Hello, SeaMonkey 1.1.10 is available since 2008-07-02 Firefox 2.0.0.15 is available since 2008-07-01
So why are there no security update packages available by linux distributors? At first I thought Slackware is, again, a bit late with its security patch, but opensuse also has no patch package. Debian also seems to have no patch. Are linux distributors just silly as they don't publish updates or are the holes not as critical as they seem to me? At least this one: http://www.mozilla.org/security/announce/2008/mfsa2008-24.html seems to be trivial to exploit. Nearly any JS in chrome:// context calls something in the XUL it applies to. If this really allowes to get privileged status, then this seems to be *highly* critical. CU Manuel (who currently compiles SeaMonkey 1.1.10 on his own...) _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security