subject:"Re\: Seamonkey 2.40\?"

> So given the results ... it appears to me that Adrian has
> indeed patched those builds agains the exploit.

Thanks!
Lee


On 12/4/16, NoOp  wrote:
> On 12/4/2016 10:16 AM, Lee wrote:
> 
>>
>> nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey
>> 2.47 has the patch for that exploit?
>
> I tested Adrian's 2.47's per bug report:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
> (See comments: 84, 85, and 86 - which for some reason have been marked
> as 'offtopic' by ryanvm)
> Comment #55 in 1321066 states "You can consider the presence of
> MOZ_RELEASE_ASSERT(!mHoldingEntries) in crash reports as confirmation
> that the patch has effectively neutralized the problem."
>
> Adrian's builds that I tested with the test case in comment 25 crashed
> with 'MOZ_RELEASE_ASSERT(!mHoldingEntries)':
>
> SM 2.47 linux 64:
> User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 20161201022155
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
>
> SM 2.47 Windows 32:
> User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 2016120109390
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
>
> SM 2.47 Windows 64
> User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
> Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 20161201025712
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
>
> So given the results and the comments in the bug report regarding
> 'MOZ_RELEASE_ASSERT(!mHoldingEntries)' it appears to me that Adrian has
> indeed patched those builds agains the exploit. (I'll forward this to
> Adrian to see if he can confirm)
>
> Gary
> 
> ___
> support-seamonkey mailing list
> support-seamonkey@lists.mozilla.org
> https://lists.mozilla.org/listinfo/support-seamonkey
>
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40

On 12/4/2016 2:31 PM, Pat Connors wrote:
> Okay, I am totally confused about what I should do or not do.  I am 
> thinking of not using 2.40 and instead use Microsoft Edge until 
> SeaMonkey does it update. Question, should I completely erase 2.40 or 
> does just not using it keep my computer safe?  Will 2.40 email be safe 
> or if I use Thunderbird for my email will that be safe?  Is Firefox also 
> unsafe?  Thanks in advance for helping me figure out what to do.
> 

Pat, these are my recommendations were I you - keep in mind that they
are only my personal recommendations & I've been known to be wrong in
the past, so I assume no responsibility for breakage. Note: wait for an
hour or two to see if anyone on this list finds issue with the following
before doing anything except #1.

1. Backup your SeaMonkey folder. You can accomplish this by doing a
standard copy & paste from Windows Explorer - copy
%APPDATA%\Mozilla\SeaMonkey\Profiles\
and paste to another folder/drive. In the event of any issues you can
copy from the backup location and paste back.

2. Download:

and

3. Exit SeaMonkey 2.40.

4. Install the downloaded seamonkey-2.47.en-US.win32.installer.exe (just
as any other .exe by double-clicking on the .exe from Windows Explorer).
Note you can uninstall 2.40 if you wish, but it is not necessary as you
are installing a 32bit version over your existing 32bit version.

5. Start SeaMonkey (2.47) and check to ensure that everything is working
properly. If you have issues with Lightning calendar, install the
lightning-5.2.en-US.win32.xpi from 'Tools|Add-ons
Manager|Extensions|Install Add-ons from file (cog wheel to the left of
the 'Search all add-ons' box).

If you still have issues feel free to email me directly (just drop the
.invalid at the end of my address for the correct email address).

Re Microsoft Edge - If you just want a now safe browser you can use the
most recent Firefox or Google Chrome, both have been fixed. Thunderbird
for email is fine also if you wish to go the Browser+Email client route.

Gary

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40

2016-12-04 Thread WaltS48


On 12/04/2016 05:31 PM, Pat Connors wrote:
Okay, I am totally confused about what I should do or not do.  I am 
thinking of not using 2.40 and instead use Microsoft Edge until 
SeaMonkey does it update. Question, should I completely erase 2.40 or 
does just not using it keep my computer safe?  Will 2.40 email be safe 
or if I use Thunderbird for my email will that be safe? Is Firefox 
also unsafe?  Thanks in advance for helping me figure out what to do.




I'll try to clarify.

Firefox versions ESR 45.5.1 and 50.0.2, and Thunderbird 45.5.1 have been 
quickly patched to fix a known security vulnerability.


SeaMonkey 2.40 has not been patched to fix this known security 
vulnerability.


All including Edge are subject to unknown security vulnerabilities until 
discovered and patched.


--
Visit Pittsburgh 
Coexist 
National Popular Vote 
Ubuntu 16.04LTS

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 2:49 PM, Richmond wrote:
> Richmond  writes:
> 
>> In this thread there are some test cases:
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
>>
> 
> I cannot get Aurora to crash today. I am not sure why. But some of the
> tests show that the address sanitizer has trapped something. So maybe
> having a build with debugging stops the bug anyway?
> 

Once you are on the test url, do a page reload and that should give you
a crash. If it doesn't crash it most likely is not fixed. If it does
crash, restart SeaMonkey and check the crash in about:crashes to see if
it contains 'MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)'

You might want to sandbox or run the test in a test VM so that you don't
possibly affect your production system(s).

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

Richmond  writes:

> In this thread there are some test cases:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
>

I cannot get Aurora to crash today. I am not sure why. But some of the
tests show that the address sanitizer has trapped something. So maybe
having a build with debugging stops the bug anyway?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 2:25 PM, Richmond wrote:
> NoOp  writes:
> 
>> On 12/4/2016 11:50 AM, Richmond wrote:
>>> NoOp  writes:
>>> 
>>> 
 (See comments: 84, 85, and 86 - which for some reason have been marked
 as 'offtopic' by ryanvm)
>>> 
>>> Because the bug report is for firefox, not seamonkey.
>>> 
>>
>> Sorry, but I disagree:
>>
>> Product: Core
>> Shared components used by Firefox and other Mozilla software, including
>> handling of Web content; Gecko, HTML, CSS, layout, DOM, scripts, images,
>> networking, etc. Issues with web page layout probably go here, while
>> Firefox user interface issues belong in the Firefox product.
>>
>> And if it were *only* for firefox, then the comments regarding
>> Thunderbird would have been offtopic as well.
> 
> OK. Maybe it is because it's an unofficial build then? Is seamonkey a
> mozilla project?
> 

Perhaps, but still not offtopic IMO. SeaMonkey is not a mozilla project
& neither is Thunderbird - so as far as Mozilla are concerned, there
aren't any SeaMonkey or Thunderbird 'Official Mozilla project' builds.
Adrian's builds are built from the same code as the "official" builds:

about:buildconfig
Source
Built from
https://hg.mozilla.org/releases/comm-release/rev/2b7b2c0506021bece31c290d4fecf681e811ddbb


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40

2016-12-04 Thread Pat Connors

Okay, I am totally confused about what I should do or not do.  I am 
thinking of not using 2.40 and instead use Microsoft Edge until 
SeaMonkey does it update. Question, should I completely erase 2.40 or 
does just not using it keep my computer safe?  Will 2.40 email be safe 
or if I use Thunderbird for my email will that be safe?  Is Firefox also 
unsafe?  Thanks in advance for helping me figure out what to do.


--
Pat Connors
http://www.connorsgenealogy.com

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

NoOp  writes:

> On 12/4/2016 11:50 AM, Richmond wrote:
>> NoOp  writes:
>> 
>> 
>>> (See comments: 84, 85, and 86 - which for some reason have been marked
>>> as 'offtopic' by ryanvm)
>> 
>> Because the bug report is for firefox, not seamonkey.
>> 
>
> Sorry, but I disagree:
>
> Product:  Core
> Shared components used by Firefox and other Mozilla software, including
> handling of Web content; Gecko, HTML, CSS, layout, DOM, scripts, images,
> networking, etc. Issues with web page layout probably go here, while
> Firefox user interface issues belong in the Firefox product.
>
> And if it were *only* for firefox, then the comments regarding
> Thunderbird would have been offtopic as well.

OK. Maybe it is because it's an unofficial build then? Is seamonkey a
mozilla project?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 11:33 AM, NoOp wrote:
> On 12/4/2016 10:16 AM, Lee wrote:
> 
>> 
>> nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey
>> 2.47 has the patch for that exploit?
> 
> I tested Adrian's 2.47's per bug report:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
> (See comments: 84, 85, and 86 - which for some reason have been marked
> as 'offtopic' by ryanvm)
> Comment #55 in 1321066 states "You can consider the presence of
> MOZ_RELEASE_ASSERT(!mHoldingEntries) in crash reports as confirmation
> that the patch has effectively neutralized the problem."
> 
> Adrian's builds that I tested with the test case in comment 25 crashed
> with 'MOZ_RELEASE_ASSERT(!mHoldingEntries)':
> 
> SM 2.47 linux 64:
> User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 20161201022155
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
> 
> SM 2.47 Windows 32:
> User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 2016120109390
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
> 
> SM 2.47 Windows 64
> User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
> Gecko/20100101
> SeaMonkey/2.47
> Build identifier: 20161201025712
> MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)
> 
> So given the results and the comments in the bug report regarding
> 'MOZ_RELEASE_ASSERT(!mHoldingEntries)' it appears to me that Adrian has
> indeed patched those builds agains the exploit. (I'll forward this to
> Adrian to see if he can confirm)

Follow-up from Adrian:

I can't do that, as I haven't patched anything. I've just started my
builds *after* Mozilla did land the SVG patches on mozilla-release, so I
can only assume, that they are in. Only testing (like you did) can
ensure, that the patches are really in.


So I reckon that they are good given the crash results as long as the
builds that you are using are 20161201 or newer.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 11:50 AM, Richmond wrote:
> NoOp  writes:
> 
> 
>> (See comments: 84, 85, and 86 - which for some reason have been marked
>> as 'offtopic' by ryanvm)
> 
> Because the bug report is for firefox, not seamonkey.
> 

Sorry, but I disagree:

Product:Core
Shared components used by Firefox and other Mozilla software, including
handling of Web content; Gecko, HTML, CSS, layout, DOM, scripts, images,
networking, etc. Issues with web page layout probably go here, while
Firefox user interface issues belong in the Firefox product.

And if it were *only* for firefox, then the comments regarding
Thunderbird would have been offtopic as well.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-04 Thread Ray_Net


Lee wrote on 04-12-16 19:16:

On 12/4/16, Ray_Net  wrote:

Lee wrote on 04-12-16 17:18:

On 12/4/16, Desiree  wrote:

On 12/3/2016 3:30 AM, TCW wrote:

On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
wrote:


I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.


<.. snip ..>

Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
going to fix the problem he's facing any time soon. No sense running
unsecure. Likely the only thing you'd need to worry about are some
add-ons not working but you can always check those before installing
for compatibility. And if not, you can use the add-on converter
(http://addonconverter.fotokraina.com) if there's a Firefox
equivalent. It's worked well for me with, for example, Privacy Badger.


I disagree.  If one practices safe hex at all times

Can Firefox or SeaMonkey automatically update on your machine? If yes
you're running with admin privs and are _not_ practicing safe
anything.


there is no need to be afraid.

https://en.wikipedia.org/wiki/Malvertising
surely merits at least concern.  My attitude is that if a site has
ads, it can not be considered safe; no matter how reputable the site.


There are things worse than security issues.

https://en.wikipedia.org/wiki/Ransomware
How good is your backup/restore solution?  Ever tested it?


Most everyone on this list has decided to keep running vulnerable
software.  I get that.  Presumably they're all adults & can make their
own decisions.  But disregarding the risks seems a bit.. reckless.

Regards,
Lee

I agree to upgrade to a version where the SVG exploit is not possible,

nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey
2.47 has the patch for that exploit?


BUT give us an officially released version .

The official build system still doesn't work :(


We are stuck with 2.40 . 2.46 has been announced a long time ago,
but it seems now that we need 2.47 which is not officially released yet

So WHAT ?

Back everything up, download an unofficial release of SM from
   https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/
uninstall SeaMonkey 2.40, install the new version


We looks like an ass that sees before him a carrot at the end of a stick

Yeah.. using an unofficial version of SeaMonkey does feel a bit like
buying name-brand goods from somebody selling the stuff from the back
of their van.  But the official build system doesn't, so you get to
stay with what you've got (which has too many known vulns. for my
taste) or go with an unofficial version.  Up to you.

Personally, I'm really glad that akalla is making the unofficial
builds available.

Regards,
Lee

In the past .. we got, let's say the 2.40.1 officially released ...
In fact, I don't understand why we cannot construct a coding without 
vulnerability ... is it so difficult ?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-04 Thread sean

On 12/02/2016 03:30 PM, NFN Smith wrote:
I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.

I'm one of the users that has stayed with 2.40, and for the most part,
I'm content to wait until a new release comes through the normal update
channel, although I am concerned about the number of security fixes
accumulating, that have been applied to Firefox and Thunderbird.

Right now, the primary question would is whether there will be an update
to 2.40 to address the SVG exploit, or if it's going to take moving to
one of the later builds, to get that.

I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
and I hope he's able to get a breakthrough soon. (Personally, I'm OK
with dropping both Chatzilla and DOM). But it appears that nothing is
going to be coming down the official pipeline for a while.

Assuming that, what are the options?

- Stay with 2.40, and hope that most of the risk can be offset by use of
NoScript, as suggested by Frank-Rainer Grahl? I already run NoScript, so
I'm used to how that behaves.

- Use one of Adrian Kalla's unofficial builds? If so, which build, and
what potential problems are there?

- Something else?

Our organization uses mostly Firefox and Thunderbird, as preferred
clients. (I'm actually one of only a couple that use Seamonkey). We have
a fairly aggressive policy stance about requiring our users to apply
security updates promptly. I know that the last time there was a break
in Seamonkey development, one of our admins was questioning me about
whether Seamonkey is still supported -- at that time, I was running the
most current version, but it was already behind Firefox development, and
the current gap between releases is even larger. For me, a temporary
move from Seamonkey to Firefox isn't a huge thing, but having to
relocate my mail to Thunderbird is more painful, as I still do nearly
everything through POP.

Smith

Elected to find the most recent 2.49a2 SM build for 64 bit linux, from
Dec 4 here:

https://archive.mozilla.org/pub/seamonkey/nightly/2016/12/2016-12-04-01-30-01-comm-aurora/

so far, so good...

sean
--
The purpose of life is to be happy.
~ Dalai Lama
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-04 Thread WaltS48


On 12/04/2016 11:48 AM, TCW wrote:

On Sun, 04 Dec 2016 03:29:14 -1000, Desiree 
wrote:


On 12/3/2016 3:30 AM, TCW wrote:

On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
wrote:


I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.

I'm one of the users that has stayed with 2.40, and for the most part,
I'm content to wait until a new release comes through the normal update
channel, although I am concerned about the number of security fixes
accumulating, that have been applied to Firefox and Thunderbird.

Right now, the primary question would is whether there will be an update
to 2.40 to address the SVG exploit, or if it's going to take moving to
one of the later builds, to get that.

I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
and I hope he's able to get a breakthrough soon. (Personally, I'm OK
with dropping both Chatzilla and DOM). But it appears that nothing is
going to be coming down the official pipeline for a while.

Assuming that, what are the options?

- Stay with 2.40, and hope that most of the risk can be offset by use of
NoScript, as suggested by Frank-Rainer Grahl? I already run NoScript, so
I'm used to how that behaves.

- Use one of Adrian Kalla's unofficial builds? If so, which build, and
what potential problems are there?

- Something else?


Our organization uses mostly Firefox and Thunderbird, as preferred
clients. (I'm actually one of only a couple that use Seamonkey). We have
a fairly aggressive policy stance about requiring our users to apply
security updates promptly. I know that the last time there was a break
in Seamonkey development, one of our admins was questioning me about
whether Seamonkey is still supported -- at that time, I was running the
most current version, but it was already behind Firefox development, and
the current gap between releases is even larger. For me, a temporary
move from Seamonkey to Firefox isn't a huge thing, but having to
relocate my mail to Thunderbird is more painful, as I still do nearly
everything through POP.

Smith

Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
going to fix the problem he's facing any time soon. No sense running
unsecure. Likely the only thing you'd need to worry about are some
add-ons not working but you can always check those before installing
for compatibility. And if not, you can use the add-on converter
(http://addonconverter.fotokraina.com) if there's a Firefox
equivalent. It's worked well for me with, for example, Privacy Badger.


I disagree.  If one practices safe hex at all times there is no need to
be afraid.  There are things worse than security issues. Fx 45.5.1 ESR
is unusable.  I should never have upgraded even to Fx 45 ESR but it was
this last update that was the nail in the coffin.  I recently upgraded
Pale Moon 25.8 to 26.0 it also has become unusable after the move from
gecko engine to goanna engine.  I still use Thunderbird 24.7 and will
not upgrade.  Of all my many browsers, the ONLY one that is completely
reliable for everything is the final version of the original Opera
(12.18).  SeaMonkey 2.40 works well also so I will not upgrade it until
there is an OFFICIAL version available via internal push and I may not
upgrade even then because it may be the same disaster that Fx 45.5.1
ESR is currently.  The last good Fx was version 43 and that is what
SeaMonkey 2.40 is based on.

This is tantamount to driving without insurance. Safe hex is about as
relevant as "if it ain't broke, don't fix it." Bad advice. Complex
software *always* has as yet undiscovered bugs and security problems
as we've just seen by the SVG bug that can pwn your machine by simply
visiting a site with certain Javascript code. A bug that was thought
to have been fixed since 2013. No amount of safe hex, anti-malware,
anti-virus can protect you from vulnerability no one knows about. We
live in a world were actors use these unknown exploits to snoop,
steal, spy or do other bad things. How much you want to bet in a few
years another javascript exploit based almost exactly on this code
will get 0-dayed? This same exploit code got changed slightly as
compared to the 2013 code and it *still* works! Security vendors
cannot keep up with the changes and no developer will find every
exploitable bug. I don't practice safe hex, I practice proactive
defense.

If you chose to use old versions because you like the way they work,
fine. Don't act surprised when your bank account is emptied.



The actors also continue to use the known vulnerabilities to attack systems.

If you check malware statistics, you often find viruses listed there 
that exploit known vulnerabilities that have already been patched. 
These kind of attacks are successful because user systems are not patched.


REF: 

--
Visit Pittsburgh 
Coexist

Re: Seamonkey 2.40 and SVG exploit

NoOp  writes:


> (See comments: 84, 85, and 86 - which for some reason have been marked
> as 'offtopic' by ryanvm)

Because the bug report is for firefox, not seamonkey.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 10:16 AM, Lee wrote:

> 
> nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey
> 2.47 has the patch for that exploit?

I tested Adrian's 2.47's per bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
(See comments: 84, 85, and 86 - which for some reason have been marked
as 'offtopic' by ryanvm)
Comment #55 in 1321066 states "You can consider the presence of
MOZ_RELEASE_ASSERT(!mHoldingEntries) in crash reports as confirmation
that the patch has effectively neutralized the problem."

Adrian's builds that I tested with the test case in comment 25 crashed
with 'MOZ_RELEASE_ASSERT(!mHoldingEntries)':

SM 2.47 linux 64:
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
SeaMonkey/2.47
Build identifier: 20161201022155
MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)

SM 2.47 Windows 32:
User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
SeaMonkey/2.47
Build identifier: 2016120109390
MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)

SM 2.47 Windows 64
User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
Gecko/20100101
SeaMonkey/2.47
Build identifier: 20161201025712
MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries)

So given the results and the comments in the bug report regarding
'MOZ_RELEASE_ASSERT(!mHoldingEntries)' it appears to me that Adrian has
indeed patched those builds agains the exploit. (I'll forward this to
Adrian to see if he can confirm)

Gary

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Richmond  wrote:
> Lee  writes:
>
>
>> Can Firefox or SeaMonkey automatically update on your machine? If yes
>> you're running with admin privs and are _not_ practicing safe
>> anything.
>>
>
> That isn't quite true. If you are running firefox on windows you can
> install the mozilla update service and it will update firefox. (If it is
> working properly)(Because the update service runs with admin priv).

^shrug^  It's possible I've done something to break the update
service.   The last time I tried checking for updates as a
non-privileged user (and there was an update) it came back with
something about I don't have sufficient privs.  Log out, log in as the
admin, update & I'm good to go.

Regards,
Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Ray_Net  wrote:
> Lee wrote on 04-12-16 17:18:
>> On 12/4/16, Desiree  wrote:
>>> On 12/3/2016 3:30 AM, TCW wrote:
 On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
 wrote:

> I'm watching discussions relating to the SVG exploit, and am a little
> confused about what steps I should take.
>
>><.. snip ..>
 Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
 going to fix the problem he's facing any time soon. No sense running
 unsecure. Likely the only thing you'd need to worry about are some
 add-ons not working but you can always check those before installing
 for compatibility. And if not, you can use the add-on converter
 (http://addonconverter.fotokraina.com) if there's a Firefox
 equivalent. It's worked well for me with, for example, Privacy Badger.

>>> I disagree.  If one practices safe hex at all times
>> Can Firefox or SeaMonkey automatically update on your machine? If yes
>> you're running with admin privs and are _not_ practicing safe
>> anything.
>>
>>> there is no need to be afraid.
>> https://en.wikipedia.org/wiki/Malvertising
>> surely merits at least concern.  My attitude is that if a site has
>> ads, it can not be considered safe; no matter how reputable the site.
>>
>>> There are things worse than security issues.
>> https://en.wikipedia.org/wiki/Ransomware
>> How good is your backup/restore solution?  Ever tested it?
>>
>>
>> Most everyone on this list has decided to keep running vulnerable
>> software.  I get that.  Presumably they're all adults & can make their
>> own decisions.  But disregarding the risks seems a bit.. reckless.
>>
>> Regards,
>> Lee
>
> I agree to upgrade to a version where the SVG exploit is not possible,

nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey
2.47 has the patch for that exploit?

> BUT give us an officially released version .

The official build system still doesn't work :(

> We are stuck with 2.40 . 2.46 has been announced a long time ago,
> but it seems now that we need 2.47 which is not officially released yet
> 
> So WHAT ?

Back everything up, download an unofficial release of SM from
  https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/
uninstall SeaMonkey 2.40, install the new version

> We looks like an ass that sees before him a carrot at the end of a stick

Yeah.. using an unofficial version of SeaMonkey does feel a bit like
buying name-brand goods from somebody selling the stuff from the back
of their van.  But the official build system doesn't, so you get to
stay with what you've got (which has too many known vulns. for my
taste) or go with an unofficial version.  Up to you.

Personally, I'm really glad that akalla is making the unofficial
builds available.

Regards,
Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

Lee  writes:

> Can Firefox or SeaMonkey automatically update on your machine? If yes
> you're running with admin privs and are _not_ practicing safe
> anything.
>

That isn't quite true. If you are running firefox on windows you can
install the mozilla update service and it will update firefox. (If it is
working properly)(Because the update service runs with admin priv).
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-04 Thread Ray_Net


Lee wrote on 04-12-16 17:18:

On 12/4/16, Desiree  wrote:

On 12/3/2016 3:30 AM, TCW wrote:

On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
wrote:


I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.


   <.. snip ..>

Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
going to fix the problem he's facing any time soon. No sense running
unsecure. Likely the only thing you'd need to worry about are some
add-ons not working but you can always check those before installing
for compatibility. And if not, you can use the add-on converter
(http://addonconverter.fotokraina.com) if there's a Firefox
equivalent. It's worked well for me with, for example, Privacy Badger.


I disagree.  If one practices safe hex at all times

Can Firefox or SeaMonkey automatically update on your machine? If yes
you're running with admin privs and are _not_ practicing safe
anything.


there is no need to be afraid.

https://en.wikipedia.org/wiki/Malvertising
surely merits at least concern.  My attitude is that if a site has
ads, it can not be considered safe; no matter how reputable the site.


There are things worse than security issues.

https://en.wikipedia.org/wiki/Ransomware
How good is your backup/restore solution?  Ever tested it?


Most everyone on this list has decided to keep running vulnerable
software.  I get that.  Presumably they're all adults & can make their
own decisions.  But disregarding the risks seems a bit.. reckless.

Regards,
Lee
I agree to upgrade to a version where the SVG exploit is not possible, 
BUT give us an officially released version .
We are stuck with 2.40 . 2.46 has been announced a long time ago, 
but it seems now that we need 2.47 which is not officially released yet 

So WHAT ?

We looks like an ass that sees before him a carrot at the end of a stick
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Desiree  wrote:
> On 12/3/2016 3:30 AM, TCW wrote:
>> On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
>> wrote:
>>
>>>I'm watching discussions relating to the SVG exploit, and am a little
>>>confused about what steps I should take.
>>>
  <.. snip ..>
>>
>> Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
>> going to fix the problem he's facing any time soon. No sense running
>> unsecure. Likely the only thing you'd need to worry about are some
>> add-ons not working but you can always check those before installing
>> for compatibility. And if not, you can use the add-on converter
>> (http://addonconverter.fotokraina.com) if there's a Firefox
>> equivalent. It's worked well for me with, for example, Privacy Badger.
>>
> I disagree.  If one practices safe hex at all times

Can Firefox or SeaMonkey automatically update on your machine? If yes
you're running with admin privs and are _not_ practicing safe
anything.

> there is no need to be afraid.

https://en.wikipedia.org/wiki/Malvertising
surely merits at least concern.  My attitude is that if a site has
ads, it can not be considered safe; no matter how reputable the site.

> There are things worse than security issues.

https://en.wikipedia.org/wiki/Ransomware
How good is your backup/restore solution?  Ever tested it?

Most everyone on this list has decided to keep running vulnerable
software.  I get that.  Presumably they're all adults & can make their
own decisions.  But disregarding the risks seems a bit.. reckless.

Regards,
Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-04 Thread Desiree


On 12/3/2016 3:30 AM, TCW wrote:

On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith 
wrote:


I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.

I'm one of the users that has stayed with 2.40, and for the most part,
I'm content to wait until a new release comes through the normal update
channel, although I am concerned about the number of security fixes
accumulating, that have been applied to Firefox and Thunderbird.

Right now, the primary question would is whether there will be an update
to 2.40 to address the SVG exploit, or if it's going to take moving to
one of the later builds, to get that.

I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
and I hope he's able to get a breakthrough soon. (Personally, I'm OK
with dropping both Chatzilla and DOM). But it appears that nothing is
going to be coming down the official pipeline for a while.

Assuming that, what are the options?

- Stay with 2.40, and hope that most of the risk can be offset by use of
NoScript, as suggested by Frank-Rainer Grahl? I already run NoScript, so
I'm used to how that behaves.

- Use one of Adrian Kalla's unofficial builds? If so, which build, and
what potential problems are there?

- Something else?


Our organization uses mostly Firefox and Thunderbird, as preferred
clients. (I'm actually one of only a couple that use Seamonkey). We have
a fairly aggressive policy stance about requiring our users to apply
security updates promptly. I know that the last time there was a break
in Seamonkey development, one of our admins was questioning me about
whether Seamonkey is still supported -- at that time, I was running the
most current version, but it was already behind Firefox development, and
the current gap between releases is even larger. For me, a temporary
move from Seamonkey to Firefox isn't a huge thing, but having to
relocate my mail to Thunderbird is more painful, as I still do nearly
everything through POP.

Smith


Use the Adrian Kalla build. Seriously, it doesn't look like EWong's
going to fix the problem he's facing any time soon. No sense running
unsecure. Likely the only thing you'd need to worry about are some
add-ons not working but you can always check those before installing
for compatibility. And if not, you can use the add-on converter
(http://addonconverter.fotokraina.com) if there's a Firefox
equivalent. It's worked well for me with, for example, Privacy Badger.

I disagree.  If one practices safe hex at all times there is no need to 
be afraid.  There are things worse than security issues. Fx 45.5.1 ESR 
is unusable.  I should never have upgraded even to Fx 45 ESR but it was 
this last update that was the nail in the coffin.  I recently upgraded 
Pale Moon 25.8 to 26.0 it also has become unusable after the move from 
gecko engine to goanna engine.  I still use Thunderbird 24.7 and will 
not upgrade.  Of all my many browsers, the ONLY one that is completely 
reliable for everything is the final version of the original Opera 
(12.18).  SeaMonkey 2.40 works well also so I will not upgrade it until 
there is an OFFICIAL version available via internal push and I may not 
upgrade even then because it may be the same disaster that Fx 45.5.1 
ESR is currently.  The last good Fx was version 43 and that is what 
SeaMonkey 2.40 is based on.





___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Lee

On 12/3/16, Pat Connors  wrote:
> I am so confused!
>
> I get it that 2.40 SeaMonkey has some problems, not sure what they are
> other than vulnerabilities.

I'd say that's plenty enough of a problem.

The latest 0day has example code posted, so the script kiddies have it
-- which is probably why we have a brand new SeaMonkey 2.47 available
at
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/

>  Someone said to 'Turn off javascript' but
> do not know how to do so.

 edit / preferences / advanced / scripts & plugins : remove the
checkmark next to enable javascript for browser

But unless you also use another browser or are using SeaMonkey just
for reading mail, turning off javascript isn't a reasonable
work-around.  I'm pretty extreme with 'no, I don't allow javascript'
but even so, there's still a few sites where I allow it.
Noscript is a reasonable compromise
  https://addons.mozilla.org/en-US/firefox/addon/noscript/
but it does break things, does "phone home", has a default whitelist I
disagree with, etc.
All of which can be worked around, but if you're not using it now it
is going to be a bit of a learning curve.

> Others are saying to use a later release not yet on SeaMonkey site and
> not use 2.40 at all.  Okay, I think I like this option but need the
> exact link to the windows 64 version that is okay to use.

Just curious - why do you want the 64 bit version?

If you're using SM 2.40 I'm pretty sure it's a 32 bit program, so your
safest bet is to use the 32 bit version here:
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/seamonkey-2.47.en-US.win32.installer.exe

If you do want to use the 64 bit version, it's here
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows64/seamonkey-2.47.en-US.win64.installer.exe

but know that by default it installs into a different place than your
old SeaMonkey, so uninstall the 2.40 version of SeaMonkey first.
Well.. actually second.  The first thing you should do is backup your
PC & maybe even create a restore point, then uninstall SeaMonkey &
finally install your new version of SeaMonkey

> Thanks in advance for making this clear for me.

Good luck!

Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Mason83

On 03/12/2016 20:47, Pat Connors wrote:
> I am so confused!
> 
> I get it that 2.40 SeaMonkey has some problems, not sure what they are 
> other than vulnerabilities.  Someone said to 'Turn off javascript' but 
> do not know how to do so.
> 
> Others are saying to use a later release not yet on SeaMonkey site and 
> not use 2.40 at all.  Okay, I think I like this option but need the 
> exact link to the windows 64 version that is okay to use.

Several people here are using Adrian's build.
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/

And most people use NoScript to selectively enable Javascript
for a small number of trusted (white-listed) domains.

Regards.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Pat Connors


I am so confused!

I get it that 2.40 SeaMonkey has some problems, not sure what they are 
other than vulnerabilities.  Someone said to 'Turn off javascript' but 
do not know how to do so.


Others are saying to use a later release not yet on SeaMonkey site and 
not use 2.40 at all.  Okay, I think I like this option but need the 
exact link to the windows 64 version that is okay to use.


Thanks in advance for making this clear for me.

--
Pat Connors
http://www.connorsgenealogy.com

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Richmond

EE  writes:

> I am using a Tinderbox build of SM 2.47 quite happily.  It works for
> me pretty well.  It is also dated Dec 2, so hopefully has a patched
> Firefox core in it.  Also, some of the bugs that were present in 2.40
> are gone.

In this thread there are some test cases:

https://bugzilla.mozilla.org/show_bug.cgi?id=1321066

I am running SM 2.48a2 Aurora. Earlier today one of the cases was
crashing it (The one in comment 25). What I have done is disabled
loading images in SM. This stops the crash happening. Even if I enable
loading images from the image manager menu for the crash site, it still
doesn't crash.

There is some mention in the thread about "safe crashes" so I am not
sure if this crash is proof of vulnerability, but I will leave things as
they are for the moment.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread EE


NoOp wrote:

On 12/2/2016 2:30 PM, NFN Smith wrote:

I'm watching discussions relating to the SVG exploit, and am a little
 confused about what steps I should take.

I'm one of the users that has stayed with 2.40, and for the most
part, I'm content to wait until a new release comes through the
normal update channel, although I am concerned about the number of
security fixes accumulating, that have been applied to Firefox and
Thunderbird.

Right now, the primary question would is whether there will be an
update to 2.40 to address the SVG exploit, or if it's going to take
moving to one of the later builds, to get that.

I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
 and I hope he's able to get a breakthrough soon. (Personally, I'm OK
 with dropping both Chatzilla and DOM). But it appears that nothing
is going to be coming down the official pipeline for a while.

Assuming that, what are the options?

- Stay with 2.40, and hope that most of the risk can be offset by use
of NoScript, as suggested by Frank-Rainer Grahl? I already run
NoScript, so I'm used to how that behaves.


Turn off javascript and leave it off until 2.40 is patched. Better yet,
turn off 2.40 until 2.40 is patched.



- Use one of Adrian Kalla's unofficial builds? If so, which build,
and what potential problems are there?


Yes, 2.47

- latest-comm-release-

- Something else?


Our organization uses mostly Firefox and Thunderbird, as preferred
clients. (I'm actually one of only a couple that use Seamonkey).


I HIGHLY recommend removing 2.40 from ALL work networks.
https://blog.mozilla.org/security/category/security/
https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey/
o now compare to everything fixed in Firefox and Thunderbird since 2.40
was released:




We

have a fairly aggressive policy stance about requiring our users to
apply security updates promptly. I know that the last time there was
a break in Seamonkey development, one of our admins was questioning
me about whether Seamonkey is still supported -- at that time, I was
running the most current version, but it was already behind Firefox
development, and the current gap between releases is even larger. For
me, a temporary move from Seamonkey to Firefox isn't a huge thing,
but having to relocate my mail to Thunderbird is more painful, as I
still do nearly everything through POP.


Thunderbird handles POP just fine. You can run SeaMonkey and Thunderbird
side-by-side to check/test, Just load up Thunderbird

I am using a Tinderbox build of SM 2.47 quite happily.  It works for me 
pretty well.  It is also dated Dec 2, so hopefully has a patched Firefox 
core in it.  Also, some of the bugs that were present in 2.40 are gone.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Richmond

Maybe it would help to set image.animation_mode = none ? I can't find
anything which says one way or another.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Mason83

On 03/12/2016 10:10, Ant wrote:

> Is it confirmed that v2.40 will get a patch?

Also, I suppose even SM 2.47 is vulnerable?
Or was that the reason for the Dec 1 update, Adrian?

Regards.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-03 Thread Ant


On 12/2/2016 6:15 PM, NoOp wrote:

On 12/2/2016 2:30 PM, NFN Smith wrote:

I'm watching discussions relating to the SVG exploit, and am a little
  confused about what steps I should take.

I'm one of the users that has stayed with 2.40, and for the most
part, I'm content to wait until a new release comes through the
normal update channel, although I am concerned about the number of
security fixes accumulating, that have been applied to Firefox and
Thunderbird.

Right now, the primary question would is whether there will be an
update to 2.40 to address the SVG exploit, or if it's going to take
moving to one of the later builds, to get that.

I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
  and I hope he's able to get a breakthrough soon. (Personally, I'm OK
  with dropping both Chatzilla and DOM). But it appears that nothing
is going to be coming down the official pipeline for a while.

Assuming that, what are the options?

- Stay with 2.40, and hope that most of the risk can be offset by use
of NoScript, as suggested by Frank-Rainer Grahl? I already run
NoScript, so I'm used to how that behaves.


Turn off javascript and leave it off until 2.40 is patched. Better yet,
turn off 2.40 until 2.40 is patched.


Is it confirmed that v2.40 will get a patch?
--
"We ants are runnin' the show! We're the lords of the earth!" --ANTZ
Note: A fixed width font (Courier, Monospace, etc.) is required to see 
this signature correctly.

   /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
  / /\ /\ \Ant's Quality Foraged Links: http://aqfl.net
 | |o   o| |
\ _ /If crediting, then use Ant nickname and AQFL URL/link.
 ( )   Axe ANT from its address if e-mailing privately.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

2016-12-02 Thread NoOp

On 12/2/2016 2:30 PM, NFN Smith wrote:
> I'm watching discussions relating to the SVG exploit, and am a little
>  confused about what steps I should take.
> 
> I'm one of the users that has stayed with 2.40, and for the most
> part, I'm content to wait until a new release comes through the
> normal update channel, although I am concerned about the number of
> security fixes accumulating, that have been applied to Firefox and
> Thunderbird.
> 
> Right now, the primary question would is whether there will be an
> update to 2.40 to address the SVG exploit, or if it's going to take
> moving to one of the later builds, to get that.
> 
> I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
>  and I hope he's able to get a breakthrough soon. (Personally, I'm OK
>  with dropping both Chatzilla and DOM). But it appears that nothing
> is going to be coming down the official pipeline for a while.
> 
> Assuming that, what are the options?
> 
> - Stay with 2.40, and hope that most of the risk can be offset by use
> of NoScript, as suggested by Frank-Rainer Grahl? I already run
> NoScript, so I'm used to how that behaves.

Turn off javascript and leave it off until 2.40 is patched. Better yet,
turn off 2.40 until 2.40 is patched.

> 
> - Use one of Adrian Kalla's unofficial builds? If so, which build,
> and what potential problems are there?

Yes, 2.47

- latest-comm-release- 
> - Something else?
> 
> 
> Our organization uses mostly Firefox and Thunderbird, as preferred 
> clients. (I'm actually one of only a couple that use Seamonkey). 

I HIGHLY recommend removing 2.40 from ALL work networks.
https://blog.mozilla.org/security/category/security/
https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey/
o now compare to everything fixed in Firefox and Thunderbird since 2.40
was released:




We
> have a fairly aggressive policy stance about requiring our users to
> apply security updates promptly. I know that the last time there was
> a break in Seamonkey development, one of our admins was questioning
> me about whether Seamonkey is still supported -- at that time, I was
> running the most current version, but it was already behind Firefox
> development, and the current gap between releases is even larger. For
> me, a temporary move from Seamonkey to Firefox isn't a huge thing,
> but having to relocate my mail to Thunderbird is more painful, as I
> still do nearly everything through POP.

Thunderbird handles POP just fine. You can run SeaMonkey and Thunderbird
side-by-side to check/test, Just load up Thunderbird

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-11-06 Thread grayman2000

On Wednesday, October 19, 2016 at 12:03:46 AM UTC+10, WaltS48 wrote:

> Remove the check mark for "Advertise Firefox compatibility".
> 
> REF: 

Thank you. Worked.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-11-06 Thread rkobee

On Sunday, October 16, 2016 at 8:01:47 PM UTC-4, Cruz, Jaime wrote:
> Just started seeing a message when I go to the GMail website: This 
> version of Firefox is no longer supported, please upgrade your browser.
> 
> Not sure when this started happening though.
> 
> -- 
> Jaime A. Cruz
> President
> Nassau Wings Motorcycle Club
> http://www.nassauwings.org/
> 
> AMA District 34
> http://www.AMADistrict34.com/
> Freddy's Run
> http://www.freddysrun.org/

I get the same error message and use the web log, gmail, to read my email.  Why 
should I move it into an IMAP or POP server (SeaMonkey) to read my mail.

It would be great if the next version of SeaMonkey address this error.

Robert Kobee
rko...@gmail.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-26 Thread Ray Davison


Cruz, Jaime wrote:

Just started seeing a message when I go to the GMail website: This
version of Firefox is no longer supported, please upgrade your browser.

Not sure when this started happening though.

I had not been to the Gmail site for a while - I POP Gmail to SM.  I 
just went to Gmail, got the same "no longer supported" line, but 
everything seems to still work.  And there were a couple non-SPAM 
messages in the SPAM folder.


I just created a filter on the Gmail site that finds any message with @ 
in the address, and does not send it to SPAM.  So we shall see.


Ray


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-25 Thread cyberzen


Le 19/10/2016 21:09, NFN Smith a écrit :

Personally, I prefer using POP for my primary usage, and where I keep my
stores of mail going back nearly 20 years.


It is possible to move some messages from an IMAP hierarchy of folders 
to the equivalent hierarchy in the local folders space,

you just have to do it one folder at a time,
you may have whatever time of history (and accounts)
those local folders can synchronized between several machines

So I don't think it is a good reason to stay in POP


--
cyberzen
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-21 Thread Frank-Rainer Grahl


seemonkey wrote:

But it would close the vulnerability in nss. If one would release a seamonkey 
let's say 2.40.1 only with the change of nss 3.21.1 the result would be the 
same as i described. I didn't mention any bug in the base product. The whole 
topic was started with nss and not bugs/sec vuln. in seamonkey.

So keeping SM 2.40 official release without replacing the nss is the worst one 
can do at the moment. If you trust an unofficial build (2.46) then install it. 
Or copy the dlls as i described.


The worst thing you could do is assume you are covered. It would close 
one vulnerability in nss not all. Current nss is 3.28 beta and 3.26.2 in 
the next Firefox release. I am quite sure there some few security fixes 
in the latest version too. You best protection is still a script and an 
Ad blocker when browsing the web.


A 2.40.1 can not be released because the l10n part of the build system 
is broken. It it weren't so we would have 2.46 already.


Adrians unofficial builds are ok. You can trust them. And if you run 
en-US there are now candidate builds for every platform available too. 
They are not final but this only means that the build process stopped 
with an error when it came to building the l10n versions. Building en-US 
was mostly finished at this stage.


That said ewong is still busy building and I hope we will see the final 
2.46 soon.


FRG
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-20 Thread seemonkey

On Tuesday, October 18, 2016 at 10:10:15 PM UTC+2, Frank-Rainer Grahl wrote:
> I wouldn't start hacking together a version with different binaries. Might 
> work 
> might not. And this won't close any bugs in the base product which could be 
> exploited if you are so concerned about security.
> 
> Better check if the latest en-US candidate 2.46 test builds works for you or 
> use 
> Adrians latest 2.46 build. They are both build from the same sources and 
> updating 
> to the next official build whenever it arrives will be possible just by 
> downloading it. Adrians is gtk3 and the candidate gtk2 for Linux users. 
> Windows 
> VS2015 but Adrians should be a little faster because he used -O2 for 
> compiling.
> 
> If you use a hacked together build do not open bug reports against it.
> 
> There will be no 2.40.x builds. The next one will be 2.46 if the l10n build 
> bug 
> can be fixed in time.
> 
> FRG
> 
> On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote:
> 
> >>Lee wrote on 16/10/2016 17:45:
> >>> On 10/16/16, Ray_Net  wrote:
>  seemonkey wrote on 13/10/2016 08:06:
> > There's at least one security vulnerability that is missing from this 
> > NSS
> > version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >
> > There was a bugfix in NSS
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
> > but unfortunately it seems that this bugfix is not in 3.20.x according 
> > to
> > the developer entries. I didn't check the code yet if the bugfix is 
> > really
> > missing!
> >
> > So my question is why seamonkey uses still this outdated NSS version? It
> > should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
> > also in latest thunderbird /45.4.0/)
> >
> > As a workaround i can copy the nss libraries from firefox esr to 
> > seamonkey
> > until a security release of seamonkey let's say 2.40.1 arrives. I tried
> > this end i can start seamonkey with newer NSS library because they're
> > compatible.
>  "As a workaround i can copy the nss libraries from firefox esr to
>  seamonkey "
> 
>  Could you tell us what we need (in details) to do ?
>  I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
> >>> Upgrade.
> >>>
> >>> The current version of Firefox is 49.0.1
> >>> about:support / Library Versions says the NSS* expected & in use version 
> >>> is 
> 3.25
> >>>
> >>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
> >>> security patches.  Upgrading requires that you download & install a
> >>> new version of SM instead of waiting for it to upgrade automatically.
> >>> **where** to download the new version from is a bit of a question tho
> >>> :(   I'm guessing the safest bet is
> >>> 
> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-com
> m-release-windows32/
> >>> if only because akalla had to pick _this_ particular build to make
> >>> available for downloading.  SeaMonkey 2.46 has the same 3.25
> >>> about:support / Library Versions for NSS* as FF.
> >>>
> >>> Regards,
> >>> Lee
> >>You don't understand.
> >>- I hate to install a not released SM.
> >>- I stay with FireFox 46.0.1 because I am able with it to do "View 
> >>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
> >>do it.
> >>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
> >>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
> >>use nss from this version to put into SM because it should be > 3.21.1.
> >>So the question is still open:
> >>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?
> 
> 
>  Regards
>  Frank-Rainer Grahl

But it would close the vulnerability in nss. If one would release a seamonkey 
let's say 2.40.1 only with the change of nss 3.21.1 the result would be the 
same as i described. I didn't mention any bug in the base product. The whole 
topic was started with nss and not bugs/sec vuln. in seamonkey.

So keeping SM 2.40 official release without replacing the nss is the worst one 
can do at the moment. If you trust an unofficial build (2.46) then install it. 
Or copy the dlls as i described.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-19 Thread NFN Smith


Ed Mullen wrote:

On 10/19/2016 at 12:05 PM, Cruz, Jaime's prodigious digits fired off:

sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


Because that's the only way to check the Spam folder.



Nope.  My IMAP accounts have the spam folder in SeaMonkey mail and
Thunderbird.  I check and if there is a message that isn't spam then I
do jump into the Webmail interface to mark it not spam.



For seeing the contents of a server spam folder, IMAP works fine. 
However, if the server uses user-tuneable spam filtering (such as 
SpamAssassin), you can only adjust the tuning by interacting through a 
web client.


In my limited experience with client-level spam filtering, both 
Seamonkey and Thunderbird can be tuned and be set to deposit likely spam 
into the server's spam folder, but that's post-delivery handling that's 
done through the client, and won't affect the server's filtering.


With POP, part of the definition is that the client sees *only* the 
server's inbox, and if there are server-based processes that direct 
inbound mail to other folders (wither junk filters, or user-defined 
rules) then those messages will never be seen by a POP client. The only 
way to see them would be either through an IMAP client, or webmail 
(which is technically IMAP).


Depending on what you're doing, there's ways of using both POP and IMAP 
simultaneously.


Personally, I prefer using POP for my primary usage, and where I keep my 
stores of mail going back nearly 20 years. However, I make use of a lot 
of clients (on a variety of machines), and so I set my normal POP client 
to retain messages for 15 days. That allows me to see recent updates 
from IMAP configurations on secondary machines/clients, without 
disturbing POP. And in clients where I'm likely to compose mail, I 
adjust the configs so that copies of composed messages are saved in the 
Inbox (rather than the Sent folder), which allows me to have copies when 
I next connect with my normal POP client.


Back in the era of dialup connections, I found that if I had a large 
inbound message that took too long to download (and impeded delivery of 
other smaller messages that were further down in the inbox), it was 
useful to make a webmail connection to the server, move the offending 
large message to a folder, and then resume the POP connection. At a time 
that it was convenient to get the large message, then I'd go back and 
move that back into the Inbox.


Smith

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-19 Thread Jonathan N. Little

Ed Mullen wrote:
> On 10/19/2016 at 12:05 PM, Cruz, Jaime's prodigious digits fired off:
>> sean.nat...@invalid.knights.nee wrote:
>>
>>> just a question, why bother "logging in" to their websites at all, when
>>> Seamonkey will download via pop or imap?
>>>
>>> i mean, i have 12 e'mail addresses all being downloaded via imap just so
>>> i never have to spend time logging into webmail pages.
>>
>> Because that's the only way to check the Spam folder.
>>
> 
> Nope.  My IMAP accounts have the spam folder in SeaMonkey mail and
> Thunderbird.  I check and if there is a message that isn't spam then I
> do jump into the Webmail interface to mark it not spam.
> 

The problem is if you are using POP. Gmail will put it in spam folder on
the server and you will never see it in SeaMonkey. I was bit by that
long ago, but fixed it by making a filter to essentially disable Gmail's
spam filter so I could get all mail and filter with SeaMonkey's spam filter.


-- 
Take care,

Jonathan
---
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-19 Thread Ed Mullen


On 10/19/2016 at 12:05 PM, Cruz, Jaime's prodigious digits fired off:

sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


Because that's the only way to check the Spam folder.



Nope.  My IMAP accounts have the spam folder in SeaMonkey mail and 
Thunderbird.  I check and if there is a message that isn't spam then I 
do jump into the Webmail interface to mark it not spam.


--
Ed Mullen
http://edmullen.net/
"Those people who think they know everything are a great annoyance to 
those of us who do." - Isaac Asimov

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-19 Thread WaltS48


On 10/19/2016 12:05 PM, Cruz, Jaime wrote:

sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


Because that's the only way to check the Spam folder.

Well, if it's an IMAP account you shouldn't need to, but I do have to do 
it occasionally for my POP account.


I've found some interesting emails that Verizon thought was Spam.


--
Visit Pittsburgh 
Coexist 
National Popular Vote 
Ubuntu 16.04LTS

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-19 Thread Cruz, Jaime


sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


Because that's the only way to check the Spam folder.

--
Jaime A. Cruz
President
Nassau Wings Motorcycle Club
http://www.nassauwings.org/

AMA District 34
http://www.AMADistrict34.com/
Freddy's Run
http://www.freddysrun.org/
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-19 Thread Ray_Net


Frank-Rainer Grahl wrote on 18/10/2016 22:03:

I wouldn't start hacking together a version with different binaries. Might work
might not. And this won't close any bugs in the base product which could be
exploited if you are so concerned about security.


Ok, I will stay with my official SM 2.40 without introducing some 
possible problem.

Thanks for all answering.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-18 Thread Frank-Rainer Grahl

I wouldn't start hacking together a version with different binaries. Might work 
might not. And this won't close any bugs in the base product which could be 
exploited if you are so concerned about security.

Better check if the latest en-US candidate 2.46 test builds works for you or 
use 
Adrians latest 2.46 build. They are both build from the same sources and 
updating 
to the next official build whenever it arrives will be possible just by 
downloading it. Adrians is gtk3 and the candidate gtk2 for Linux users. Windows 
VS2015 but Adrians should be a little faster because he used -O2 for compiling.

If you use a hacked together build do not open bug reports against it.

There will be no 2.40.x builds. The next one will be 2.46 if the l10n build bug 
can be fixed in time.

FRG

On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote:

>>Lee wrote on 16/10/2016 17:45:
>>> On 10/16/16, Ray_Net  wrote:
 seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
> There's at least one security vulnerability that is missing from this NSS
> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>
> There was a bugfix in NSS
> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
> but unfortunately it seems that this bugfix is not in 3.20.x according to
> the developer entries. I didn't check the code yet if the bugfix is really
> missing!
>
> So my question is why seamonkey uses still this outdated NSS version? It
> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
> also in latest thunderbird /45.4.0/)
>
> As a workaround i can copy the nss libraries from firefox esr to seamonkey
> until a security release of seamonkey let's say 2.40.1 arrives. I tried
> this end i can start seamonkey with newer NSS library because they're
> compatible.
 "As a workaround i can copy the nss libraries from firefox esr to
 seamonkey "

 Could you tell us what we need (in details) to do ?
 I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
>>> Upgrade.
>>>
>>> The current version of Firefox is 49.0.1
>>> about:support / Library Versions says the NSS* expected & in use version is 
3.25
>>>
>>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
>>> security patches.  Upgrading requires that you download & install a
>>> new version of SM instead of waiting for it to upgrade automatically.
>>> **where** to download the new version from is a bit of a question tho
>>> :(   I'm guessing the safest bet is
>>> 
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-com
m-release-windows32/
>>> if only because akalla had to pick _this_ particular build to make
>>> available for downloading.  SeaMonkey 2.46 has the same 3.25
>>> about:support / Library Versions for NSS* as FF.
>>>
>>> Regards,
>>> Lee
>>You don't understand.
>>- I hate to install a not released SM.
>>- I stay with FireFox 46.0.1 because I am able with it to do "View 
>>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
>>do it.
>>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
>>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
>>use nss from this version to put into SM because it should be > 3.21.1.
>>So the question is still open:
>>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?


 Regards
 Frank-Rainer Grahl


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-18 Thread WaltS48


On 10/16/2016 08:01 PM, Cruz, Jaime wrote:
Just started seeing a message when I go to the GMail website: This 
version of Firefox is no longer supported, please upgrade your browser.


Not sure when this started happening though.




Remove the check mark for "Advertise Firefox compatibility".

REF: 

--
Visit Pittsburgh 
Coexist 
National Popular Vote 
Ubuntu 16.04LTS
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread sean . nathan


NFN Smith wrote:

sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


A good question

For the most part, I detest using webmail clients, and have a strong
preference for POP or IMAP.  However, I also maintain accounts with a
number of free providers, either for testing purposes, or thow-away
activity, where I generally don't care about what's delivered there. For
those kinds of accounts I really don't want to bother with setting up
POP or IMAP access, because it's rare that I want to check them, and I
don't want the distraction of having them available.

That said, I found that I make enough use of a Yahoo account that I did
set up IMAP access for that, and I check about once a day.  I use that
one just frequently enough that it's nice to not have to go through
Yahoo's login processes, although they have complained about an
inadequately secure setup, because I don't go through 2-factor
authentication.

For the mailboxes that I live in, I still prefer POP to IMAP, because it
fits my specific work flows.  However, one negative to POP is that if
there's a server-level spam folder, I have to make occasional web
checks, to inspect, to make sure that there isn't anything legitimate
that has turned up there (as well as adjusting server junk/not junk
designations).

Smith



Appreciate that response. I have always used pop access in the past, but 
have become irritated that the cox/gmail/live/or whatever servers don't 
delete their copies of the mail after I move or delete them, so I've 
been setting them all up in imap, for greater deletion control.


I generally despise the duplicative imap folders especially for gmail... 
inbox/all mail/imporant gives me 3 copies of everything incoming... 
gaaa


I gave up on yahoo as they previously made free pop access in the US 
difficult. If that has changed I may need to add those accounts back to 
Seamonkey again.


sean
--
phillip chee & tagzilla


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-17 Thread seemonkey12345

On Sunday, October 16, 2016 at 9:59:26 PM UTC+2, Ray_Net wrote:
> Lee wrote on 16/10/2016 17:45:
> > On 10/16/16, Ray_Net wrote:
> >> seemonkey wrote on 13/10/2016 08:06:
> >>> There's at least one security vulnerability that is missing from this NSS
> >>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >>>
> >>> There was a bugfix in NSS
> >>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
> >>> but unfortunately it seems that this bugfix is not in 3.20.x according to
> >>> the developer entries. I didn't check the code yet if the bugfix is really
> >>> missing!
> >>>
> >>> So my question is why seamonkey uses still this outdated NSS version? It
> >>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
> >>> also in latest thunderbird /45.4.0/)
> >>>
> >>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
> >>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
> >>> this end i can start seamonkey with newer NSS library because they're
> >>> compatible.
> >> "As a workaround i can copy the nss libraries from firefox esr to
> >> seamonkey "
> >>
> >> Could you tell us what we need (in details) to do ?
> >> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
> > Upgrade.
> >
> > The current version of Firefox is 49.0.1
> > about:support / Library Versions says the NSS* expected & in use version is 
> > 3.25
> >
> > The 'current' version of SeaMonkey is 2.40 and is missing a lot of
> > security patches.  Upgrading requires that you download & install a
> > new version of SM instead of waiting for it to upgrade automatically.
> > **where** to download the new version from is a bit of a question tho
> > :(   I'm guessing the safest bet is
> > https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
> > if only because akalla had to pick _this_ particular build to make
> > available for downloading.  SeaMonkey 2.46 has the same 3.25
> > about:support / Library Versions for NSS* as FF.
> >
> > Regards,
> > Lee
> You don't understand.
> - I hate to install a not released SM.
> - I stay with FireFox 46.0.1 because I am able with it to do "View 
> Selection Source" using my version of Firefox, because my SM 2.40 cannot 
> do it.
> - He said " It should use at least 3.21.1 (that is in latest firefox esr 
> /45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
> use nss from this version to put into SM because it should be > 3.21.1.
> So the question is still open:
> How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?

I understand you.
In detail you must do the following. Copy these files from firefox into 
seamonkey overwriting the existing files (you have *.dll instead of *.so):
libfreebl3.chk
libfreebl3.so
libnspr4.so
libnss3.so
libnssckbi.so
libnssdbm3.chk
libnssdbm3.so
libnssutil3.so
libplc4.so
libplds4.so
libsmime3.so
libsoftokn3.chk
libsoftokn3.so
libssl3.so
I did it on linux, on windows it should be the same, please check it! I hope 
you have chk files too. However i have firefox 45.4.0 (esr) not the 46.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread NFN Smith


sean.nat...@invalid.knights.nee wrote:


just a question, why bother "logging in" to their websites at all, when
Seamonkey will download via pop or imap?

i mean, i have 12 e'mail addresses all being downloaded via imap just so
i never have to spend time logging into webmail pages.


A good question

For the most part, I detest using webmail clients, and have a strong 
preference for POP or IMAP.  However, I also maintain accounts with a 
number of free providers, either for testing purposes, or thow-away 
activity, where I generally don't care about what's delivered there. For 
those kinds of accounts I really don't want to bother with setting up 
POP or IMAP access, because it's rare that I want to check them, and I 
don't want the distraction of having them available.


That said, I found that I make enough use of a Yahoo account that I did 
set up IMAP access for that, and I check about once a day.  I use that 
one just frequently enough that it's nice to not have to go through 
Yahoo's login processes, although they have complained about an 
inadequately secure setup, because I don't go through 2-factor 
authentication.


For the mailboxes that I live in, I still prefer POP to IMAP, because it 
fits my specific work flows.  However, one negative to POP is that if 
there's a server-level spam folder, I have to make occasional web 
checks, to inspect, to make sure that there isn't anything legitimate 
that has turned up there (as well as adjusting server junk/not junk 
designations).


Smith

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-17 Thread TCW

On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net
 wrote:

>Lee wrote on 16/10/2016 17:45:
>> On 10/16/16, Ray_Net  wrote:
>>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
 There's at least one security vulnerability that is missing from this NSS
 version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

 There was a bugfix in NSS
 https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
 but unfortunately it seems that this bugfix is not in 3.20.x according to
 the developer entries. I didn't check the code yet if the bugfix is really
 missing!

 So my question is why seamonkey uses still this outdated NSS version? It
 should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
 also in latest thunderbird /45.4.0/)

 As a workaround i can copy the nss libraries from firefox esr to seamonkey
 until a security release of seamonkey let's say 2.40.1 arrives. I tried
 this end i can start seamonkey with newer NSS library because they're
 compatible.
>>> "As a workaround i can copy the nss libraries from firefox esr to
>>> seamonkey "
>>>
>>> Could you tell us what we need (in details) to do ?
>>> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
>> Upgrade.
>>
>> The current version of Firefox is 49.0.1
>> about:support / Library Versions says the NSS* expected & in use version is 
>> 3.25
>>
>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
>> security patches.  Upgrading requires that you download & install a
>> new version of SM instead of waiting for it to upgrade automatically.
>> **where** to download the new version from is a bit of a question tho
>> :(   I'm guessing the safest bet is
>> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
>> if only because akalla had to pick _this_ particular build to make
>> available for downloading.  SeaMonkey 2.46 has the same 3.25
>> about:support / Library Versions for NSS* as FF.
>>
>> Regards,
>> Lee
>You don't understand.
>- I hate to install a not released SM.
>- I stay with FireFox 46.0.1 because I am able with it to do "View 
>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
>do it.
>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
>use nss from this version to put into SM because it should be > 3.21.1.
>So the question is still open:
>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?

The SM 2.46 builds are being made by Adrian Kalla on a personal
machine and are stable even though not publish on the official Mozilla
site and usual download places. They are build from stable code but
because the build environment has been busted for so long, it's not
working on Mozilla proper. I just updated to the SM 2.47 beta build he
made today and it has NSS 3.26.2. I didn't realize 3.27/3.27.1 went
final until I just looked. So, IMHOO, you have nothing to lose by
trying the stable build Adrian has made. You can always kick the tires
here: http://goo.gl/9R2c0i

Stable, in terms of software, is relative to how many bugs haven't
been found yet.

As for grafting DLLs, back up nss3.dll, nssckbi.dll, nssdbm3.chk,
nssdbm3.dll and mozglue.dll somewhere. Close SM. Copy the NSS DLLs
from Firefox and overwrite the ones in the SM directory. 99% of the
time you won't need mozglue.dll. Start SM. If it complains about
mozglue.dll, close SM and overwrite mozglue.dll. Start SM again. If it
won't start, copy back the backed up DLLs. Hope that helps.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread sean . nathan


NFN Smith wrote:

Cruz, Jaime wrote:

Just started seeing a message when I go to the GMail website: This
version of Firefox is no longer supported, please upgrade your browser.

Not sure when this started happening though.




I'm seeing an uptick in sites complaining about Seamonkey, especially
mail providers.  I haven't checked Gmail recently, but I'm getting flak
from both mail.com and fastmail.

On these two, I just tested a little while ago on a "bare metal" profile
(minimal changes from defaults), and they aren't preventing me from
logging in, even if they're complaining.  However, I have my working
profile tweaked enough that I'm not able to log into either of those
sites, either in Safe Mode, or by using browser spoofing (showing
Firefox 49).

I know that with Seamonkey 2.40, the "advertise Firefox compatibility"
shows Firefox 43.0, and it may be that that's what various sites are
complaining about. I haven't checked, but it wouldn't surprise me that
those sites would be complaining about a connection a true Firefox 43.0
installation.

Smith


just a question, why bother "logging in" to their websites at all, when 
Seamonkey will download via pop or imap?


i mean, i have 12 e'mail addresses all being downloaded via imap just so 
i never have to spend time logging into webmail pages.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread Ed Mullen


On 10/16/2016 at 11:29 PM, myhrd...@gmail.com's prodigious digits fired off:

On Sunday, October 16, 2016 at 7:01:47 PM UTC-5, Cruz, Jaime wrote:

Just started seeing a message when I go to the GMail website: This
version of Firefox is no longer supported, please upgrade your browser.

Not sure when this started happening though.

--
Jaime A. Cruz
President
Nassau Wings Motorcycle Club
http://www.nassauwings.org/

AMA District 34
http://www.AMADistrict34.com/
Freddy's Run
http://www.freddysrun.org/


Yes, it's fairly evident they're not reading the SeaMonkey part of the id but, 
the advertised FireFox compatibility tag.  I'm hoping that there's an update 
coming that catches SeaMonkey up to whatever update FF has had that's causing 
this nuisance bar to appear on us up top in GMail.  If I end up having to apply 
a trick again, it's going to mean making another weekend trip out of town to 
get several folks fixed too since many of my folks using SM are not tech-savvy 
at all. Very frustrating.



Don't make a trip, get Teamviewer:




--
Ed Mullen
http://edmullen.net/
It's not hard to meet expenses, they're everywhere.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread NFN Smith


Cruz, Jaime wrote:

Just started seeing a message when I go to the GMail website: This
version of Firefox is no longer supported, please upgrade your browser.

Not sure when this started happening though.




I'm seeing an uptick in sites complaining about Seamonkey, especially 
mail providers.  I haven't checked Gmail recently, but I'm getting flak 
from both mail.com and fastmail.


On these two, I just tested a little while ago on a "bare metal" profile 
(minimal changes from defaults), and they aren't preventing me from 
logging in, even if they're complaining.  However, I have my working 
profile tweaked enough that I'm not able to log into either of those 
sites, either in Safe Mode, or by using browser spoofing (showing 
Firefox 49).


I know that with Seamonkey 2.40, the "advertise Firefox compatibility" 
shows Firefox 43.0, and it may be that that's what various sites are 
complaining about. I haven't checked, but it wouldn't surprise me that 
those sites would be complaining about a connection a true Firefox 43.0 
installation.


Smith
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-17 Thread Pat Connors


I started getting also.

Just started seeing a message when I go to the GMail website: This 
version of Firefox is no longer supported, please upgrade your browser.



-- Pat Connors http://www.connorsgenealogy.com

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and GMail

2016-10-16 Thread myhrddin

On Sunday, October 16, 2016 at 7:01:47 PM UTC-5, Cruz, Jaime wrote:
> Just started seeing a message when I go to the GMail website: This 
> version of Firefox is no longer supported, please upgrade your browser.
> 
> Not sure when this started happening though.
> 
> -- 
> Jaime A. Cruz
> President
> Nassau Wings Motorcycle Club
> http://www.nassauwings.org/
> 
> AMA District 34
> http://www.AMADistrict34.com/
> Freddy's Run
> http://www.freddysrun.org/

Yes, it's fairly evident they're not reading the SeaMonkey part of the id but, 
the advertised FireFox compatibility tag.  I'm hoping that there's an update 
coming that catches SeaMonkey up to whatever update FF has had that's causing 
this nuisance bar to appear on us up top in GMail.  If I end up having to apply 
a trick again, it's going to mean making another weekend trip out of town to 
get several folks fixed too since many of my folks using SM are not tech-savvy 
at all. Very frustrating.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Ray_Net

Lee wrote on 16/10/2016 17:45:

On 10/16/16, Ray_Net wrote:

seemonkey12...@gmail.com wrote on 13/10/2016 08:06:

There's at least one security vulnerability that is missing from this NSS
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
but unfortunately it seems that this bugfix is not in 3.20.x according to
the developer entries. I didn't check the code yet if the bugfix is really
missing!

So my question is why seamonkey uses still this outdated NSS version? It
should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
also in latest thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey
until a security release of seamonkey let's say 2.40.1 arrives. I tried
this end i can start seamonkey with newer NSS library because they're
compatible.

"As a workaround i can copy the nss libraries from firefox esr to
seamonkey "

Could you tell us what we need (in details) to do ?
I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.

Upgrade.

The current version of Firefox is 49.0.1
about:support / Library Versions says the NSS* expected & in use version is 3.25

The 'current' version of SeaMonkey is 2.40 and is missing a lot of
security patches. Upgrading requires that you download & install a
new version of SM instead of waiting for it to upgrade automatically.
**where** to download the new version from is a bit of a question tho
:( I'm guessing the safest bet is
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
if only because akalla had to pick _this_ particular build to make
available for downloading. SeaMonkey 2.46 has the same 3.25
about:support / Library Versions for NSS* as FF.

Regards,
Lee

You don't understand.
- I hate to install a not released SM.
- I stay with FireFox 46.0.1 because I am able with it to do "View
Selection Source" using my version of Firefox, because my SM 2.40 cannot
do it.
- He said " It should use at least 3.21.1 (that is in latest firefox esr
/45.4.0/" and because my version of Firefox is greater (46.0.1) I can
use nss from this version to put into SM because it should be > 3.21.1.

So the question is still open:
How, in details, can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Lee

On 10/16/16, Ray_Net  wrote:
> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>> There's at least one security vulnerability that is missing from this NSS
>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>>
>> There was a bugfix in NSS
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>> the developer entries. I didn't check the code yet if the bugfix is really
>> missing!
>>
>> So my question is why seamonkey uses still this outdated NSS version? It
>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>> also in latest thunderbird /45.4.0/)
>>
>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>> this end i can start seamonkey with newer NSS library because they're
>> compatible.
>
> "As a workaround i can copy the nss libraries from firefox esr to
> seamonkey "
>
> Could you tell us what we need (in details) to do ?
> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.

Upgrade.

The current version of Firefox is 49.0.1
about:support / Library Versions says the NSS* expected & in use version is 3.25

The 'current' version of SeaMonkey is 2.40 and is missing a lot of
security patches.  Upgrading requires that you download & install a
new version of SM instead of waiting for it to upgrade automatically.
**where** to download the new version from is a bit of a question tho
:(   I'm guessing the safest bet is
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
if only because akalla had to pick _this_ particular build to make
available for downloading.  SeaMonkey 2.46 has the same 3.25
about:support / Library Versions for NSS* as FF.

Regards,
Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Ray_Net


seemonkey12...@gmail.com wrote on 13/10/2016 08:06:

There's at least one security vulnerability that is missing from this NSS 
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
to solve this issue but unfortunately it seems that this bugfix is not in 
3.20.x according to the developer entries. I didn't check the code yet if the 
bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS version? It should 
use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in latest 
thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey 
until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
end i can start seamonkey with newer NSS library because they're compatible.


"As a workaround i can copy the nss libraries from firefox esr to 
seamonkey "


Could you tell us what we need (in details) to do ?
I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-15 Thread Edward


WaltS48 wrote:

On 10/14/2016 08:49 PM, Edward wrote:

TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:


There's at least one security vulnerability that is missing from
this NSS version:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this
issue but unfortunately it seems that this bugfix is not in 3.20.x
according to the developer entries. I didn't check the code yet if
the bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS
version? It should use at least 3.21.1 (that is in latest firefox
esr /45.4.0/ and also in latest thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to
seamonkey until a security release of seamonkey let's say 2.40.1
arrives. I tried this end i can start seamonkey with newer NSS
library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss
package that is included with the Linux distribution being used? The
currently installed version here is 3.23.0-1 (Fedora 24).

Thanks in advance.



Users can enter about:support in the address bar and scroll down to the
Library Versions section of the Troubleshooting Information page to see
what their version of SeaMonkey, Firefox or Thunderbird is using.

If you prefer Help > Troubleshooting Information also gets you there.


Thanks for that tip.

It looks like nss was just updated. That screen shows the Expected 
Minimum Version as 3.25, with 3.27 as the Version in use.



___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-15 Thread WaltS48


On 10/14/2016 08:49 PM, Edward wrote:

TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:

There's at least one security vulnerability that is missing from this 
NSS version: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950


There was a bugfix in NSS 
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this 
issue but unfortunately it seems that this bugfix is not in 3.20.x 
according to the developer entries. I didn't check the code yet if 
the bugfix is really missing!


So my question is why seamonkey uses still this outdated NSS version? 
It should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ 
and also in latest thunderbird /45.4.0/)


As a workaround i can copy the nss libraries from firefox esr to 
seamonkey until a security release of seamonkey let's say 2.40.1 
arrives. I tried this end i can start seamonkey with newer NSS 
library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss package 
that is included with the Linux distribution being used? The currently 
installed version here is 3.23.0-1 (Fedora 24).


Thanks in advance.



Users can enter about:support in the address bar and scroll down to the 
Library Versions section of the Troubleshooting Information page to see 
what their version of SeaMonkey, Firefox or Thunderbird is using.


If you prefer Help > Troubleshooting Information also gets you there.

--
Visit Pittsburgh 
Coexist 
Ubuntu 16.04LTS
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread seemonkey

On Saturday, October 15, 2016 at 2:49:48 AM UTC+2, Edward wrote:
> TCW wrote:
> > On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey
> > wrote:
> >
> >> There's at least one security vulnerability that is missing from this NSS 
> >> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >>
> >> There was a bugfix in NSS 
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue 
> >> but unfortunately it seems that this bugfix is not in 3.20.x according to 
> >> the developer entries. I didn't check the code yet if the bugfix is really 
> >> missing!
> >>
> >> So my question is why seamonkey uses still this outdated NSS version? It 
> >> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and 
> >> also in latest thunderbird /45.4.0/)
> >>
> >> As a workaround i can copy the nss libraries from firefox esr to seamonkey 
> >> until a security release of seamonkey let's say 2.40.1 arrives. I tried 
> >> this end i can start seamonkey with newer NSS library because they're 
> >> compatible.
> >
> > You can graft the NSS dlls, sure. I have done that in the past with
> > success. But, there is a build of 2.46 that's stable enough to use if
> > you want to test.
> 
> Just curious... Does the Linux version of SeaMonkey use the nss package 
> that is included with the Linux distribution being used? The currently 
> installed version here is 3.23.0-1 (Fedora 24).
> 
> Thanks in advance.

No, seamonkey/firefox/thunderbird look for their .so ONLY in their own 
directory ignoring to search in /usr/lib. That why it is not enough to install 
a separate nss package but one need to place symbolic links into each mozilla 
product.
You can check with strace which .so is loaded on startup of seamonkey. If the 
one from nss lib 3.23.0-1 then you are lucky and don't have to do anything.

I just wanted to point out that we immediately need a seemonkey update.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread seemonkey12345

On Thursday, October 13, 2016 at 3:10:42 PM UTC+2, TCW wrote:
> On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey
> 
> >There's at least one security vulnerability that is missing from this NSS 
> >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >
> >There was a bugfix in NSS 
> >https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue but 
> >unfortunately it seems that this bugfix is not in 3.20.x according to the 
> >developer entries. I didn't check the code yet if the bugfix is really 
> >missing!
> >
> >So my question is why seamonkey uses still this outdated NSS version? It 
> >should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also 
> >in latest thunderbird /45.4.0/)
> >
> >As a workaround i can copy the nss libraries from firefox esr to seamonkey 
> >until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
> >end i can start seamonkey with newer NSS library because they're compatible.
> 
> You can graft the NSS dlls, sure. I have done that in the past with
> success. But, there is a build of 2.46 that's stable enough to use if
> you want to test.

I tried with firefox's/thunderbirds 3.21.1 and it works. I trust this version 
of nss (at the moment)
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread Edward


TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:


There's at least one security vulnerability that is missing from this NSS 
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
to solve this issue but unfortunately it seems that this bugfix is not in 
3.20.x according to the developer entries. I didn't check the code yet if the 
bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS version? It should 
use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in latest 
thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey 
until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
end i can start seamonkey with newer NSS library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss package 
that is included with the Linux distribution being used? The currently 
installed version here is 3.23.0-1 (Fedora 24).


Thanks in advance.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-13 Thread TCW

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:

>There's at least one security vulnerability that is missing from this NSS 
>version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>
>There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
>to solve this issue but unfortunately it seems that this bugfix is not in 
>3.20.x according to the developer entries. I didn't check the code yet if the 
>bugfix is really missing!
>
>So my question is why seamonkey uses still this outdated NSS version? It 
>should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in 
>latest thunderbird /45.4.0/)
>
>As a workaround i can copy the nss libraries from firefox esr to seamonkey 
>until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
>end i can start seamonkey with newer NSS library because they're compatible.

You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 problems with www.fark.com

2016-05-18 Thread Paul B. Gallagher


louis.a.r...@gmail.com wrote:


When I click on links at fark it automatically takes me to a link in
a new browser window.


This is by design. Their links contain the code
target="_blank"
which tells the browser to open a new window.


When I am done reading that page and close it, and click back in the
window open on the fark site very often the location I am at in that
page has somehow changed. Often I am taken to the bottom of the page
but sometimes it seems random. The problem doesn't seem to occur
every time.


What exactly does "click back" mean? When I close the second window, the 
main window reappears exactly as I left it. I don't need to click the 
"back" button (is that what you mean?) because clicking the link to open 
a new window doesn't count as navigating "forward." It's more like 
taking both forks in a road; if you close one fork, the other is still 
there.



This reminds me of a similar problem that I had with wikipedia a
while back with clicking on pictures and then the back button. When I
did that it would almost always return me to the top of the wikipedia
page no matter where on the page the picture had been. But I think
this was a few versions back.


That could happen if you navigate within a page by clicking a link. If 
you look at the URL, you'll see something with a pound sign indicating 
that you've followed a link to a bookmark within the page. For example, 
if you go to , scroll down to 
the table of contents and click "History," it takes you to 
. That counts as a 
different URL, and the browser counts it as navigating "forward." If you 
then click the "back" button, it will return you to 
.


My user agent is the same as yours:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 
SeaMonkey/2.40


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released

2016-03-20 Thread Gabriel


Adrian Kalla wrote on 19/03/16 06:40:

W dniu 03/17/2016 o 08:09 PM, Gabriel pisze:

I already have this release:
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0)
Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
Build identifier: 20160120191716

Do I need to download the current full installer, or is it the same
version?


Yes, you do, as your build is from January, not March...



Thank you.

Is it normal that the "check for updates" doesn't compare the builds?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-20 Thread WaltS48


On 03/16/2016 08:38 PM, Desiree wrote:

On 3/16/2016 8:43 AM, Ant wrote:

On 3/14/2016 8:42 PM, Edmund Wong wrote:

Ant wrote:

On 3/14/2016 9:28 AM, Paul Bergsagel wrote:
...

BTW IMPORTANT->the Check for updates menu items is broken on the Mac
claiming there is no new update.

Please go here to find the update
http://www.seamonkey-project.org/releases/


No updates found in my very old, updated Windows XP Pro SP3 machine 
too!

What's up?


Hmmm.  Just what I kinda feared.  I must've done something
wrong with the partials or update placement. :(


Any updates? :)

Yes, approximately how much longer before internal updates are 
available?  (Windows 8.0 Pro).


Love how everybody was fine using version 2.39 while the developers 
worked out the problems, thanked them for their work, told them to take 
their time, and now it's where is the update. :)


--
Linux Mint 17.3
It's March! Go Buffalo, Pitt, WVU and Gonzaga!
Visit Pittsburgh 
Coexist · Understanding Across Divides 
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-20 Thread Desiree


On 3/16/2016 8:43 AM, Ant wrote:

On 3/14/2016 8:42 PM, Edmund Wong wrote:

Ant wrote:

On 3/14/2016 9:28 AM, Paul Bergsagel wrote:
...

BTW IMPORTANT->the Check for updates menu items is broken on the Mac
claiming there is no new update.

Please go here to find the update
http://www.seamonkey-project.org/releases/


No updates found in my very old, updated Windows XP Pro SP3 machine too!
What's up?


Hmmm.  Just what I kinda feared.  I must've done something
wrong with the partials or update placement. :(


Any updates? :)

Yes, approximately how much longer before internal updates are 
available?  (Windows 8.0 Pro).

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-20 Thread Ant


On 3/14/2016 8:42 PM, Edmund Wong wrote:

Ant wrote:

On 3/14/2016 9:28 AM, Paul Bergsagel wrote:
...

BTW IMPORTANT->the Check for updates menu items is broken on the Mac
claiming there is no new update.

Please go here to find the update
http://www.seamonkey-project.org/releases/


No updates found in my very old, updated Windows XP Pro SP3 machine too!
What's up?


Hmmm.  Just what I kinda feared.  I must've done something
wrong with the partials or update placement. :(


Any updates? :)
--
"For example, the tiny ant, a creature of great industry, drags with its 
mouth whatever it can, and adds it to the heap which she is piling up, 
not unaware nor careless of the future." --Horace, Satires, Book I, I, 33.
Note: A fixed width font (Courier, Monospace, etc.) is required to see 
this signature correctly.

   /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
  / /\ /\ \Ant's Quality Foraged Links: http://aqfl.net
 | |o   o| |
\ _ /If crediting, then use Ant nickname and AQFL URL/link.
 ( )  Chop ANT from its address if e-mailing privately.
Ant is currently not listening to any songs on this computer.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-20 Thread Bob Fleischer


Jonathan N. Little wrote:

Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:

My wife uses SeaMonkey on a MacBook (running 10.6).

Somehow, it got into a state where browser windows fill the whole screen
and have no menu bar, and thus are essentially uncontrollable (except
for keyboard shortcuts). I don't even see how to change the browser
window settings that are accessed via the menu.

So how do I recover?

(Yes, I assume I could go to the trouble and create a new profile.  I
created a test profile, and it works OK.)



F11 fullscreen mode?



On my wife's Mac, at least, F11 just seems to push the browser window
behind the desktop (somewhat bizarrely), so I have access to the Finder
menu bar and dock.  It doesn't restore the browser window to normal.


Pardon my Mac-ingorance but it sounds like you have your application window
scaled larger than your desktop resolution. In Linux you can ALT+Left-click
drag to grab a windows anywhere, not just the non-visible title bar, and
move the window off screen enough to grab a corner or edge to resize it.
Does Mac have something similar? In Windows you have to right-click the
taskbar and click Cascade Windows to fix such a situation.

Yes, that's what it looks like.  I'd know what do to (analogous to what you 
would do) on Windows.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-19 Thread Bob Fleischer


Jonathan N. Little wrote:

Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:

My wife uses SeaMonkey on a MacBook (running 10.6).

Somehow, it got into a state where browser windows fill the whole screen
and have no menu bar, and thus are essentially uncontrollable (except
for keyboard shortcuts). I don't even see how to change the browser
window settings that are accessed via the menu.

So how do I recover?

(Yes, I assume I could go to the trouble and create a new profile.  I
created a test profile, and it works OK.)



F11 fullscreen mode?



On my wife's Mac, at least, F11 just seems to push the browser window
behind the desktop (somewhat bizarrely), so I have access to the Finder
menu bar and dock.  It doesn't restore the browser window to normal.


Pardon my Mac-ingorance but it sounds like you have your application window
scaled larger than your desktop resolution. In Linux you can ALT+Left-click
drag to grab a windows anywhere, not just the non-visible title bar, and
move the window off screen enough to grab a corner or edge to resize it.
Does Mac have something similar? In Windows you have to right-click the
taskbar and click Cascade Windows to fix such a situation.

After trying a number of ways to reduce the size of a too-large window, I've 
come to the conclusion that the best description of the situation is "full 
screen without menu bar".  The window isn't too large for the screen, it is 
fitted to it exactly.  How do I get the menu bar back?

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released


Thee Chicago Wolf (MVP) wrote:

On Mon, 14 Mar 2016 23:48:55 +0800, Edmund Wong 
wrote:


Greetings,

After so long a delay, for which we apologize, the SeaMonkey
Project is pleased to announce the release of SeaMonkey 2.40!

So please check out [1] or [2].

Please note that the website information, while updated for
2.40, still requires a bit more work.

We cannot repeat this enough.  Thank you everyone for your
patience with us.  This very long delay due to infrastructure
and resource issues has been very trying on a lot of people.

It has been a very tough release.  I think it's the
toughest one I've done.  However, this isn't to say that
I did this alone.  Kudos go to a lot of people, particularly
the guys/gals in Mozilla's IT and RelEng dept.

I particularly want to thank Nick Thomas for his sheer
brilliant idea that helped me unhork the partial mar upload
script as well as pointing out the necessary changes
to migrate off FTP to S3.

Thanks to Jens Hatlak for taking the time to do the Website
patch. (Really, sorry for the delay.)

Also, thanks to Justin Wood for giving me this opportunity
to work out the problems myself.  If you all take a look
at bug 1233615,  I think I rivaled the mess I did with
the GTK bug (conveniently forgotten the # :P ).  The
repo changes I made...  oh boy.  Only time will heal
the mess^H^H^H^H wounds. ;P

Anyway, most of all, thanks to all the users out there
for hanging on to this project.  The words of encouragement
(especially during the broken-hand period) definitely gave
me a boost of energy.

Oh.  Before I forget and in the light of being transparent,
there is a chance I might have goofed something up, especially
during the 2.39 Win32 builds as well as the 2.40 builds and
also the partial mar and complete mar updates.  I hope I
didn't screw things up too much, if at all (here's hoping).
Please do post here on your findings.


Anyway, thanks again.


Links:
[1] - http://www.seamonkey-project.org/releases/2.40
[2] - http://www.seamonkey-project.org/releases/seamonkey2.40/


\m/ \m/

Is there nobody else who has noticed a bug with "File Bookmark" with SM 
for Mac?  I had to change the vertical size of the dialog box in 
userChrome.css to make it long enough to display the list of folders 
when one pulls that down, since it will not change size.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

O.T. Re: SeaMonkey 2.40 released


On 17/03/2016 10:59 PM, Cruz, Jaime wrote:

Had a pleasant surprise this morning when I ran the Ubuntu Software
Updater and discovered Seamonkey 2.40 was available for download from
the Ubuntuzilla PPA.  Good stuff!


Hmm! When I first read that, I read "Had a UNpleasant surprise this 
morning "


--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 
Firefox/42.0 SeaMonkey/2.39 Build identifier: 20151028234211

or
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 
SeaMonkey/2.38 Build identifier: 20150903203501

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-19 Thread Isaac Schemm


Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:

My wife uses SeaMonkey on a MacBook (running 10.6).

Somehow, it got into a state where browser windows fill the whole
screen
and have no menu bar, and thus are essentially uncontrollable (except
for keyboard shortcuts). I don't even see how to change the browser
window settings that are accessed via the menu.

So how do I recover?

(Yes, I assume I could go to the trouble and create a new profile.  I
created a test profile, and it works OK.)



F11 fullscreen mode?



On my wife's Mac, at least, F11 just seems to push the browser window
behind the desktop (somewhat bizarrely), so I have access to the Finder
menu bar and dock.  It doesn't restore the browser window to normal.


Pardon my Mac-ingorance but it sounds like you have your application
window
scaled larger than your desktop resolution. In Linux you can
ALT+Left-click
drag to grab a windows anywhere, not just the non-visible title bar, and
move the window off screen enough to grab a corner or edge to resize it.
Does Mac have something similar? In Windows you have to right-click the
taskbar and click Cascade Windows to fix such a situation.


After trying a number of ways to reduce the size of a too-large window,
I've come to the conclusion that the best description of the situation
is "full screen without menu bar".  The window isn't too large for the
screen, it is fitted to it exactly.  How do I get the menu bar back?
Do you see the menu bar when you move the mouse to the top of the 
screen? Newer versions of OS X hide the menu bar when you maximize a 
window, until you move your mouse up to the top.

If this is the case, you can make it visible by un-maximizing the window.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released


On 18/03/2016 6:09 AM, Gabriel wrote:

Edmund Wong wrote on 14/03/16 16:48:

Greetings,

After so long a delay, for which we apologize, the SeaMonkey
Project is pleased to announce the release of SeaMonkey 2.40!

So please check out [1] or [2].

Please note that the website information, while updated for
2.40, still requires a bit more work.


[cut]


Hi,

I already have this release:
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0)
Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
Build identifier: 20160120191716

Do I need to download the current full installer, or is it the same
version?

TIA :-)


Gabriel, do you see, at the end of the User Agent that you posted, that 
it says "SeaMonkey/2.40"  exactly the same as Edmund Wong was 
announcing as just released.


So, you are up-to-date.

--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 
Firefox/42.0 SeaMonkey/2.39 Build identifier: 20151028234211

or
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 
SeaMonkey/2.38 Build identifier: 20150903203501

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-19 Thread Bob Fleischer


Isaac Schemm wrote:

Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:


After trying a number of ways to reduce the size of a too-large window,
I've come to the conclusion that the best description of the situation
is "full screen without menu bar".  The window isn't too large for the
screen, it is fitted to it exactly.  How do I get the menu bar back?


Are your not in fullscreen mode then? F11 toggles the mode.


On this system, F11 hides (but doesn't minimize, they appear to slide
off-screen) any open windows, showing the desktop.  F11 again reverses
this.  This happens whether the window is SeaMonkey or any other
application.


Just checked - looks like the key command to turn full screen on/off on OS X
is Shift+Command+F. See if that helps.

Bingo! Thank you. Shift+Command+F did the trick.

One of the problems with full-screen in Mac OS is that the shortcuts and 
types of full-screen available changed radically after Lion, so available 
information is conflicting.


The other thing that bothers me is that "full screen" was persistent for 
SeaMonkey browser windows once it is set. All subsequent windows, even after 
a restart, come up full-screen.


On top of that, the version of Mac OS I was running, 10.6, didn't drop down 
the menu bar even when the cursor was brought to the top of the screen


Thanks,
Bob
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released


Thee Chicago Wolf (MVP) wrote:

On Wed, 16 Mar 2016 09:59:29 -0700, EE  wrote:


Thee Chicago Wolf (MVP) wrote:

On Mon, 14 Mar 2016 23:48:55 +0800, Edmund Wong 
wrote:


Greetings,

After so long a delay, for which we apologize, the SeaMonkey
Project is pleased to announce the release of SeaMonkey 2.40!

So please check out [1] or [2].

Please note that the website information, while updated for
2.40, still requires a bit more work.

We cannot repeat this enough.  Thank you everyone for your
patience with us.  This very long delay due to infrastructure
and resource issues has been very trying on a lot of people.

It has been a very tough release.  I think it's the
toughest one I've done.  However, this isn't to say that
I did this alone.  Kudos go to a lot of people, particularly
the guys/gals in Mozilla's IT and RelEng dept.

I particularly want to thank Nick Thomas for his sheer
brilliant idea that helped me unhork the partial mar upload
script as well as pointing out the necessary changes
to migrate off FTP to S3.

Thanks to Jens Hatlak for taking the time to do the Website
patch. (Really, sorry for the delay.)

Also, thanks to Justin Wood for giving me this opportunity
to work out the problems myself.  If you all take a look
at bug 1233615,  I think I rivaled the mess I did with
the GTK bug (conveniently forgotten the # :P ).  The
repo changes I made...  oh boy.  Only time will heal
the mess^H^H^H^H wounds. ;P

Anyway, most of all, thanks to all the users out there
for hanging on to this project.  The words of encouragement
(especially during the broken-hand period) definitely gave
me a boost of energy.

Oh.  Before I forget and in the light of being transparent,
there is a chance I might have goofed something up, especially
during the 2.39 Win32 builds as well as the 2.40 builds and
also the partial mar and complete mar updates.  I hope I
didn't screw things up too much, if at all (here's hoping).
Please do post here on your findings.


Anyway, thanks again.


Links:
[1] - http://www.seamonkey-project.org/releases/2.40
[2] - http://www.seamonkey-project.org/releases/seamonkey2.40/


\m/ \m/


Is there nobody else who has noticed a bug with "File Bookmark" with SM
for Mac?  I had to change the vertical size of the dialog box in
userChrome.css to make it long enough to display the list of folders
when one pulls that down, since it will not change size.


Nope, but I'm not on a Mac. Has a bug been filed? Sorry if you've
already mentioned it.

I have no idea if a bug has been filed or not, since that version has 
only very recently been officially released.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released

2016-03-19 Thread Gabriel


Edmund Wong wrote on 14/03/16 16:48:

Greetings,

After so long a delay, for which we apologize, the SeaMonkey
Project is pleased to announce the release of SeaMonkey 2.40!

So please check out [1] or [2].

Please note that the website information, while updated for
2.40, still requires a bit more work.


[cut]


Hi,

I already have this release:
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) 
Gecko/20100101 Firefox/43.0 SeaMonkey/2.40

Build identifier: 20160120191716

Do I need to download the current full installer, or is it the same version?

TIA :-)


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable


Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:

My wife uses SeaMonkey on a MacBook (running 10.6).

Somehow, it got into a state where browser windows fill the whole screen
and have no menu bar, and thus are essentially uncontrollable (except
for keyboard shortcuts). I don't even see how to change the browser
window settings that are accessed via the menu.

So how do I recover?

(Yes, I assume I could go to the trouble and create a new profile.  I
created a test profile, and it works OK.)



F11 fullscreen mode?



On my wife's Mac, at least, F11 just seems to push the browser window
behind the desktop (somewhat bizarrely), so I have access to the Finder
menu bar and dock.  It doesn't restore the browser window to normal.


F11 does not toggle fullscreen on Mac OS.  It is part of Exposé and is 
used by the operating system.  Cmd-Shift-F is supposed to work to toggle 
fullscreen.  Sometimes it works, and sometimes not.


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-19 Thread Jonathan N. Little


Bob Fleischer wrote:

My wife uses SeaMonkey on a MacBook (running 10.6).

Somehow, it got into a state where browser windows fill the whole screen
and have no menu bar, and thus are essentially uncontrollable (except
for keyboard shortcuts). I don't even see how to change the browser
window settings that are accessed via the menu.

So how do I recover?

(Yes, I assume I could go to the trouble and create a new profile.  I
created a test profile, and it works OK.)



F11 fullscreen mode?


--
Take care,

Jonathan
---
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-19 Thread Desiree


On 3/16/2016 4:29 PM, Paul Bergsagel wrote:

WaltS48 wrote:

On 03/16/2016 08:38 PM, Desiree wrote:

On 3/16/2016 8:43 AM, Ant wrote:

On 3/14/2016 8:42 PM, Edmund Wong wrote:

Ant wrote:

On 3/14/2016 9:28 AM, Paul Bergsagel wrote:
...

BTW IMPORTANT->the Check for updates menu items is broken on the Mac
claiming there is no new update.

Please go here to find the update
http://www.seamonkey-project.org/releases/


No updates found in my very old, updated Windows XP Pro SP3 machine
too!
What's up?


Hmmm.  Just what I kinda feared.  I must've done something
wrong with the partials or update placement. :(


Any updates? :)


Yes, approximately how much longer before internal updates are
available?  (Windows 8.0 Pro).


Love how everybody was fine using version 2.39 while the developers
worked out the problems, thanked them for their work, told them to take
their time, and now it's where is the update. :)


There is a new 2.40 release. In future read the entire post history.
Only the incremental, in place, update is broken. Geeze ;) .
To get the recent Seamonkey 2.40 release go here:

http://www.seamonkey-project.org/releases/

This not the incremental, in place, update. You have to download the
whole program, Seamonkey 2.40 and then replace v 2.39 with v. 2.40.

Thanks again for all the hard work that went into making this release a
reality.

I don't want the full program.  I want the internal update.  I was just 
wondering approximately when it will be available.  I didn't mean to 
offend anyone or imply that I am not grateful for the hard work the 
developers do.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-19 Thread Ant


I don't want the full program.  I want the internal update.  I was
just wondering approximately when it will be available.  I didn't
mean to offend anyone or imply that I am not grateful for the hard
work the developers do.


Ditto.


I don't have any info, but I'd guess the answer is something like
"ewong is working hard on it and not taking time out to give
progress reports."  (Of course, he may drop in as soon as I post this
and give one. ;)


Maybe he's on a needed vacation! ;)
--
Please kindly physically pinch me since I am not a green ant today! :P
Note: A fixed width font (Courier, Monospace, etc.) is required to see 
this signature correctly.

   /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
  / /\ /\ \Ant's Quality Foraged Links: http://aqfl.net
 | |o   o| |
\ _ /If crediting, then use Ant nickname and AQFL URL/link.
 ( )  Chop ANT from its address if e-mailing privately.
Ant is currently not listening to any songs on this computer.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released

2016-03-19 Thread »Q«

In ,
Ant  wrote:

> On 3/16/2016 8:50 PM, Desiree wrote:
> ...
> > I don't want the full program.  I want the internal update.  I was
> > just wondering approximately when it will be available.  I didn't
> > mean to offend anyone or imply that I am not grateful for the hard
> > work the developers do.  
> 
> Ditto.

I don't have any info, but I'd guess the answer is something like
"ewong is working hard on it and not taking time out to give
progress reports."  (Of course, he may drop in as soon as I post this
and give one. ;)  

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released

2016-03-19 Thread rodney


Thee Chicago Wolf (MVP) wrote:

On Wed, 16 Mar 2016 15:15:54 -0600, rodney 
wrote:


rodney wrote:

EE wrote:

Thee Chicago Wolf (MVP) wrote:

On Mon, 14 Mar 2016 23:48:55 +0800, Edmund Wong 
wrote:


Greetings,

After so long a delay, for which we apologize, the SeaMonkey
Project is pleased to announce the release of SeaMonkey 2.40!

So please check out [1] or [2].

Please note that the website information, while updated for
2.40, still requires a bit more work.

We cannot repeat this enough.  Thank you everyone for your
patience with us.  This very long delay due to infrastructure
and resource issues has been very trying on a lot of people.

It has been a very tough release.  I think it's the
toughest one I've done.  However, this isn't to say that
I did this alone.  Kudos go to a lot of people, particularly
the guys/gals in Mozilla's IT and RelEng dept.

I particularly want to thank Nick Thomas for his sheer
brilliant idea that helped me unhork the partial mar upload
script as well as pointing out the necessary changes
to migrate off FTP to S3.

Thanks to Jens Hatlak for taking the time to do the Website
patch. (Really, sorry for the delay.)

Also, thanks to Justin Wood for giving me this opportunity
to work out the problems myself.  If you all take a look
at bug 1233615,  I think I rivaled the mess I did with
the GTK bug (conveniently forgotten the # :P ).  The
repo changes I made...  oh boy.  Only time will heal
the mess^H^H^H^H wounds. ;P

Anyway, most of all, thanks to all the users out there
for hanging on to this project.  The words of encouragement
(especially during the broken-hand period) definitely gave
me a boost of energy.

Oh.  Before I forget and in the light of being transparent,
there is a chance I might have goofed something up, especially
during the 2.39 Win32 builds as well as the 2.40 builds and
also the partial mar and complete mar updates.  I hope I
didn't screw things up too much, if at all (here's hoping).
Please do post here on your findings.


Anyway, thanks again.


Links:
[1] - http://www.seamonkey-project.org/releases/2.40
[2] - http://www.seamonkey-project.org/releases/seamonkey2.40/


\m/ \m/


Is there nobody else who has noticed a bug with "File Bookmark" with SM
for Mac?  I had to change the vertical size of the dialog box in
userChrome.css to make it long enough to display the list of folders
when one pulls that down, since it will not change size.


The bug is in Windows 7 too.
The vertical size of the dialog box doesn't change.
The list presented under Bookmarks Menu when you click the black
triangle is:
Bookmarks Toolbar
Bookmarks Menu
Unsorted Bookmarks
Choose
(five of my folders to choose from)
Rodney


I did some checking of the other versions of SeaMonkey that I use.
The bug is not in 2.39
It is in 2.42 (from
~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32)
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
Firefox/45.0 SeaMonkey/2.42
Build identifier: 20160308183715


Did you file a bug report on Bugzilla?


No. I don't have a bugzilla account
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 released


On 19/03/2016 4:40 PM, Adrian Kalla wrote:

W dniu 03/17/2016 o 08:09 PM, Gabriel pisze:

I already have this release:
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0)
Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
Build identifier: 20160120191716

Do I need to download the current full installer, or is it the same
version?


Yes, you do, as your build is from January, not March...

Adrian, upthread, I answered that the OP had the latest SM because the 
User Agent included "SeaMonkey/2.40".


I did notice that the Build Identifier was from Jan, but didn't mention 
it. (I don't normally even look at them!)


Is this BI indicating that the OP has a Beta/Alpha version??

--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 
Firefox/42.0 SeaMonkey/2.39 Build identifier: 20151028234211

or
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 
SeaMonkey/2.38 Build identifier: 20150903203501

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable


Jonathan N. Little wrote:

Bob Fleischer wrote:


After trying a number of ways to reduce the size of a too-large window,
I've come to the conclusion that the best description of the situation
is "full screen without menu bar".  The window isn't too large for the
screen, it is fitted to it exactly.  How do I get the menu bar back?


Are your not in fullscreen mode then? F11 toggles the mode.


Not with Mac OS.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: SeaMonkey 2.40 on Mac OS 10.6 browser windows have no menu bar, uncontrollable

2016-03-19 Thread Isaac Schemm


Bob Fleischer wrote:

Jonathan N. Little wrote:

Bob Fleischer wrote:


After trying a number of ways to reduce the size of a too-large window,
I've come to the conclusion that the best description of the situation
is "full screen without menu bar".  The window isn't too large for the
screen, it is fitted to it exactly.  How do I get the menu bar back?


Are your not in fullscreen mode then? F11 toggles the mode.


On this system, F11 hides (but doesn't minimize, they appear to slide
off-screen) any open windows, showing the desktop.  F11 again reverses
this.  This happens whether the window is SeaMonkey or any other
application.

Just checked - looks like the key command to turn full screen on/off on 
OS X is Shift+Command+F. See if that helps.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: No internal updates yet? Re: SeaMonkey 2.40 released