In <>,
Rostyslaw Lewyckyj <> wrote:

> Taken from
> *************************************************************************
> SANS NewsBites          December 12, 2008            Vol. 10, Num. 97
> *************************************************************************
>   --Firefox Tops List of Most Known Vulnerabilities in Applications
> (December 11, 2008)
> Whitelisting company Bit9 has compiled statistics on the applications
> with the most security vulnerabilities reported over the last year.
> Mozilla's Firefox web browser versions 2 and 3 top the list with 40
> reported flaws.  Adobe Acrobat versions 8.1.1 and 8.1.2 follow with 31
> reported flaws.  Windows Live (MSN) Messenger versions 4.7 and 5.1
> came in third with 19 flaws.  Fourth and fifth place were taken by
> Apple iTunes versions 3.2 and 3.1.2 and Skype version,
> respectively.

The article is highly misleading.  The Bit9 press release is
aimed only at enterprise. It explicitly rules out applications for which
updates can be applied via Microsoft's enterprise tools such as SMS and
WSUS.  IT departments are concerned about apps they can't control
directly very well and which users may install but not update to get
the needed patches.  The autoupdate mechanism of Firefox (and SeaMonkey
2, right?) should mitigate that a great deal, but no mention is made of

Probably Bit9 should have ruled out Firefox also, since it actually is
possible for IT to manage the updates if they use FrontMotion's
product, <>.

     Kleeneness is next to Gödelness.

support-seamonkey mailing list

Reply via email to