On 12/4/2016 10:16 AM, Lee wrote: <snip> > > nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey > 2.47 has the patch for that exploit?
I tested Adrian's 2.47's per bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 (See comments: 84, 85, and 86 - which for some reason have been marked as 'offtopic' by ryanvm) Comment #55 in 1321066 states "You can consider the presence of MOZ_RELEASE_ASSERT(!mHoldingEntries) in crash reports as confirmation that the patch has effectively neutralized the problem." Adrian's builds that I tested with the test case in comment 25 crashed with 'MOZ_RELEASE_ASSERT(!mHoldingEntries)': SM 2.47 linux 64: User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101 SeaMonkey/2.47 Build identifier: 20161201022155 MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries) SM 2.47 Windows 32: User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101 SeaMonkey/2.47 Build identifier: 2016120109390 MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries) SM 2.47 Windows 64 User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 SeaMonkey/2.47 Build identifier: 20161201025712 MOZ_CRASH Reason MOZ_RELEASE_ASSERT(!mHoldingEntries) So given the results and the comments in the bug report regarding 'MOZ_RELEASE_ASSERT(!mHoldingEntries)' it appears to me that Adrian has indeed patched those builds agains the exploit. (I'll forward this to Adrian to see if he can confirm) Gary <snip> _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
