Re: Security Vulnerability

2017-11-03 Thread Frank-Rainer Grahl 

The Fx version is in:

mozilla\browser\config\version.txt


Be aware that SeaMonkey is build from the THUNDERBIRD_52_VERBRANCH which is 
not bleeding edge but contains OSX and some other mailnews fixes. If you want 
bleeding edge you need to merge default to it.


FRG


Richmond wrote:

Frank-Rainer Grahl  writes:


2.49.1 is based on the latest 52.4 so the CVE is in it.



OK thanks but how can I tell that is the case without asking here? Or to
put it another way, how do I know when to recompile and what version of
firefox ESR the code I check out will be based on? (Maybe there is no
way).

(I am checking out from comm-esr52).


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

2017-11-03 Thread Richmond via support-seamonkey 
Frank-Rainer Grahl  writes:

> 2.49.1 is based on the latest 52.4 so the CVE is in it.
>

OK thanks but how can I tell that is the case without asking here? Or to
put it another way, how do I know when to recompile and what version of
firefox ESR the code I check out will be based on? (Maybe there is no
way).

(I am checking out from comm-esr52).
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

2017-11-03 Thread Frank-Rainer Grahl 

2.49.1 is based on the latest 52.4 so the CVE is in it.

Richmond wrote:

How do I tell if, for example, CVE-2017-7810 has been addressed in
Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
it be in Seamonkey comm-esr52?

I have been looking here:

https://hg.mozilla.org/releases/comm-esr52/log

But cannot see anything corresponding to CVE numbers.

(I have used CVE-2017-7810 as an example)

(My previous post subject 2.49.2 was meant to be a test. I posted it in
the wrong place.)


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

2017-11-03 Thread Mason83 
On 03/11/2017 16:26, Richmond wrote:
> How do I tell if, for example, CVE-2017-7810 has been addressed in
> Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
> it be in Seamonkey comm-esr52?

https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810

Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason 
Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported 
memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these 
bugs showed evidence of memory corruption and we presume that with enough 
effort that some of these could be exploited to run arbitrary code.

References:
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598

NONE of these bugs are public, despite the CVE entry being created
over 6 months ago, and the fix being announced a month ago.

I don't know who's running the show at moz org, but someone
needs to give them a good kick in the bottom, if you ask me.

Regards.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Security Vulnerability

2017-11-03 Thread Richmond via support-seamonkey 
How do I tell if, for example, CVE-2017-7810 has been addressed in
Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will
it be in Seamonkey comm-esr52?

I have been looking here:

https://hg.mozilla.org/releases/comm-esr52/log

But cannot see anything corresponding to CVE numbers.

(I have used CVE-2017-7810 as an example)

(My previous post subject 2.49.2 was meant to be a test. I posted it in
the wrong place.)

-- 
~
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-21 Thread Frank-Rainer Grahl 

seemonkey wrote:

But it would close the vulnerability in nss. If one would release a seamonkey 
let's say 2.40.1 only with the change of nss 3.21.1 the result would be the 
same as i described. I didn't mention any bug in the base product. The whole 
topic was started with nss and not bugs/sec vuln. in seamonkey.

So keeping SM 2.40 official release without replacing the nss is the worst one 
can do at the moment. If you trust an unofficial build (2.46) then install it. 
Or copy the dlls as i described.


The worst thing you could do is assume you are covered. It would close 
one vulnerability in nss not all. Current nss is 3.28 beta and 3.26.2 in 
the next Firefox release. I am quite sure there some few security fixes 
in the latest version too. You best protection is still a script and an 
Ad blocker when browsing the web.


A 2.40.1 can not be released because the l10n part of the build system 
is broken. It it weren't so we would have 2.46 already.


Adrians unofficial builds are ok. You can trust them. And if you run 
en-US there are now candidate builds for every platform available too. 
They are not final but this only means that the build process stopped 
with an error when it came to building the l10n versions. Building en-US 
was mostly finished at this stage.


That said ewong is still busy building and I hope we will see the final 
2.46 soon.


FRG
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-20 Thread seemonkey 
On Tuesday, October 18, 2016 at 10:10:15 PM UTC+2, Frank-Rainer Grahl wrote:
> I wouldn't start hacking together a version with different binaries. Might 
> work 
> might not. And this won't close any bugs in the base product which could be 
> exploited if you are so concerned about security.
> 
> Better check if the latest en-US candidate 2.46 test builds works for you or 
> use 
> Adrians latest 2.46 build. They are both build from the same sources and 
> updating 
> to the next official build whenever it arrives will be possible just by 
> downloading it. Adrians is gtk3 and the candidate gtk2 for Linux users. 
> Windows 
> VS2015 but Adrians should be a little faster because he used -O2 for 
> compiling.
> 
> If you use a hacked together build do not open bug reports against it.
> 
> There will be no 2.40.x builds. The next one will be 2.46 if the l10n build 
> bug 
> can be fixed in time.
> 
> FRG
> 
> On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote:
> 
> >>Lee wrote on 16/10/2016 17:45:
> >>> On 10/16/16, Ray_Net  wrote:
> >>>> seemonkey wrote on 13/10/2016 08:06:
> >>>>> There's at least one security vulnerability that is missing from this 
> >>>>> NSS
> >>>>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >>>>>
> >>>>> There was a bugfix in NSS
> >>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
> >>>>> but unfortunately it seems that this bugfix is not in 3.20.x according 
> >>>>> to
> >>>>> the developer entries. I didn't check the code yet if the bugfix is 
> >>>>> really
> >>>>> missing!
> >>>>>
> >>>>> So my question is why seamonkey uses still this outdated NSS version? It
> >>>>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
> >>>>> also in latest thunderbird /45.4.0/)
> >>>>>
> >>>>> As a workaround i can copy the nss libraries from firefox esr to 
> >>>>> seamonkey
> >>>>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
> >>>>> this end i can start seamonkey with newer NSS library because they're
> >>>>> compatible.
> >>>> "As a workaround i can copy the nss libraries from firefox esr to
> >>>> seamonkey "
> >>>>
> >>>> Could you tell us what we need (in details) to do ?
> >>>> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
> >>> Upgrade.
> >>>
> >>> The current version of Firefox is 49.0.1
> >>> about:support / Library Versions says the NSS* expected & in use version 
> >>> is 
> 3.25
> >>>
> >>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
> >>> security patches.  Upgrading requires that you download & install a
> >>> new version of SM instead of waiting for it to upgrade automatically.
> >>> **where** to download the new version from is a bit of a question tho
> >>> :(   I'm guessing the safest bet is
> >>> 
> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-com
> m-release-windows32/
> >>> if only because akalla had to pick _this_ particular build to make
> >>> available for downloading.  SeaMonkey 2.46 has the same 3.25
> >>> about:support / Library Versions for NSS* as FF.
> >>>
> >>> Regards,
> >>> Lee
> >>You don't understand.
> >>- I hate to install a not released SM.
> >>- I stay with FireFox 46.0.1 because I am able with it to do "View 
> >>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
> >>do it.
> >>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
> >>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
> >>use nss from this version to put into SM because it should be > 3.21.1.
> >>So the question is still open:
> >>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?
> 
> 
>  Regards
>  Frank-Rainer Grahl

But it would close the vulnerability in nss. If one would release a seamonkey 
let's say 2.40.1 only with the change of nss 3.21.1 the result would be the 
same as i described. I didn't mention any bug in the base product. The whole 
topic was started with nss and not bugs/sec vuln. in seamonkey.

So keeping SM 2.40 official release without replacing the nss is the worst one 
can do at the moment. If you trust an unofficial build (2.46) then install it. 
Or copy the dlls as i described.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-19 Thread Ray_Net 

Frank-Rainer Grahl wrote on 18/10/2016 22:03:

I wouldn't start hacking together a version with different binaries. Might work
might not. And this won't close any bugs in the base product which could be
exploited if you are so concerned about security.


Ok, I will stay with my official SM 2.40 without introducing some 
possible problem.

Thanks for all answering.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-18 Thread Frank-Rainer Grahl 
I wouldn't start hacking together a version with different binaries. Might work 
might not. And this won't close any bugs in the base product which could be 
exploited if you are so concerned about security.

Better check if the latest en-US candidate 2.46 test builds works for you or 
use 
Adrians latest 2.46 build. They are both build from the same sources and 
updating 
to the next official build whenever it arrives will be possible just by 
downloading it. Adrians is gtk3 and the candidate gtk2 for Linux users. Windows 
VS2015 but Adrians should be a little faster because he used -O2 for compiling.

If you use a hacked together build do not open bug reports against it.

There will be no 2.40.x builds. The next one will be 2.46 if the l10n build bug 
can be fixed in time.

FRG

On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote:

>>Lee wrote on 16/10/2016 17:45:
>>> On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
>>>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>>>>> There's at least one security vulnerability that is missing from this NSS
>>>>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>>>>>
>>>>> There was a bugfix in NSS
>>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>>>>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>>>>> the developer entries. I didn't check the code yet if the bugfix is really
>>>>> missing!
>>>>>
>>>>> So my question is why seamonkey uses still this outdated NSS version? It
>>>>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>>>>> also in latest thunderbird /45.4.0/)
>>>>>
>>>>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>>>>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>>>>> this end i can start seamonkey with newer NSS library because they're
>>>>> compatible.
>>>> "As a workaround i can copy the nss libraries from firefox esr to
>>>> seamonkey "
>>>>
>>>> Could you tell us what we need (in details) to do ?
>>>> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
>>> Upgrade.
>>>
>>> The current version of Firefox is 49.0.1
>>> about:support / Library Versions says the NSS* expected & in use version is 
3.25
>>>
>>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
>>> security patches.  Upgrading requires that you download & install a
>>> new version of SM instead of waiting for it to upgrade automatically.
>>> **where** to download the new version from is a bit of a question tho
>>> :(   I'm guessing the safest bet is
>>> 
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-com
m-release-windows32/
>>> if only because akalla had to pick _this_ particular build to make
>>> available for downloading.  SeaMonkey 2.46 has the same 3.25
>>> about:support / Library Versions for NSS* as FF.
>>>
>>> Regards,
>>> Lee
>>You don't understand.
>>- I hate to install a not released SM.
>>- I stay with FireFox 46.0.1 because I am able with it to do "View 
>>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
>>do it.
>>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
>>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
>>use nss from this version to put into SM because it should be > 3.21.1.
>>So the question is still open:
>>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?


 Regards
 Frank-Rainer Grahl


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-17 Thread seemonkey12345 
On Sunday, October 16, 2016 at 9:59:26 PM UTC+2, Ray_Net wrote:
> Lee wrote on 16/10/2016 17:45:
> > On 10/16/16, Ray_Net wrote:
> >> seemonkey wrote on 13/10/2016 08:06:
> >>> There's at least one security vulnerability that is missing from this NSS
> >>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >>>
> >>> There was a bugfix in NSS
> >>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
> >>> but unfortunately it seems that this bugfix is not in 3.20.x according to
> >>> the developer entries. I didn't check the code yet if the bugfix is really
> >>> missing!
> >>>
> >>> So my question is why seamonkey uses still this outdated NSS version? It
> >>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
> >>> also in latest thunderbird /45.4.0/)
> >>>
> >>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
> >>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
> >>> this end i can start seamonkey with newer NSS library because they're
> >>> compatible.
> >> "As a workaround i can copy the nss libraries from firefox esr to
> >> seamonkey "
> >>
> >> Could you tell us what we need (in details) to do ?
> >> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
> > Upgrade.
> >
> > The current version of Firefox is 49.0.1
> > about:support / Library Versions says the NSS* expected & in use version is 
> > 3.25
> >
> > The 'current' version of SeaMonkey is 2.40 and is missing a lot of
> > security patches.  Upgrading requires that you download & install a
> > new version of SM instead of waiting for it to upgrade automatically.
> > **where** to download the new version from is a bit of a question tho
> > :(   I'm guessing the safest bet is
> > https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
> > if only because akalla had to pick _this_ particular build to make
> > available for downloading.  SeaMonkey 2.46 has the same 3.25
> > about:support / Library Versions for NSS* as FF.
> >
> > Regards,
> > Lee
> You don't understand.
> - I hate to install a not released SM.
> - I stay with FireFox 46.0.1 because I am able with it to do "View 
> Selection Source" using my version of Firefox, because my SM 2.40 cannot 
> do it.
> - He said " It should use at least 3.21.1 (that is in latest firefox esr 
> /45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
> use nss from this version to put into SM because it should be > 3.21.1.
> So the question is still open:
> How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?

I understand you.
In detail you must do the following. Copy these files from firefox into 
seamonkey overwriting the existing files (you have *.dll instead of *.so):
libfreebl3.chk
libfreebl3.so
libnspr4.so
libnss3.so
libnssckbi.so
libnssdbm3.chk
libnssdbm3.so
libnssutil3.so
libplc4.so
libplds4.so
libsmime3.so
libsoftokn3.chk
libsoftokn3.so
libssl3.so
I did it on linux, on windows it should be the same, please check it! I hope 
you have chk files too. However i have firefox 45.4.0 (esr) not the 46.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-17 Thread TCW 
On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net
<tbrraymond.schmit...@tbrscarlet.be> wrote:

>Lee wrote on 16/10/2016 17:45:
>> On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
>>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>>>> There's at least one security vulnerability that is missing from this NSS
>>>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>>>>
>>>> There was a bugfix in NSS
>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>>>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>>>> the developer entries. I didn't check the code yet if the bugfix is really
>>>> missing!
>>>>
>>>> So my question is why seamonkey uses still this outdated NSS version? It
>>>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>>>> also in latest thunderbird /45.4.0/)
>>>>
>>>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>>>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>>>> this end i can start seamonkey with newer NSS library because they're
>>>> compatible.
>>> "As a workaround i can copy the nss libraries from firefox esr to
>>> seamonkey "
>>>
>>> Could you tell us what we need (in details) to do ?
>>> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
>> Upgrade.
>>
>> The current version of Firefox is 49.0.1
>> about:support / Library Versions says the NSS* expected & in use version is 
>> 3.25
>>
>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
>> security patches.  Upgrading requires that you download & install a
>> new version of SM instead of waiting for it to upgrade automatically.
>> **where** to download the new version from is a bit of a question tho
>> :(   I'm guessing the safest bet is
>> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
>> if only because akalla had to pick _this_ particular build to make
>> available for downloading.  SeaMonkey 2.46 has the same 3.25
>> about:support / Library Versions for NSS* as FF.
>>
>> Regards,
>> Lee
>You don't understand.
>- I hate to install a not released SM.
>- I stay with FireFox 46.0.1 because I am able with it to do "View 
>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
>do it.
>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
>use nss from this version to put into SM because it should be > 3.21.1.
>So the question is still open:
>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?

The SM 2.46 builds are being made by Adrian Kalla on a personal
machine and are stable even though not publish on the official Mozilla
site and usual download places. They are build from stable code but
because the build environment has been busted for so long, it's not
working on Mozilla proper. I just updated to the SM 2.47 beta build he
made today and it has NSS 3.26.2. I didn't realize 3.27/3.27.1 went
final until I just looked. So, IMHOO, you have nothing to lose by
trying the stable build Adrian has made. You can always kick the tires
here: http://goo.gl/9R2c0i

Stable, in terms of software, is relative to how many bugs haven't
been found yet.

As for grafting DLLs, back up nss3.dll, nssckbi.dll, nssdbm3.chk,
nssdbm3.dll and mozglue.dll somewhere. Close SM. Copy the NSS DLLs
from Firefox and overwrite the ones in the SM directory. 99% of the
time you won't need mozglue.dll. Start SM. If it complains about
mozglue.dll, close SM and overwrite mozglue.dll. Start SM again. If it
won't start, copy back the backed up DLLs. Hope that helps.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Ray_Net 

Lee wrote on 16/10/2016 17:45:

On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:

seemonkey12...@gmail.com wrote on 13/10/2016 08:06:

There's at least one security vulnerability that is missing from this NSS
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
but unfortunately it seems that this bugfix is not in 3.20.x according to
the developer entries. I didn't check the code yet if the bugfix is really
missing!

So my question is why seamonkey uses still this outdated NSS version? It
should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
also in latest thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey
until a security release of seamonkey let's say 2.40.1 arrives. I tried
this end i can start seamonkey with newer NSS library because they're
compatible.

"As a workaround i can copy the nss libraries from firefox esr to
seamonkey "

Could you tell us what we need (in details) to do ?
I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.

Upgrade.

The current version of Firefox is 49.0.1
about:support / Library Versions says the NSS* expected & in use version is 3.25

The 'current' version of SeaMonkey is 2.40 and is missing a lot of
security patches.  Upgrading requires that you download & install a
new version of SM instead of waiting for it to upgrade automatically.
**where** to download the new version from is a bit of a question tho
:(   I'm guessing the safest bet is
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
if only because akalla had to pick _this_ particular build to make
available for downloading.  SeaMonkey 2.46 has the same 3.25
about:support / Library Versions for NSS* as FF.

Regards,
Lee

You don't understand.
- I hate to install a not released SM.
- I stay with FireFox 46.0.1 because I am able with it to do "View 
Selection Source" using my version of Firefox, because my SM 2.40 cannot 
do it.
- He said " It should use at least 3.21.1 (that is in latest firefox esr 
/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
use nss from this version to put into SM because it should be > 3.21.1.

So the question is still open:
How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Lee 
On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>> There's at least one security vulnerability that is missing from this NSS
>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>>
>> There was a bugfix in NSS
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>> the developer entries. I didn't check the code yet if the bugfix is really
>> missing!
>>
>> So my question is why seamonkey uses still this outdated NSS version? It
>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>> also in latest thunderbird /45.4.0/)
>>
>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>> this end i can start seamonkey with newer NSS library because they're
>> compatible.
>
> "As a workaround i can copy the nss libraries from firefox esr to
> seamonkey "
>
> Could you tell us what we need (in details) to do ?
> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.

Upgrade.

The current version of Firefox is 49.0.1
about:support / Library Versions says the NSS* expected & in use version is 3.25

The 'current' version of SeaMonkey is 2.40 and is missing a lot of
security patches.  Upgrading requires that you download & install a
new version of SM instead of waiting for it to upgrade automatically.
**where** to download the new version from is a bit of a question tho
:(   I'm guessing the safest bet is
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
if only because akalla had to pick _this_ particular build to make
available for downloading.  SeaMonkey 2.46 has the same 3.25
about:support / Library Versions for NSS* as FF.

Regards,
Lee
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-16 Thread Ray_Net 

seemonkey12...@gmail.com wrote on 13/10/2016 08:06:

There's at least one security vulnerability that is missing from this NSS 
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
to solve this issue but unfortunately it seems that this bugfix is not in 
3.20.x according to the developer entries. I didn't check the code yet if the 
bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS version? It should 
use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in latest 
thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey 
until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
end i can start seamonkey with newer NSS library because they're compatible.


"As a workaround i can copy the nss libraries from firefox esr to 
seamonkey "


Could you tell us what we need (in details) to do ?
I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-15 Thread Edward 

WaltS48 wrote:

On 10/14/2016 08:49 PM, Edward wrote:

TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:


There's at least one security vulnerability that is missing from
this NSS version:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this
issue but unfortunately it seems that this bugfix is not in 3.20.x
according to the developer entries. I didn't check the code yet if
the bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS
version? It should use at least 3.21.1 (that is in latest firefox
esr /45.4.0/ and also in latest thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to
seamonkey until a security release of seamonkey let's say 2.40.1
arrives. I tried this end i can start seamonkey with newer NSS
library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss
package that is included with the Linux distribution being used? The
currently installed version here is 3.23.0-1 (Fedora 24).

Thanks in advance.



Users can enter about:support in the address bar and scroll down to the
Library Versions section of the Troubleshooting Information page to see
what their version of SeaMonkey, Firefox or Thunderbird is using.

If you prefer Help > Troubleshooting Information also gets you there.


Thanks for that tip.

It looks like nss was just updated. That screen shows the Expected 
Minimum Version as 3.25, with 3.27 as the Version in use.



___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-15 Thread WaltS48 

On 10/14/2016 08:49 PM, Edward wrote:

TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:

There's at least one security vulnerability that is missing from this 
NSS version: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950


There was a bugfix in NSS 
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this 
issue but unfortunately it seems that this bugfix is not in 3.20.x 
according to the developer entries. I didn't check the code yet if 
the bugfix is really missing!


So my question is why seamonkey uses still this outdated NSS version? 
It should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ 
and also in latest thunderbird /45.4.0/)


As a workaround i can copy the nss libraries from firefox esr to 
seamonkey until a security release of seamonkey let's say 2.40.1 
arrives. I tried this end i can start seamonkey with newer NSS 
library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss package 
that is included with the Linux distribution being used? The currently 
installed version here is 3.23.0-1 (Fedora 24).


Thanks in advance.



Users can enter about:support in the address bar and scroll down to the 
Library Versions section of the Troubleshooting Information page to see 
what their version of SeaMonkey, Firefox or Thunderbird is using.


If you prefer Help > Troubleshooting Information also gets you there.

--
Visit Pittsburgh <http://www.visitpittsburgh.com/>
Coexist <https://www.coexist.org/>
Ubuntu 16.04LTS
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread seemonkey 
On Saturday, October 15, 2016 at 2:49:48 AM UTC+2, Edward wrote:
> TCW wrote:
> > On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey
> > wrote:
> >
> >> There's at least one security vulnerability that is missing from this NSS 
> >> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >>
> >> There was a bugfix in NSS 
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue 
> >> but unfortunately it seems that this bugfix is not in 3.20.x according to 
> >> the developer entries. I didn't check the code yet if the bugfix is really 
> >> missing!
> >>
> >> So my question is why seamonkey uses still this outdated NSS version? It 
> >> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and 
> >> also in latest thunderbird /45.4.0/)
> >>
> >> As a workaround i can copy the nss libraries from firefox esr to seamonkey 
> >> until a security release of seamonkey let's say 2.40.1 arrives. I tried 
> >> this end i can start seamonkey with newer NSS library because they're 
> >> compatible.
> >
> > You can graft the NSS dlls, sure. I have done that in the past with
> > success. But, there is a build of 2.46 that's stable enough to use if
> > you want to test.
> 
> Just curious... Does the Linux version of SeaMonkey use the nss package 
> that is included with the Linux distribution being used? The currently 
> installed version here is 3.23.0-1 (Fedora 24).
> 
> Thanks in advance.

No, seamonkey/firefox/thunderbird look for their .so ONLY in their own 
directory ignoring to search in /usr/lib. That why it is not enough to install 
a separate nss package but one need to place symbolic links into each mozilla 
product.
You can check with strace which .so is loaded on startup of seamonkey. If the 
one from nss lib 3.23.0-1 then you are lucky and don't have to do anything.

I just wanted to point out that we immediately need a seemonkey update.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread seemonkey12345 
On Thursday, October 13, 2016 at 3:10:42 PM UTC+2, TCW wrote:
> On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey
> 
> >There's at least one security vulnerability that is missing from this NSS 
> >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >
> >There was a bugfix in NSS 
> >https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue but 
> >unfortunately it seems that this bugfix is not in 3.20.x according to the 
> >developer entries. I didn't check the code yet if the bugfix is really 
> >missing!
> >
> >So my question is why seamonkey uses still this outdated NSS version? It 
> >should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also 
> >in latest thunderbird /45.4.0/)
> >
> >As a workaround i can copy the nss libraries from firefox esr to seamonkey 
> >until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
> >end i can start seamonkey with newer NSS library because they're compatible.
> 
> You can graft the NSS dlls, sure. I have done that in the past with
> success. But, there is a build of 2.46 that's stable enough to use if
> you want to test.

I tried with firefox's/thunderbirds 3.21.1 and it works. I trust this version 
of nss (at the moment)
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-14 Thread Edward 

TCW wrote:

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:


There's at least one security vulnerability that is missing from this NSS 
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
to solve this issue but unfortunately it seems that this bugfix is not in 
3.20.x according to the developer entries. I didn't check the code yet if the 
bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS version? It should 
use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in latest 
thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey 
until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
end i can start seamonkey with newer NSS library because they're compatible.


You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.


Just curious... Does the Linux version of SeaMonkey use the nss package 
that is included with the Linux distribution being used? The currently 
installed version here is 3.23.0-1 (Fedora 24).


Thanks in advance.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-13 Thread TCW 
On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
wrote:

>There's at least one security vulnerability that is missing from this NSS 
>version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>
>There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
>to solve this issue but unfortunately it seems that this bugfix is not in 
>3.20.x according to the developer entries. I didn't check the code yet if the 
>bugfix is really missing!
>
>So my question is why seamonkey uses still this outdated NSS version? It 
>should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in 
>latest thunderbird /45.4.0/)
>
>As a workaround i can copy the nss libraries from firefox esr to seamonkey 
>until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
>end i can start seamonkey with newer NSS library because they're compatible.

You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

2016-10-13 Thread seemonkey12345 
There's at least one security vulnerability that is missing from this NSS 
version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
to solve this issue but unfortunately it seems that this bugfix is not in 
3.20.x according to the developer entries. I didn't check the code yet if the 
bugfix is really missing!

So my question is why seamonkey uses still this outdated NSS version? It should 
use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in latest 
thunderbird /45.4.0/)

As a workaround i can copy the nss libraries from firefox esr to seamonkey 
until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
end i can start seamonkey with newer NSS library because they're compatible.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security Vulnerability

2012-03-19 Thread Mozilla Security 
This sounds more like a SeaMonkey support issue than a general security
issue. Adding support-seamonkey@lists.mozilla.org
mailto:support-seamonkey@lists.mozilla.org. to addresss this issue.

--
Curtis Koenig
Mozilla Corp.
Security Program Manager


On 2012-02-16 14:23 PM, L Davis wrote:
 Hi,
 Even though I have updated to the latest version of SeaMonkey, when I
 Open in a New Tab, the older
 version of SeaMonkey comes up, advising me to upgrade. The original
 page reflects the updated version.

 Thank you for your help.

 Laura




signature.asc
Description: OpenPGP digital signature
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security vulnerability in FF3.*

2010-10-28 Thread Arne 

Stéphane Grégoire wrote:

Hi,

Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug :
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/


I


don't know for sure, but this may give some calm to SM users, at least 
those on newer Windows users?



However, for some reason or another the cybercriminal behind this
attack has chosen to limit the scope of the vulnerability. Using
browser headers, the exploit checks both the Firefox version and
the operating system used.

According to Mozilla, the underlying flaw is present in both
Firefox 3.5 and 3.6, but only recent versions of 3.6 were targeted
by JS_NINDYA.A. In addition, if the user is running newer versions
of Windows (such as Vista, Windows 7, Server 2008, and Server 2008
R2), the exploit will not be triggered either.



Read more:
http://blog.trendmicro.com/firefox-zero-day-found-in-compromised-nobel-peace-prize-website/

--
/Arne

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Security vulnerability in FF3.*

2010-10-27 Thread Stéphane Grégoire 
Hi,

Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug :
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/


-- 
Stéphane
http://pasdenom.info

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security vulnerability in FF3.*

2010-10-27 Thread Jens Hatlak 

Stéphane Grégoire wrote:

Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug :
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/


The 2.0 branch is affected for sure; it uses the same back-end as 
Firefox 3.5. SeaMonkey 2.0.10 will be released soon (about the same time 
as the next Firefox minor releases). I don't know about SeaMonkey 2.1 
Beta 1, but if it's affected you'd either have to switch to using trunk 
nightly builds, wait for 2.1 Beta 2 (which will take some time, though), 
disable JavaScript, or install NoScript.


HTH

Jens

--
Jens Hatlak http://jens.hatlak.de/
SeaMonkey Trunk Tracker http://smtt.blogspot.com/
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Security vulnerability in FF3.*

2010-10-27 Thread Robert Kaiser 

Stéphane Grégoire schrieb:

Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug :
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/


SeaMonkey 2.0.9 is affected and we are working on 2.0.10 right now to 
fix it. SeaMonkey 2.1 Beta 1 is at least not affected when it comes to 
HTML, as the new HTML5 parser works differently and doesn't run into the 
problem, but we will put some parts of the patch in future 2.1 versions 
as well (as I understand it) to ensure this cannot regress.


Find 2.0.10 candidate build with the fix on FTP, as I just posted.

Robert Kaiser

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Firefox 3.6 security vulnerability -- shared by SM?

2010-03-23 Thread Robert Kaiser 

Paul B. Gallagher wrote:

http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug


Any experts care to comment?


This problem only exists in Gecko 1.9.2 and higher, but SeaMonkey 2.0.x 
uses 1.9.1.x, so our security update for a few other things stays 
targeted for March 30, just as Firefox 3.5.9, which is also Gecko 
1.9.1-based.


Robert Kaiser
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Firefox 3.6 security vulnerability -- shared by SM?

2010-03-22 Thread Stanimir Stamenkov 

Sun, 21 Mar 2010 17:33:35 -0700, /NoOp/:

On 03/21/2010 03:03 PM, Paul B. Gallagher wrote:


http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug

Any experts care to comment?


Not an expert... but I suspect that the 2.0.4 testing request from kairo:
quote
If no problems come up in testing those builds, they will go live as 
the official 2.0.4 on Tuesday, March 30, in sync with Firefox and 
Thunderbird updates that will fix the same set of security issues.

/quote
is probably related  meant to take care of this.


http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ 
linked from the given Computerworld article:


*Update:* To clarify, as originally claimed this issue affects Firefox 
3.6 only and not any earlier versions. Thunderbird and SeaMonkey are 
based on earlier versions of the browser engine and are not affected.


--
Stanimir
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Firefox 3.6 security vulnerability -- shared by SM?

2010-03-22 Thread Paul B. Gallagher 

Stanimir Stamenkov wrote:

http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ 
linked from the given Computerworld article:


*Update:* To clarify, as originally claimed this issue affects Firefox 
3.6 only and not any earlier versions. Thunderbird and SeaMonkey are 
based on earlier versions of the browser engine and are not affected.


Whew!

Thanks.

--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Firefox 3.6 security vulnerability -- shared by SM?

2010-03-22 Thread Ant 

On 3/22/2010 6:57 AM PT, Paul B. Gallagher typed:


http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/
linked from the given Computerworld article:


*Update:* To clarify, as originally claimed this issue affects
Firefox 3.6 only and not any earlier versions. Thunderbird and
SeaMonkey are based on earlier versions of the browser engine and are
not affected.


Whew!

Thanks.


Cool. Don't need to wait for that fix then. :)
--
..., you ready for a little dumpster diving? Um... okay. You know I 
don't mind getting my hands dirty. I mean, maggots, wet trash, I am 
the first one in. Okay, so what are you waiting for? Ants. 
(Chuckles) Ants? Yes, I have got a problem with ants. They are 
sneaky, and they are mobile, and when they get on you, even if you get 
them off... Okay, Calleigh, chill. --CSI: Miami (Wannabe episode; #218)

   /\___/\
  / /\ /\ \Phil./Ant @ http://antfarm.ma.cx (Personal Web Site)
 | |o   o| |   Ant's Quality Foraged Links: http://aqfl.net
\ _ / Nuke ANT from e-mail address: phi...@earthlink.netant
 ( )   or ant...@zimage.com
Ant is currently not listening to any songs on his home computer.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Firefox 3.6 security vulnerability -- shared by SM?

2010-03-21 Thread Paul B. Gallagher 

http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug

Any experts care to comment?

--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Firefox 3.6 security vulnerability -- shared by SM?

2010-03-21 Thread NoOp 
On 03/21/2010 03:03 PM, Paul B. Gallagher wrote:
 http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug
 
 Any experts care to comment?
 

Not an expert... but I suspect that the 2.0.4 testing request from kairo:
quote
If no problems come up in testing those builds, they will go live as the
official 2.0.4 on Tuesday, March 30, in sync with Firefox and
Thunderbird updates that will fix the same set of security issues.
/quote
is probably related  meant to take care of this.



___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey