These issues have been fixed with Firefox ESR 68.4.1; current IceCat release on 68 branch is the 68.6.0. So, what's the problem?
On 10/03/20 10:29, [email protected] wrote: > Hello, > > It seems no one has replied to this. I think IceCat should no longer be > recommended to users until this issue is resolved especially since > IceCat is advertised as a browser with "Privacy protection features". > Suffice to say such protection features are no good if the browser > itself is vulnerable to the types of vulnerabilities as eluded to before. > > I understand that there aren't sufficient developers to maintain IceCat > but that does not mean the GNU website should offer the browser without > at least clearly addressing it's potential vulnerabilities on the > appropriate webpages. > > As of now, users might download, install and subsequently use IceCat > with the understanding that they have downloaded a browser with enhanced > privacy protection features while not being aware that it is potentially > susceptible to recently discovered vulnerabilities. > > This is precisely the sort of situation that free software, and free and > open information should prevent. > > I hope we can resolve this quickly. > > Kind regards, > Corne > > On 2/24/20 7:05 PM, [email protected] wrote: >> Hello, >> >> I was also really wondering about this as the current version of IceCat >> is a version of Firefox that was affected. >> >> On 24-02-2020 12:09, Arne Wichmann wrote: >>> Good day tou you! >>> >>> I see here some security problems referenced for Firefox, which are >>> probably applicable to Icecat, too: >>> >>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and >>> FallibleStoreElement >>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp >>> >>> More less critical ones are referenced, too. >>> >>> Are there plans to adress these? >>> >>> cu >>> >>> AW >>> -- --- Antonio Trande Fedora Project mailto 'sagitter at fedoraproject dot org' GPG key: 0x7B30EE04E576AA84 GPG key server: https://keys.openpgp.org/
signature.asc
Description: OpenPGP digital signature
