Web browser security features

Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Opera, and Apple Safari compared

Features Chrome Firefox IE Opera Safari
Version tested 1.0.154.36 3.12 beta 2 8 beta 2 9.63 3.2.1 (525.27.1)
           
Pros
    Fast and clean; best browser security model; strong Web site isolation
Battle tested by attackers; best cipher support;

excellent add-on support;

security zones
Best enterprise deployment and control; top security granularity; security zones; excellent add-on manager Impressive security granularity; good anti-DoS protection; many unique features; strict EV enforcement Good pop-up blocking; good anti-phishing filter; good local password protection
Cons Lack of security granularity; cannot disable JavaScript; poor password protection; previous exploits simple to accomplish Lack of per site JavaScript blocking without add-on;

doesn't highlight true domain name

Most attacked browser; high number of known vulnerabilities; vulnerable to exploitation of third-party ActiveX controls DEP and ASLR not enabled; ECC ciphers not supported; not thoroughly tested by attackers Lack of security granularity; poor cipher support; no security zones; absence of enterprise feaures
           
TLS available and offered first Y Y Y Y Y
SSL 3.0 Y Y Y Y Y
SSL 2.0 Y Y Y Y Y
SSL 1.0 enabled by default N N N N N
AES Y Y Y Y N
ECC Y Y Y N N
InfoCard supported by default N N Y N N
Extended Validation certificates Y Y Y Y Y
Enforce FIPS cipher use N Y Y N N
Server TLS/SSL certificate revocation information checked by default Y Y Y Y N
OCSP support enabled N Y Y Y Y
           
Multiple security zones/domains N Y Y N N
Security controls by Web site exceptions N Y Y Y Y
Control security and functionality on a per site basis N N Y Y N
Automatically store and recall passwords Y Y Y Y Y
Stong local password protection N Y Y Y Y
Java support Y Y Y Y Y
MIME content type sniffing Y Y, limited Y Y Y
DEP enabled by default Y Y Y N N
Vista ASLR enabled by default Y Y Y N Y
Vista Integrity level Low/Med. Medium Low/Med. Medium Medium
Built-in ActiveX support N N Y N N
Built-in script support Y Y Y Y Y
Ability to globally disable JavaScript N Y Y Y Y
Ability to disable JavaScript on a per site or security zone basis N N Y N N
Plug-in support Y Y Y Y Y
Plug-in management N Y Y N N
Control access data across domains Y Y Y Y Y
Control displaying content across mixed zones by default Y Y Y Y Y
Control browser access to clipboard Y Y Y Y Y
           
Automated updates Y Y Y Y Y
Moniker handling to prevent automatic application launching Y Y Y Y N
Cross-site script filtering Y Y Y Y Y
Supports Windows authentication Y, digest Y, digest Y, all Y Y
Block reported malicious sites N Y Y Y N
Highlights true domain name Y N Y N N
Anti-phishing filter Y Y Y Y Y
Privacy features Y Y Y Y Y
Pop-up blocking Y Y Y Y Y
Private session browsing Y Y Y N Y
One click history erase Y Y Y Y Y
One click default settings reset Y N Y N N
Ad blocking (outside of pop-ups) N N N Y N
Parental controls N N Y N N
           
Join the discussion
Be the first to comment on this article. Our Commenting Policies