Mark H Weaver <m...@netris.org> writes: > On June 7, Mozilla released a batch of security updates on their ESR 45 > branch. Upstream support for the ESR 38 has apparently been dropped. > Several of the fixed bugs are labelled "critical" by Mozilla, and some > are expected to allow arbitrary code execution by a remote attacker. > > > https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.2 > > Therefore, GNU Icecat 38.x can no longer be used safely, and we are in > urgent need of Icecat 45.2.
Mozilla has now released 45.3 with another batch of critical security fixes. It has now been over 8 weeks since GNU IceCat has been vulnerable to published security flaws that are believed to allow arbitrary remote code execution. Mark -- http://gnuzilla.gnu.org