For Classic Gateway, Snap-based packages are not used. The system installs software from Ubuntu repositories wherever possible. In cases where a package from the Ubuntu repository results in a Snap-based installation, the system installs the software from a vendor-maintained repository instead (for example, Firefox).

As a result, some security tools might flag packages installed from the Ubuntu repository or a vendor-maintained repository as vulnerable or non-compliant because they are not installed as Snap packages.

This behavior is expected and does not indicate a security vulnerability.