Current binary release is 60.7.0 which is vulnerable and that is the problem, see: https://ftp.gnu.org/gnu/gnuzilla/?C=M;O=D
On 3/10/20 6:24 PM, Antonio Trande wrote: > These issues have been fixed with Firefox ESR 68.4.1; current IceCat > release on 68 branch is the 68.6.0. So, what's the problem? > > On 10/03/20 10:29, [email protected] wrote: >> Hello, >> >> It seems no one has replied to this. I think IceCat should no longer be >> recommended to users until this issue is resolved especially since >> IceCat is advertised as a browser with "Privacy protection features". >> Suffice to say such protection features are no good if the browser >> itself is vulnerable to the types of vulnerabilities as eluded to before. >> >> I understand that there aren't sufficient developers to maintain IceCat >> but that does not mean the GNU website should offer the browser without >> at least clearly addressing it's potential vulnerabilities on the >> appropriate webpages. >> >> As of now, users might download, install and subsequently use IceCat >> with the understanding that they have downloaded a browser with enhanced >> privacy protection features while not being aware that it is potentially >> susceptible to recently discovered vulnerabilities. >> >> This is precisely the sort of situation that free software, and free and >> open information should prevent. >> >> I hope we can resolve this quickly. >> >> Kind regards, >> Corne >> >> On 2/24/20 7:05 PM, [email protected] wrote: >>> Hello, >>> >>> I was also really wondering about this as the current version of IceCat >>> is a version of Firefox that was affected. >>> >>> On 24-02-2020 12:09, Arne Wichmann wrote: >>>> Good day tou you! >>>> >>>> I see here some security problems referenced for Firefox, which are >>>> probably applicable to Icecat, too: >>>> >>>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and >>>> FallibleStoreElement >>>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp >>>> >>>> More less critical ones are referenced, too. >>>> >>>> Are there plans to adress these? >>>> >>>> cu >>>> >>>> AW >>>> > >
