Re: [Bug-gnuzilla] Icecat 45.2 urgently needed

Fri, 10 Jun 2016 08:29:14 -0700 

The problem with Firefox 44 and greater is, that Mozilla removed the cookie
prompt from core Firefox, namely the "Ask me every time" option for "Keep
[cookies] until:". This affects all browsers that use the Gecko rendering
engine, including Seamonkey.

The relevant bugs are here:
* https://bugzilla.mozilla.org/show_bug.cgi?id=606655 — comments against
removal start after Comment #44. Eventually, comments were restricted, and
discussion moved to the firefox-dev mailing list here:

https://mail.mozilla.org/pipermail/firefox-dev/2016-February/thread.html#3890

Another thread in February 2016:
https://mail.mozilla.org/pipermail/firefox-dev/2016-February/thread.html#3952

Relevant threads for March 2016:
https://mail.mozilla.org/pipermail/firefox-dev/2016-March/thread.html#4004
https://mail.mozilla.org/pipermail/firefox-dev/2016-March/thread.html#4003

* https://bugzilla.mozilla.org/show_bug.cgi?id=1249151 — bug to reintroduce
cookie prompts;
* https://bugzilla.mozilla.org/show_bug.cgi?id=1235199 — for SeaMonkey, but
contains a patch that 'reverts the parts from [bug] 606655 for [Internet]
suite.'

The cookie prompt has been a very important privacy feature in Firefox and
derivatives, because it allows people to choose whether to accept cookies
from a domain or not. People trained on this can also tell apart domains
that are generally ok, and those that are not.

Upgrading to 45 and greater deletes all previously accrued cookie
permissions, thus resulting in data loss and broken sites.

The only recourse has been to use Firefox 38.x ESR, because it has so far
retained the cookie prompt functionality.

-Mart.


2016-06-10 16:24 GMT+03:00 Mark H Weaver <m...@netris.org>:

> On June 7, Mozilla released a batch of security updates on their ESR 45
> branch.  Upstream support for the ESR 38 has apparently been dropped.
> Several of the fixed bugs are labelled "critical" by Mozilla, and some
> are expected to allow arbitrary code execution by a remote attacker.
>
>
> https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.2
>
> Therefore, GNU Icecat 38.x can no longer be used safely, and we are in
> urgent need of Icecat 45.2.
>
>       Mark
>
> --
> http://gnuzilla.gnu.org
>

--
http://gnuzilla.gnu.org

Reply via email to