On 12/13/2008 10:47 PM, Rostyslaw Lewyckyj wrote:
Taken from
*************************************************************************
SANS NewsBites December 12, 2008 Vol. 10, Num. 97
*************************************************************************
--Firefox Tops List of Most Known Vulnerabilities in Applications
(December 11, 2008)
Whitelisting company Bit9 has compiled statistics on the applications
with the most security vulnerabilities reported over the last year.
Mozilla's Firefox web browser versions 2 and 3 top the list with 40
reported flaws. Adobe Acrobat versions 8.1.1 and 8.1.2 follow with 31
reported flaws. Windows Live (MSN) Messenger versions 4.7 and 5.1 came
in third with 19 flaws. Fourth and fifth place were taken by Apple
iTunes versions 3.2 and 3.1.2 and Skype version 3.5.0.248, respectively.
http://www.vnunet.com/vnunet/news/2232492/firefox-tops-app-vulnerability
http://www.bit9.com/news-events/press-release-details.php?id=102


What really matters is time to fix said flaws, how aggressive the problems are. and time from "report" to "fix in users hands" aka: How much of a vulnerability it is in the wild.

Firefox (and SeaMonkey) has a very good track record with all of the above. Though as far as getting updates in users hands, Firefox is slightly better than SeaMonkey (due to auto-update) though SeaMonkey is not that far behind either.

There are many many more people, much more qualified than me, who have explained this in vivid detail as well.

Of note to everyone here is that Mozilla (SeaMonkey, Firefox etc.) report EVERY security bug once fixed and what it was. Some companies like IE, Apple, and possibly even Google (for chrome -- no data), if a security bug is only ever found and reported internally, they won't make it even known that it _ever_ existed. Where we do and fix it anyway. It is a very open community, therefore the potential for others to accurately gauge what bugs are fixed on our side is high, whereas on Microsoft or Apple's side is relatively low.

--
~Justin Wood (Callek)
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to