited in browser comparison discussions. I have personally attempted to reproduce those tests, but my results have shown a somewhat different order from his. Different hardware and software configurations can significantly affect relative browser performance, and it is important to recognize that before accepting results from a single computer and only 1 to 3 trials per aspect tested. Although his tests might not have included bias per se, his use of so few trials raises doubts over the accuracy of the results.

Firefox 1.5 leaks more memory than previous versions

Up

Claim sources: 1, 2, 3

This statement is partly true, partly false. The observation most often attributed to this claim is the fact that Firefox 1.5 seems to consume much more memory than previous versions after browsing a few websites. However, this increased memory usage is actually due to pages being cached in memory in order to allow for quicker back-and-forward navigation, a new feature in Firefox 1.5. This system caches a maximum of eight webpages in your browser's memory at any time (or fewer depending on how much memory your system has). The maximum limit can be manually set by changing the browser.sessionhistory.max_total_viewers option in about:config. (Further explanation)

On the other hand, there is also indication that some memory leak bugs in previous versions have a greater impact in Firefox 1.5 than before, although the sources of some of these leaks have not yet been found. The developers are actively working to solve these issues.

It should also be noted that poorly-coded extensions can easily be the source of significant memory leaks, and that can only be fixed by the extension authors. If you are experiencing memory problems in Firefox, disabling extensions often solves the issue.

Miscellaneous

Up

Firefox is a relatively young browser

Up

Claim sources: 1, 2, 3, 4

This statement is often made when comparing the maturity of Firefox's codebase with other web browsers. Although the Firefox web browser was not released as a complete product until November 9, 2004, its underlying codebase actually goes back several more years. The first version of the stand-alone web browser that eventually became Firefox was released September 23, 2002, and that was essentially an isolated component of the Mozilla Application Suite, whose core engine had been in development since 1997 to overhaul the original Netscape engine developed in 1994. In comparison, Microsoft began developing Internet Explorer in 1995. For more information, see the Wikipedia articles on the history of Mozilla Firefox and Gecko.

Firefox achieved 10% market share in its first year

Up

Claim sources: 1, 2, 3, 4

Although overall usage was at least nearing the 10% figure by November 2005, statistics from major analytics companies have often been reported in somewhat misleading ways and it's uncertain whether or not Firefox really hit that 10% in its first year.

Firefox is often lumped together with Mozilla and other Gecko-based browsers in browser usage reports. OneStat.com, which reported 11.51% Firefox usage in November 2005, is one of those companies that combines the values of these similar browsers. On the other hand, Net Applications, which reported 8.84% Firefox usage, and WebSideStory, which reported 8.13% usage, consider Firefox and Mozilla separately. It should be noted that Net Applications and WebSideStory at the time only reported 0.43% and 1.61% Mozilla usage, respectively, so it's very possible that OneStat.com's data still put Firefox itself over the 10% mark.

Another major factor is the source of the statistics. Web analytics firms typically gather data only from websites that use their products. Depending on various aspects of the products themselves, they may attract websites that don't necessarily represent the overall population of the Web. This might explain why TheCounter.com only reported 7.82% Firefox usage in November 2005 while ADTECH reported 12.41% Firefox usage (not including Mozilla usage) as early as September 2005.

NetApplications reported Firefox crossing the 10% mark in March 2006. TheCounter.com reported it in July 2006. WebSideStory was the last major web analytics firm to report it, in December 2006.

For more information, see the Wikipedia article on Usage share of web browsers.

Firefox 2.0 won't support Windows 9x and ME

Up

Claim sources: 1, 2

Firefox 2.0, like Firefox 1.5, uses the Gecko 1.8 engine and is still designed to support Windows 9x and ME. However, Gecko 1.9, the engine that will be used in Firefox 3.0, will have removed much of the legacy code that was made to support Windows versions older than Windows 2000. The confusion comes from the fact that this was announced before the Firefox 2.0 release. There was some discussion over whether or not it was worthwhile to maintain support in Firefox 2.0, which they ultimately concluded it was.

The decision to drop support in Firefox 3.0 came about for a few reasons. Firefox 3.0's faster and more powerful new graphics backend, Cairo, would require too much work to be supported in pre-2000 versions of Windows given their low and shrinking usage. Also, Microsoft had announced that they would stop shipping security updates for Windows 9x after July 2006, long before Firefox 3.0's planned release date.

Because Firefox is open source, it's still possible for others to do the work necessary to make Firefox 3.0 or future versions support Windows 9x and ME or to branch a custom version of Firefox that supports them.

Full disclosure

Up

I personally use Mozilla Firefox for casual web browsing and regularly promote the use of modern browsers such as Firefox, Opera, and, currently to a lesser extent, Safari. I do not promote the use of Internet Explorer mostly due to its relatively poor standards support and security record, as well as its history of abandoning development efforts. I wrote this page in response to a few other “myths” articles which presented bias, misinformation, and deception. My intention for this page is not to promote my personal views, but to address some recurring false claims either in favor of, against, or neutral toward Mozilla Firefox and to present the truth in a balanced manner. The information on this page is based on my own research and may contain errors. If you believe something on this page is inaccurate or unbalanced, please e-mail me or visit the discussion forum.

Other Firefox Myths article

Up

There is another similar article on the Web also entitled “Firefox Myths” which has been spammed on hundreds of websites. The article contains some deliberate misquotes from me and several others who pointed out flaws in the page, and it also contains other lies and libel. The author has even posed as me and used several other names to advertise his page. He has an extensive history of lying about his identity and relation to the article, and his persistent spam techniques and trolling have gotten him permanently banned from many websites including digg, Neowin, and TechSpot. His article has been shown to have many factual errors (source 1, 2), many of which were apparently deliberate, and it should be regarded with the highest degree of skepticism.