Re: SM says Adobe plug-in unsafe, but no update available

[S Slicer]

Cruz, Jaime wrote:

null wrote:

For a very long time, through successive versions of SM, I have got the
message saying that Adobe Reader is vulnerable and should be updated.
The annoying thing about this is that I do have the latest version of
Reader, but SM still keeps on with this warning.

Does anyone else get this?


Don't use it.  Use pdf.js instead:
http://mozilla.github.io/pdf.js/


How do you install this program?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SM says Adobe plug-in unsafe, but no update available

[Ray_Net]

null wrote on 03-11-17 12:06:
For a very long time, through successive versions of SM, I have got 
the message saying that Adobe Reader is vulnerable and should be 
updated. The annoying thing about this is that I do have the latest 
version of Reader, but SM still keeps on with this warning.


Does anyone else get this?

You may use your Adobe Reader to open a pdf ... by following this:

1. Close your Mozilla application.
2. Open the Adobe Reader program and go to the "Edit -> Preferences"
   dialog.
3. Select the "Internet" category and deselect (uncheck) "Display PDF
   in browser".
4. Close Adobe Reader.
5. Open our Mozilla application and view the about:plugins page.

I always hate that a browser do the work of an external program.

I have Foxit-Reader who start when I "open" a pdf file inside my SM program.
You can do the same with Adobe Reader. - So no need the plugin.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: 2.49.2

[Frank-Rainer Grahl]

Bug 1385725 and Bug 1394106 are in it compared to 2.49.1 right now.

FRG



Richmond wrote:

WaltS48  writes:


On 11/3/17 10:48 AM, Richmond wrote:

No one is more surprised than I.



Where did you get that?

I don't see it in Candidates or Releases.






I checked it out from comm-esr52 and compiled it. I didn't know it was
going to be 2.49.2. And I meant to post the above to mozilla.test. I
think only the version number has changed.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

[Frank-Rainer Grahl]

The Fx version is in:

mozilla\browser\config\version.txt


Be aware that SeaMonkey is build from the THUNDERBIRD_52_VERBRANCH which is 
not bleeding edge but contains OSX and some other mailnews fixes. If you want 
bleeding edge you need to merge default to it.


FRG


Richmond wrote:

Frank-Rainer Grahl  writes:


2.49.1 is based on the latest 52.4 so the CVE is in it.



OK thanks but how can I tell that is the case without asking here? Or to
put it another way, how do I know when to recompile and what version of
firefox ESR the code I check out will be based on? (Maybe there is no
way).

(I am checking out from comm-esr52).


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

[Richmond via support-seamonkey]

Frank-Rainer Grahl  writes:

> 2.49.1 is based on the latest 52.4 so the CVE is in it.
>

OK thanks but how can I tell that is the case without asking here? Or to
put it another way, how do I know when to recompile and what version of
firefox ESR the code I check out will be based on? (Maybe there is no
way).

(I am checking out from comm-esr52).
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: 2.49.2

[Richmond via support-seamonkey]

WaltS48  writes:

> On 11/3/17 10:48 AM, Richmond wrote:
>> No one is more surprised than I.
>>
>
> Where did you get that?
>
> I don't see it in Candidates or Releases.
>
> 
>
> 

I checked it out from comm-esr52 and compiled it. I didn't know it was
going to be 2.49.2. And I meant to post the above to mozilla.test. I
think only the version number has changed.

-- 
~
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: 64-bit Seamonkey

[Frank-Rainer Grahl]

Because the infrastructure is a mess and every release build is hand crafted 
by ewong. 64 bit is coming but probably not in the next months.


FRG

Saul wrote:

Why not making also a 64-bit build when is ready?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

[Frank-Rainer Grahl]

2.49.1 is based on the latest 52.4 so the CVE is in it.

Richmond wrote:

How do I tell if, for example, CVE-2017-7810 has been addressed in
Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
it be in Seamonkey comm-esr52?

I have been looking here:

https://hg.mozilla.org/releases/comm-esr52/log

But cannot see anything corresponding to CVE numbers.

(I have used CVE-2017-7810 as an example)

(My previous post subject 2.49.2 was meant to be a test. I posted it in
the wrong place.)


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: 2.49.2

[Frank-Rainer Grahl]

Only Tinderbox builds right now:

https://archive.mozilla.org/pub/seamonkey/tinderbox-builds/comm-esr-linux64/1509647115/

We will see how 2.49.1 works before we do the next release based on 52.5. 
ewong managed to get 2.49.1 on bouncer. I was without internet yesterday. 
2.49.1 should be official on the website Monday at the latest.


FRG

WaltS48 wrote:

On 11/3/17 10:48 AM, Richmond wrote:

No one is more surprised than I.



Where did you get that?

I don't see it in Candidates or Releases.






___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

[Mason83]

On 03/11/2017 16:26, Richmond wrote:
> How do I tell if, for example, CVE-2017-7810 has been addressed in
> Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
> it be in Seamonkey comm-esr52?

https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810

Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason 
Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported 
memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these 
bugs showed evidence of memory corruption and we presume that with enough 
effort that some of these could be exploited to run arbitrary code.

References:
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598

NONE of these bugs are public, despite the CVE entry being created
over 6 months ago, and the fix being announced a month ago.

I don't know who's running the show at moz org, but someone
needs to give them a good kick in the bottom, if you ask me.

Regards.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: 2.49.2

[WaltS48]

On 11/3/17 10:48 AM, Richmond wrote:

No one is more surprised than I.



Where did you get that?

I don't see it in Candidates or Releases.





--
Go Bills, Steelers, Pitt, Pens and Sabres!
Coexist 
National Popular Vote 
Ubuntu 16.04LTS - Unity Desktop
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Security Vulnerability

[Richmond via support-seamonkey]

How do I tell if, for example, CVE-2017-7810 has been addressed in
Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
it be in Seamonkey comm-esr52?

I have been looking here:

https://hg.mozilla.org/releases/comm-esr52/log

But cannot see anything corresponding to CVE numbers.

(I have used CVE-2017-7810 as an example)

(My previous post subject 2.49.2 was meant to be a test. I posted it in
the wrong place.)

-- 
~
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

2.49.2

[Richmond]

No one is more surprised than I.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SM says Adobe plug-in unsafe, but no update available

[Cruz, Jaime]

null wrote:

For a very long time, through successive versions of SM, I have got the
message saying that Adobe Reader is vulnerable and should be updated.
The annoying thing about this is that I do have the latest version of
Reader, but SM still keeps on with this warning.

Does anyone else get this?


Don't use it.  Use pdf.js instead:
http://mozilla.github.io/pdf.js/

--
Jaime A. Cruz
President
Nassau Wings Motorcycle Club
http://www.nassauwings.org/

AMA District 34
http://www.AMADistrict34.com/
Freddy's Run
http://www.freddysrun.org/
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

SM says Adobe plug-in unsafe, but no update available

[null]

For a very long time, through successive versions of SM, I have got the 
message saying that Adobe Reader is vulnerable and should be updated. 
The annoying thing about this is that I do have the latest version of 
Reader, but SM still keeps on with this warning.


Does anyone else get this?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey