MozillaZine

SeaMonkey 2.0.11 more secure than Firefox?

Discussion of general topics about Seamonkey
SaintSatinStain

User avatar
 
Posts: 38
Joined: March 24th, 2009, 1:26 pm
Location: Huntsville, AL; Greenwich Village

Post Posted January 5th, 2011, 8:29 am

My research and experience with Internet Explorer, Firefox, Flock, K-Meleon, and SeaMonkey supports my advocacy for SeaMonkey. My studies though limited, by my sample and my qualifications, seem to indicate that SeaMonkey is more secure than Firefox and Internet Explorer.

SeaMonkey my default but I also use Firefox, K-Meleon, Internet Explorer. I dropped Flock even before it went Chromium because of its excessive RAM usage.

I recommend Opera to folk though I don't use it. I just don't like it, though a damn good browser.

Google Chrome I don't like; it installs to a strange place.

Internet Explorer I use gladly though still seems flawed, if only because it is still the biggest target. And volunteers seem more enthusiastic to correct faults than paid ones. IE 8 is better than previous Microsoft browsers.

I have installed Secunia PSI, I get CERT bulletins, and other reports on exploits and attacks on programs. I count fewer exploits in SeaMonkey than the other browsers that I use and have used. The SeaMonkey folk seem to fix problems quickly, but so do the Firefox coders. K-Meleon may have fewer publically known problems because its minority status is protection.

Do any believe that my perception that SeaMonkey the more secure browser may be correct? Have there been studies?
saint satin stain
Qui bibit, dormit; qui dormit, non peccat; qui non peccat, sanctus est; ergo qui bibit sanctus est.

malliz
Folder@Home

User avatar
 
Posts: 41894
Joined: December 7th, 2002, 4:34 am
Location: Aus

Post Posted January 5th, 2011, 2:21 pm

SaintSatinStain wrote:Do any believe that my perception that SeaMonkey the more secure browser may be correct?

No
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"

therube

User avatar
 
Posts: 13339
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted January 5th, 2011, 2:53 pm

More secure then FF, no, they should be the same.
More secure then IE, yes.
Chrome or others, wouldn't know.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

SaintSatinStain

User avatar
 
Posts: 38
Joined: March 24th, 2009, 1:26 pm
Location: Huntsville, AL; Greenwich Village

Post Posted February 13th, 2011, 10:43 am

malliz wrote:
SaintSatinStain wrote:Do any believe that my perception that SeaMonkey the more secure browser may be correct?

No

Succinct. It inspired me to do a more complete study, still not scientific. I did not control for time period the events occurred for one. I change my hypothesis because a more detailed look shows

Vulnerabilities:

K-Meleon 1.x
0 Vulnerabilities

Google Chrome 9.x
18 Vulnerabilities

Safari for Windows 3.x
42 Vulnerabilities

Opera 9.x
56 Vulnerabilities

Microsoft Internet Explorer 8.x
77 Vulnerabilities

Mozilla Firefox 3.6.x
85 Vulnerabilities

Mozilla SeaMonkey 2.x
94 Vulnerabilities

Un patched:

K-Meleon 1.x
Un patched 0%

Google Chrome 9.x
Un patched 0%
There are no Un patched Secunia advisories affecting this product, when all vendor patches are applied..


Mozilla Firefox 3.6.x
Un patched 0%
There are no Un patched Secunia advisories affecting this product, when all vendor patches are applied..

Mozilla SeaMonkey 2.x
Un patched 0%
There are no Un patched Secunia advisories affecting this product, when all vendor patches are applied..

Opera 9.x
Un patched 4% (1 of 25 Secunia advisories)
Most Critical Un patched
The most severe Un patched Secunia advisory affecting Opera 9.x, with all vendor patches applied, is rated Moderately critical

Safari for Windows 3.x
Un patched 20% (2 of 10 Secunia advisories)
The most severe Un patched Secunia advisory affecting Safari for Windows 3.x, with all vendor patches applied, is rated Highly critical

Microsoft Internet Explorer 8.x
Un patched 28% (5 of 18 Secunia advisories)
The most severe Un patched Secunia advisory affecting Microsoft Internet Explorer 8.x, with all vendor patches applied, is rated Less critical



http://secunia.com/advisories/product/

I change my brain about Google Chrome; it now joins K-Meleon, Firefox, SeaMonkey, and Internet Explorer 8 in my stable of browsers. I knew I liked K-Meleon a long time. I tried variations K-Ninja and others, but it had one deficiency no easy installation of extensions. It now has the KM Extensions manager. Examine, take my conclusions carefully, I am a poet not a scientist; although I am in a family of mathematicians, scientists, and technologists.

Note that the Gecko browsers and Google Chrome have no Un patched at the time that I got the stats, yesterday. Gecko communities are quicker to patch and do not lie - too many independent voices - and so seems the Google folk.

My observations seem to confirm what many critics of Microsoft say; it is deficient in patching holes expeditiously, and it not really transparent re information to end users. I have been quoting some of my friends who are more than the pretender to geek that I am, Opera is the most secure browser with a default installation - no addons added or tweak. I confess, I don't believe that now.

I believe that all software will have weaknesses, that open source software may have more because the code is open to review, more folk search for weaknesses, and that how fast the communities patch is maybe the most important factor in judgments of security.

Thus SeaMonkey still my default internet app. I don't put down the Firefox and Thunderbird duo; they are an awesome couple, yet together use more RAM than SeaMonkey. I just helped my niece install Firefox and Thunderbird. Thunderbird is best for her usage. It is so superior to most of the competition that SeaMonkey is the only other email client I'd recommend.

SeaMonkey 2.0.11 with the Lightning extension, Lightning 1.0b1, I like better than Outlook. I gave away my Microsoft Office to my grand nephew; his teachers recommend it for students. I disagree but wasn't going to use it. SeaMonkey is good for the home office, perhaps for the small office.

Enough of my unscientific discussion, yet remember you true geeks, I am the end user that you aim to get to use your software. I know that my relatives 70s, 80s, and 90s like SeaMonkey better than Outlook Express, Outlook, Pegasus, The Bat, and even Firefox - it takes a second. These are the email clients they're familiar with and some of the relatives are retired from the sciences or other work that required a knowledge of computer software. Especially the non scientists like SeaMonkey because it's easy to configure and use.

I end with my list, which includes one browser I previously poohpoohed.
SeaMonkey 2.0.11
K-Meleon 1.5.4
Firefox 3.6.13
Google Chrome 9.0.597.98
Internet Explorer 8

Even if you use multiple browsers a Gecko browser should be the default: K-Meleon, light weight and responsive; Firefox the dancing middle weight; SeaMonkey the convenient heavyweight.

So now attack an end user with pretensions to geekdom. It will make me stronger. I defer to your expertise if you explain. I do have some geek knowledge, but I defer to true geeks when they explain.
saint satin stain
Qui bibit, dormit; qui dormit, non peccat; qui non peccat, sanctus est; ergo qui bibit sanctus est.

James
Moderator

User avatar
 
Posts: 25585
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted February 13th, 2011, 4:03 pm

Secunia has been terrible (for years) at even being accurate on the amount of actual known vulnerabilities for multiple browsers besides Firefox, especially with browsers like Opera. I have found many vulnerabilities recorded at various sites elsewhere for some Opera versions that was never mentioned on Secunia and those mentioned on Secunia is often after the update release if ever.

K-Meleon 1.6.0 Beta2 is based on SeaMonkey 2.0.11 so the 0 Vulnerabilities mentioned on Secunia is not accurate and K-Meleon is updated much less often. The K-Meleon 1.5.4 you mentioned was released March 5, 2010.

Mozilla has been much more forthcoming about vulnerabilities in Firefox and Thunderbird (and SeaMonkey) as way to get people to update compared to the closed source browsers like IE and Opera. Problem is some people mistakenly see Firefox/SeaMonkey being much more vulnerable due to so called numbers of known made public by Mozilla.

I would say that in reality Firefox is the same as SeaMonkey. Also whenever it is a cross browser vulnerability, Firefox was usually the first to get a security update before other browsers for years.

http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/

Perhaps it will be this based on secure.
Firefox 3.6.13
SeaMonkey 2.0.11
K-Meleon 1.6.0 Beta2
Google Chrome 9.0.597.98 (a bit of unknown on actual).
.
K-Meleon 1.5.4
.
.
.

Internet Explorer 8 (77 when there could be 500 recorded or not elsewhere and more so when it is tied into Windows).
(*.mozillaZine.org is not Mozilla!)
The Complaint Department at Mozilla (current complaints) (<It is not a real complaint site but for jokes/testing of bugzilla).
The Complaint department link is borked until unknown time.

SaintSatinStain

User avatar
 
Posts: 38
Joined: March 24th, 2009, 1:26 pm
Location: Huntsville, AL; Greenwich Village

Post Posted March 27th, 2011, 7:48 am

James wrote:Secunia has been terrible (for years) at even being accurate on the amount of actual known vulnerabilities for multiple browsers besides Firefox, especially with browsers like Opera. I have found many vulnerabilities recorded at various sites elsewhere for some Opera versions that was never mentioned on Secunia and those mentioned on Secunia is often after the update release if ever.

The K-Meleon 1.5.4 you mentioned was released March 5, 2010.

Problem is some people mistakenly see Firefox/SeaMonkey being much more vulnerable due to so called numbers of known made public by Mozilla.

I would say that in reality Firefox is the same as SeaMonkey. Also whenever it is a cross browser vulnerability, Firefox was usually the first to get a security update before other browsers for years.

http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/known-vulnerabilities/

Perhaps it will be this based on secure.
Firefox 3.6.13
SeaMonkey 2.0.11
K-Meleon 1.6.0 Beta2
Google Chrome 9.0.597.98 (a bit of unknown on actual).
.
K-Meleon 1.5.4
.
.
.

Internet Explorer 8 (77 when there could be 500 recorded or not elsewhere and more so when it is tied into Windows).


I have learned from your post. Why I like posts, I get a free education and more questions.
I ignore the beta because only rarely do I download and install betas. I try to make decisions based on the best information I can find. I don't just use Secunia for my information. I base it on reviews from magazines paper and digital I have found consistently reliable.

Secunia seems reliable but I have also found vulnerabilities other places before they appeared on Secunia. Secunia has the advantage of collecting most, if not all all the time, and its PSI has kept my apps up to date .

You note that K-Meleon

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4

And SeaMonkey

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.18) Gecko/20110320 Lightning/1.0b1 SeaMonkey/2.0.13

...rv:1.8.1.24pre) Gecko/20100228
... rv:1.9.1.18) Gecko/20110320

They are not the same, though as with all Mozilla kids they share some code - all Gecko derived products share some code in rendering engine.
The code for K-Meleon is smaller;
I can understand and guess that K-Meleon is so simple with smaller code base that mistakes in coding seldom occur. That was always the reason for the more stable Apple OSs, smaller code than Microsoft's; although Apple never produced a full OS until OS X, if you believe, as I do, that a full OS has or attempts automatic memory management. I have and use Macs and Windows machines. I am not a OS religionist. I am not a browser religionist either. Smaller code base has it's advantages especially if produced and managed by skilled dedicated coders and editors.

K-Meleon uses fewer system resources.

Based on the same Gecko layout engine as Mozilla Firefox, K-Meleon uses native Windows application programming interface (API) to create the user interface, instead of using Mozilla's cross-platform XML User Interface Language (XUL) layer, and as a result, is tightly integrated into the look and feel of the Windows desktop;[1] this approach is similar to that of Galeon and Epiphany (for the GNOME desktop), and Camino (for Mac OS X). This also makes K-Meleon less resource-intensive and more responsive to user input.

http://en.wikipedia.org/wiki/K-Meleon

I don't assume because a project is open source it's best. I do believe that if a project is open source it has an advantage. I believe that the Gecko browsers, email, and other projects, given a bump by its large corporate origins, carried through by open source contributors, are among the best computer projects.

I ignore the beta of K-Meleon because it is not used by most end users of K-Meleon, and as generally acknowledged, betas are not recommended for most end users. I feel like the end user geek, perhaps a little bit more knowledge than most of y'all, yet still ignorant enough to be counted usual or average user.

I have PSI and for the past several months all of my browsers have been marked insecure for browsing - SeaMonkey, K-Meleon, Google Chrome, Firefox, and IE 8 - yet IE 8 is the only one still (let me check; I haven't checked today).

Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability still not fixed.

Secunia may sometimes be flawed; which institution isn't? It does provide a needed service. I don't use it alone when I make decisions, but it does collect statistics one cannot ignore.

Secunia does a good job, though not perfect. Please give citations that indicate it's terribly flawed.

I confess that much of what I say is opinion and information gleaned from a dozen forums I frequent. I'm a parrot with a wee bit of discernment.
saint satin stain
Qui bibit, dormit; qui dormit, non peccat; qui non peccat, sanctus est; ergo qui bibit sanctus est.

James
Moderator

User avatar
 
Posts: 25585
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted March 27th, 2011, 1:33 pm

SaintSatinStain wrote:
You note that K-Meleon

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4

And SeaMonkey

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.18) Gecko/20110320 Lightning/1.0b1 SeaMonkey/2.0.13

...rv:1.8.1.24pre) Gecko/20100228
... rv:1.9.1.18) Gecko/20110320


The K-Meleon/1.5.4 is outdated and potentially insecure now though as it was based on the old EOL Gecko 1.8.1.* that Firefox 2.0.0.* (Firefox 2.0.0.20 was last, released December 18, 2008) and since it has .24pre on end in Gecko version it was probably based on some random mozilla1.8.1 branch nightly source as the machines were still churning out those nightlies automatically even though the branch was finished with as of Firefox 2.0.0.20.

The K-Meleon 1.6.0 Beta2 is much more up to date security wise as it is based on the same as what the SeaMonkey 2.0.11 is using.
(*.mozillaZine.org is not Mozilla!)
The Complaint Department at Mozilla (current complaints) (<It is not a real complaint site but for jokes/testing of bugzilla).
The Complaint department link is borked until unknown time.

ndebord

User avatar
 
Posts: 636
Joined: December 7th, 2002, 9:53 am

Post Posted April 1st, 2011, 9:03 pm

K-Meleon 1.6.0 Beta2 can be homebrewed with newer Geckos* to improve performance, at least for now. With embed pulled, Galeon, Camino and K-Meleon will vanish into the sunset unless they move to WebKit.
XP PRO SP3, WebRoot, WinPatrol, MalwareBytes Anti-Exploit
Dulce bellum inexpertis

Return to SeaMonkey General


Who is online

Users browsing this forum: No registered users and 1 guest