Some thoughts on the situation at Mozilla and the impact on Firefox…
As you may have heard, a few weeks ago Mozilla had to reduce their workforce by 250 people. This is the second time this year that they have reduced their workforce. Already some people think that this may mean the end for the Firefox browser, Thunderbird email client and other software that has been, and still is being, developed by the Mozilla Foundation.
The fear now is that FireFox will slowly die off and we will be stuck with just one browser, Chrome/Chromium from Google. From a security perspective this will mean a move towards a monoculture for browsers, and that will mean in turn that any vulnerability discovered in that browser will have far reaching consequences. It is the same in biology: whenever you create a monoculture in your crops, you will suffer a lot of pain when your crops inevitably get infested with disease or bugs.
And although I completely agree with the risks associated with monoculture, and the necessity for a proper browser alternative, we may need to look a little closer at the current situation. When researching global browser market share, we see that there is already a more or less effective monoculture.
Current market share shows the following percentages:
Chrome: 65.89% Safari: 16.65% Firefox: 4.26% Samsung Internet: 3.43% Opera: 2.05% Edge: 1.91%
(Source: https://gs.statcounter.com/browser-market-share)
In addition, Microsoft has recently declared the end-of-life for Internet Explorer 11, forcing everyone to use Edge, and the latest version of Edge is, as some of you may know, based on the Chromium engine.
So effectively, we are already in a monoculture, with all the implications for security that come with that.
So the question remains, can we do anything to turn this around and keep or increase the market share of Firefox to reduce the mono in the culture? Frankly, I don’t know the answer to that. A web browser is one of the most complicated packages of software, even more complicated than some operating systems. Maintenance, backwards compatibility, covering for user and web developer errors, parsing Javascript and supporting multiple platforms does not make the job of developing a browser easy (or cheap). And personally I never quite understood the business model behind a browser. A web browser is such a ubiquitous piece of software for users, expected to come at no cost, that it is very hard to make money off the browser software itself (the core business of the Mozilla Foundation). It is not that the browser manufacturers get a percentage of the advertising that is shown through their browser, or that vendors of systems pay them for their browser software.
So to be quite honest, I think the situation for browser security and mono culturism is already worse than we think and, although I hope they survive, the end of Mozilla and Firefox will do little to change that situation.
As always, stay safe,
Arthur Donkers
Cyberlink Security
