#6978: seamonkey-2.38
-------------------------+-----------------------
Reporter: fo | Owner: bdubbs@…
Type: enhancement | Status: closed
Priority: high | Milestone: 7.8
Component: BOOK | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+-----------------------
Description changed by fo:
Old description:
> Notice s/tar.bz2/tar.xz/
>
> [https://ftp.mozilla.org/pub/mozilla.org/seamonkey/releases/2.38/source/seamonkey-2.38.source.tar.xz]
>
> [https://ftp.mozilla.org/pub/mozilla.org/seamonkey/releases/2.38/MD5SUMS]
>
> d77b2550665a94a88c69368f4cf54833 source/seamonkey-2.38.source.tar.xz
>
> [https://www.mozilla.org/en-US/security/known-
> vulnerabilities/seamonkey/#seamonkey2.38]
>
> {{{
> Not published.
> }}}
>
> From [https://blog.seamonkey-project.org/tag/2.38/}
>
> {{{
> SeaMonkey 2.38
> Posted on September 27, 2015 by ewong| 2 Comments
>
> SeaMonkey 2.38 has been released.
>
> ’nuff Said. :)
>
> :ewong
> }}}
>
> '''Security Advisories for Seamonkey'''
>
> Not updated since version 2.33.1.
>
> But at page
>
> [http://www.seamonkey-project.org/releases/seamonkey2.38/]
>
> {{{
> ...
> The SSL 3.0 encryption protocol is no longer supported due to security
> concerns (bug 1106470). Legacy websites may still rely on it and will
> not work with the newer TLS 1.x protocols. Contact the website
> administrator to update their server to resolve the issue at the source.
> ...
> }}}
New description:
Notice s/tar.bz2/tar.xz/
[https://ftp.mozilla.org/pub/mozilla.org/seamonkey/releases/2.38/source/seamonkey-2.38.source.tar.xz]
[https://ftp.mozilla.org/pub/mozilla.org/seamonkey/releases/2.38/MD5SUMS]
d77b2550665a94a88c69368f4cf54833 source/seamonkey-2.38.source.tar.xz
[https://www.mozilla.org/en-US/security/known-
vulnerabilities/seamonkey/#seamonkey2.38]
{{{
Fixed in SeaMonkey 2.38
Critical
• 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
• 2015-106 Use-after-free while manipulating HTML media content
• 2015-104 Use-after-free with shared workers and IndexedDB
• 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
• 2015-81 Use-after-free in MediaStream playback
High
• 2015-112 Vulnerabilities found through code inspection
• 2015-111 Errors in the handling of CORS preflight request headers
• 2015-109 JavaScript immutable property enforcement can be bypassed
• 2015-105 Buffer overflow while decoding WebM video
Moderate
• 2015-114 Information disclosure via the High Resolution Time API
• 2015-110 Dragging and dropping images exposes final URL after
redirects
• 2015-108 Scripted proxies can access inner window
• 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
• 2015-102 Crash when using debugger with SavedStacks in JavaScript
• 2015-101 Buffer overflow in libvpx while parsing vp9 format video
• 2015-98 Out of bounds read in QCMS library with ICC V4 profile
attributes
• 2015-97 Memory leak in mozTCPSocket to servers
• 2015-91 Mozilla Content Security Policy allows for asterisk wildcards
in violation of CSP specification
Low
• 2015-103 URL spoofing in reader mode
• 2015-86 Feed protocol with POST bypasses mixed content protections
• 2015-68 OS X crash reports may contain entered key press information
}}}
From [https://blog.seamonkey-project.org/tag/2.38/}
{{{
SeaMonkey 2.38
Posted on September 27, 2015 by ewong| 2 Comments
SeaMonkey 2.38 has been released.
’nuff Said. :)
:ewong
}}}
'''Security Advisories for Seamonkey'''
Not updated since version 2.33.1.
But at page
[http://www.seamonkey-project.org/releases/seamonkey2.38/]
{{{
...
The SSL 3.0 encryption protocol is no longer supported due to security
concerns (bug 1106470). Legacy websites may still rely on it and will
not work with the newer TLS 1.x protocols. Contact the website
administrator to update their server to resolve the issue at the source.
...
}}}
--
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6978#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
