According to an independent study by Google Switzerland, IBM Internet Security Systems and CSG ETH Zurich, Mozilla Firefox users are the safest among web surfers (on average), because they are more likely to be running the latest and most secure version of their browser.
This research analyzed the user agent headers sent with Google search queries beetween January 2007 and June 2008 (lots of data points!), finding that more than 83% of the surveyed Firefox browsers were up-to-date. Safari scored 65.3%, Opera 58.1% and IE, not surprising, was the worst with 47.6% (it should be noticed, though, that IE6 has been considered, rightly, an “insecure version”).
The most important factor in this achievement is probably Firefox’s streamlined patching process, which is painless and hard to avoid: in facts, security updates are downloaded in background and proposed to the user as soon as they’re ready. He can refuse installing (e.g. not to interrupt his work), but as soon as the browser restarts they get installed nonetheless.
There’s obviously room for improvement. For instance, upgrading requires administrative privileges. Therefore, a warning to low-permissions users saying something like “You’re running an outdated version of Firefox, please ask your administrator to upgrade” would be helpful. But even so, Firefox already shows a stunning lead over its competitors.
One of the declared limits of this study is that nothing could be said about browser plugins, universally recognized as an endless source of security pain. Even on this side, though, Firefox has some clear advantages: plugins can be disabled either manually, from the Tools|Add-Ons|Plugins panel, or automatically through a centralized blacklist. Last but not least, if you’re really security minded, you can always adopt a whitelist approach.