Galias said:
Firefox with it's open source policy, thus the source is open to waaaay more scrutiny than IE coupled with its quick response time make it by far the best choice. The dnld is hardly massive, and the new versions install over the old versions and preserve all the settings.
Everyone I know who is even slightly tech savvy knows which one to trust and are running FF!
List (from Mozilla) of "fixed" vulnerabilities since FF 1.0 was released in November 2004
Clicky
MFSA 2005-42 Code execution via javascript: IconURL
Fixed in Firefox 1.0.3
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user
ass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
And that's secure?
So many myths and urban legends about open source, such little time... It's just trendy at the moment to say M$ is the debil, its software is crap and anything thats free(ish) and open source is great.
Fire Fox is a good product, but it's not perfect by a long way, two years ago Opera was the be all, until it got popular, greedy, bloated and shot full of security holes.
Be interesting to see what progress IE7 has made in the summer when it betas