Re: OT: Gone from topic, now on security Re: For PGP Users-Likes and Dislikes of PGP

Joseph Ashwood wrote:

So to review the updates in the last month (since Microsoft
releases monthly this is a reasonable timeframe) there has been 1
update to IE (MS06-042), one update to OE (MS06-043), both
released last Tuesday.

And there're still 60+ vulnerabilities left open. Your point being?

My point being that you still have failed to name a single one.

No. You only asked for vulnerabilities in OE, and I also referred to
triggering MSIE vulnerabilities as well. And of those, I can name you a
lot. And I also named some non-inherited OE flaws as well.

You claimed that you knew several flaws, yet you have failed to name
even one.

Actually it's quite funny that you're not able to use Google, search on
Securityfocus or at other common places, which easily turns out some.
Shouldn't be to hard for so many existing.

But just for convience: <DT><H1 STYLE=width:1px><LI></H1> - a nifty
little memory corruption vulnerability which allows remote code execution.

I decided to save you a bit of trouble, I actually checked CVE for
you, there are 2 known vulnerabilities listed for OE in 2006, 2 more
in 2005, 4 in 2004, 2 in 2003.

CVE isn't the entire truth.

Just again: Due to inherit of all IE flaws, it's currently at 60+.

Thunderbird is very different story, there have been 53 listed
vulnerabilities in 2006.

Yeah. Potential information disclosure when JavaScript is enabled (which
it isn't by default) is way more critical than remote code execution.

That leaves the primary reason that OE is
exploied more often than Thunderbird being simply a numbers game.

Just like Apache vs. IIS?