Common Misperceptions & Misunderstandings - Development

This is a living document that will contain the most recent misperceptions and misunderstandings about Mozilla, Firefox, and the Open Web, and will house the latest draft and under review responses to those misperceptions and misunderstandings.

The list will reflect contemporary commentary and so older issues will be trimmed or archived and completed responses will migrate to the public FAQ.

If you have items that should be added to the list, corrections or additions for things already on the list, or other relevant commentary, please add that in comments under this document. Project members, feel free to edit the document directly.

Frequently misunderstood issues

Browser & Web Security

• Miss: Counting the number of publicly disclosed vulnerabilities is an effective way to compare the relative security of Web browsers.

  Hit: Bug counts are a flawed metric. The industry is moving to a new metric, days of exposure, sometimes called days of risk, which describes the much more valuable measures of both the vendor's handling of security issues and the actual risk to users. You can read more about days of risk here and here.

  Additional concerns: We need to be careful not to let this discussion devolve into a "he said, she said" over how flaws are counted because that reinforces the bug counting as a valid measure and it's simply not.

  From: FTR Mailing List

  Article links: Ryan Naraine's Zero Day - IE vs Firefox: Microsoft crunches security numbers, BetaNews - Microsoft: Firefox users in danger due to more frequent updates, Matt Asay's The Open Road - Microsoft FUDwatch II: Internet Explorer vs. Firefox security, heise Security - Microsoft says Internet Explorer more secure than Firefox, EWeek Security Opinions - Larry Seltzer - Browser Insecurity Wars Still Rage, Security Focus - Microsoft, Mozilla face off over bugs, Today @ PC World - Microsoft and Mozilla Squabble Over which Browser is Most Secure, Ryan Naraine's Zero Day - Mozilla: Critical vulnerability in Microsoft flaw-counting, ZDNet Blogs, George Ou - Firefox vs. Internet Explorer: No real security winner, PC Magazine's Security Watch - Is IE7 the Safer Browser?

User Data & Privacy

Market Share

Web Standards

• Miss: Firefox doesn't pass the Web Standards Project's ACID2 test.

  Hit: While Firefox 2 and earlier releases did not completely pass the test, Firefox 3 pre-release versions have passed the ACID2 test since December 8, 2006. Firefox 3, slated to ship in Q1'08 will pass the test. You can read Mike Schroepfer's blog post from the day Firefox started passing the test here.

  Additional concerns:

  1. It might be worth emphasizing that the test covers a wide range of features and that it's quite possible to do better or worse on the test, even when failing. For example, Firefox 2, which did not pass, performed considerably better than IE 6.
  2. The test was actually broken the week before Christmas, '07, during the press surrounding the IE8 announcement. The broken test made it appear that even Firefox 3 Beta 2 did not pass (along with other known-passing browsers including Opera and Safari.) The broken test was acknowledged by test author Ian Hickson and corrected in late December.

  From: FTR Mailing List.

Browser Features

• Miss: New versions of Firefox always break all Add-ons.

• Miss: Enabling pipelining or changing other about:config settings will improve performance for everyone.

Mozilla Community & Process

• Miss: Google engineers contribute most or significant amounts of code to Firefox

Mozilla Financials