On 09/29/2011 07:44 AM, Robert Kaiser wrote: > Paul B. Gallagher schrieb: >> HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES > > That doesn't sounds correct. Firefox itself is not affected at all when > WebSockets are turned off. And WebSockets are not used by millions of > sites. It looks like the Java plugins is affected though and we are > discussing blocking all versions of Java on all versions of Firefox. > > The same should be true 1:1 for SeaMonkey. > > Robert Kaiser >
Blocking all versions of Java on all versions of Firefox + SeaMonkey? Seriously? Are you referring to this: https://bugzilla.mozilla.org/show_bug.cgi?id=689661 [Block Java Plugin due to security vulnerabilities (BEAST TLS and bug in same-origin-policy)] Doing that kills sites that use java. Example: http://myspeed.visualware.com/index.php Users can easily turn on/off java using prefbar. Related (from that bug report): <http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/> <http://www.theregister.co.uk/2011/09/29/firefox_killing_java/> <http://www.imperialviolet.org/2011/09/23/chromeandbeast.html> Seems like dejavu: <http://www.theregister.co.uk/2010/04/21/mozilla_blocks_java_plug_in/> [Mozilla blocks Firefox Java plugin] "Discussions on Bugzilla show this is unrelated to a flaw in Java Web Start affecting multiple browsers and patched by Oracle via an out-of-sequence (emergency) update last week." <http://jaxenter.com/mozilla-block-java-deployment-toolkit-11057.html> [Mozilla Block Java Deployment Toolkit] _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
