bug#66418: Dead link

paculino via bug-gnuzilla via GNUzilla bug reports writes: > Hello, I was trying to locate the list of free addons/extensions to > icecat/firefox(forks), and noticed in my search that > https://www.gnu.org/savannah-checkouts/gnu/gnuzilla/ links to > https://gnuzilla.gnu.org/ as the "plugin

bug#62981: Twitter redirect

Hi Jeremie, Jeremie King writes: > Version 102.9.0esr (64-bit) > Clean install from Fedora 37 repos > > Problem: Twitter is redirecting to inappropriate websites. It looks > like maybe there was something that would redirect users to nitter > (why would that be appropriate anyway, the browser

bug#61633: [PATCH] patches: Add a patch that makes building language packs reproducible.

Hi Maxim, Maxim Cournoyer writes: > * data/patches/reproducible-langpacks.patch: New file. Applied to 'master' as commit f23f8b609ef4afcc7d8ac5fa795093f1c403f8da. Thank you! Mark

bug#61495: [PATCH v2] settings: Set intl.locale.requested to the empty string.

Hi Maxim, Maxim Cournoyer writes: > This causes IceCat to honor the locale used by the system. > > * data/settings.js: Replace the obsolete "intl.locale.matchOS" > option with "intl.locale.requested", set to the empty string. Applied to 'master' as commit

bug#58011: Jitsi, Bowser, and IceCat's user agent string

Hi Bill, bill-auger writes: > On Thu, 22 Sep 2022 20:51:38 -0400 Mark wrote: >> that my Guix-built IceCat 102 sent the following user agent string: >> >> "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" > > mark, would you try the "sign in" button on gitlab.com - you

bug#58011: Jitsi, Bowser, and IceCat's user agent string

Hi Michael, Michael McMahon writes: > I received a report that an IceCat user was not able to use Jitsi with > IceCat 102. They reported that changing the user agent string to > Firefox fixed their issue. [...] > IceCat 102's user agent string looks like this: > > Mozilla/5.0 (X11; Linux

bug#54714: Vulnerability Report [Misconfigured DMARC Record Flag]

Cyber Zeus writes: > Hi team > I hope you're having a good day, It's been a while I haven't heard from > you. I want to inquire about the bug bounty for reporting the vulnerability. > -Zeus We have already responded to your report, here: https://bugs.gnu.org/49260 Regards, Mark

bug#52475: [Question] About CSS prefers-color-scheme render in icecat

tags 52475 notabug close 52475 thanks Hi, morisum via bug-gnuzilla via GNUzilla bug reports writes: > I tried to use icecat with dark mode; however, the website page won't > automatically change to dark mode as expected. To be more specific the > "prefers-color-scheme:dark" in CSS >

bug#51302: live stream media audio bug in icecat

Earlier, I wrote: > It might help to set "privacy.resistFingerprinting" to "false" in > . I've found that some audio/video players misbehave if > it's set to "true". > > Would you like to try it and report back? Tadayoshi sent me a private reply letting me know that my suggestion solved the

bug#51302: live stream media audio bug in icecat

Tadayoshi via bug-gnuzilla via GNUzilla bug reports writes: > trying my luck here. since 3 updates i have had issues with icecat on live > stream players. > i found out when HLS is enabled for videos it starts to happen. At least on > > https://libreddit.spike.codes/ > i need it enabled for

bug#50050: Broken Link

Hi, Russell Green Osborne writes: > I was looking at compiling icecat from source and noticed that the link > to the git repository is broken (needs a trailing slash). > > Page: > > Broken Link: Thanks

bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]

Ian Kelling writes: > We have a dmarc policy. It is called "none". we are not doing anything > insecure or unusual, for example it is the same one that google uses: > > $ host -t txt _dmarc.gmail.com > _dmarc.gmail.com descriptive text "v=DMARC1; p=none; sp=quarantine; >

bug#48528: Extension firefox purevpn doesn't run on icecat

bbb ee writes: > ## Reproduce the bug > install purevpn from > https://addons.mozilla.org/en-US/firefox/addon/purevpn-for-privacy-security/ > > in the tool bar, > 1. click on the icon of purevpn > 2. click "Select Country" > It should display a list of country, but any thing is display. This

bug#47500: Hello, I would like to use the Dark Reader extension with IceCat

Hi, bill-auger writes: > given that the icecat add-ons wiki page is essentially > un-maintained, there is one very simple way to improve the > user-experience - the trisquel team maintains a catalog of > add-ons, which is the default URL for the abrowser add-ons GUI - > rather than packaging

bug#47500: Hello, I would like to use the Dark Reader extension with IceCat

Mark H Weaver writes: > I'm uneasy about the size of its package-lock.json file: > > https://github.com/darkreader/darkreader/blob/v4.9.29/package-lock.json > > It contains *1074* unique URLs to libraries at registry.npmjs.org. [...] > I'm uncomfortable with putting our

bug#47500: Hello, I would like to use the Dark Reader extension with IceCat

bill-auger writes: > so, there are four options (in order of preference): > > * convince the gnuzilla devs to package that add-on for everyone It would be a nice addition, and one that I would likely use myself, but I'm uneasy about the size of its package-lock.json file:

bug#47500: Hello, I would like to use the Dark Reader extension with IceCat

Hi, Fafa Kitten writes: > Hello, I would like to use the Dark Reader Extension with GNU IceCat, but > when I download the source code from its public project repository and > follow the "Building for use" directions in README.md, then try to install > the build artifact "build-firefox.xpi" from

bug#46152: Feature request

bill-auger writes: > export/import of bookmarks is already a standard feature, > which has existed for many years Indeed, that functionality is accessible from the "Import and Backup" menu of the bookmarks window, which you can bring up via Ctrl-Shift-O, or by selecting "Show All Bookmarks" from

bug#44203: icecat sound problem

Mark H Weaver writes: > Andrew via bug-gnuzilla via GNUzilla bug reports > writes: > >> The sound from the videos played on rokfin.com , using the icecat browser, >> is distorted. > > I don't want to try running the non-free javascript on that site myself, >

bug#44203: icecat sound problem

Andrew via bug-gnuzilla via GNUzilla bug reports writes: > The sound from the videos played on rokfin.com , using the icecat browser, is > distorted. I don't want to try running the non-free javascript on that site myself, but I vaguely recall that one of IceCat's privacy-enhancing default

bug#41848: Surfing with Tor

Earlier, I wrote: > I'm currently building a version of IceCat 68.9 with the above commit > reverted, to see if the bug also exists in version 0.1.7 of the Onion > Browser Button. The same problem happens for me with version 0.1.7 of the Onion Browser Button in the IceCat 68.9 preview. I guess

bug#41848: Surfing with Tor

Hi Antonio, > Please, can anyone else confirm this bug on IceCat? > > https://bugzilla.redhat.com/show_bug.cgi?id=1842171 Thank you for bringing this to our attention. It appears to be a bug in the "Onion Browser Button" add-on by Bentham

bug#38358: Subject prefix, true recipient...

Narcis Garcia via GNUzilla bug reports wrote: > El 25/11/19 a les 18:36, Mark H Weaver ha escrit: >> * I clicked the popup menu of headers to filter on, and down at the >> bottom of the list I see "Customize...". Choosing it summons the >> Customize He

bug#38358: Subject prefix, true recipient...

Hi Narcis, Narcis Garcia wrote: > El 24/11/19 a les 19:05, Jason Self ha escrit: >> Mailman does add the List-id header, indicating  >> >> List-id: GNUzilla bug reports >> >> Which should make it possible for your mail program to do whatever one >> wants with such messages. >> > > I've tried by

Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P

Hi Raghav, Raghav Gururajan wrote: > Would it be better to reverse the version just before 68? > > I remember you mentioned something about security fix in the 68 > release; may be for now, it would be better to use the older version > with only the security patch from v68? It's not feasible

Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P

Hi Raghav, > P.S. Mark, please don't feel pressured. I am just sumbmitting the issue > for awareness and tracking. :-) I appreciate these reports, thank you! > I was using 'HTTPS Everywhere' add-on, with enabled https-only rule. > > After v68 upgrade, the icon disappears from the tool bar and

Re: sumofus.org extension broken / replacement extension

Hi Johannes, Johannes Marbach writes: > Hello GNUzillians, > > The "LibreJS compatible SumOfUs.org" extension that ships with IceCat > appears to be broken. It renders a list of petitions but the petition > details page shows up with broken layout and the signing form hidden. I > wanted to

Re: Video Rendering Issues on IceCat

Earlier, I wrote: > I have a hypothesis of what might have happened here. > > Since the upgrade to version 68, the IceCat package in GNU Guix is no > longer using our system ffmpeg. Sorry, I forgot to mention why I think this might be relevant. The reason is because upstream Firefox adopts the

Re: Video Rendering Issues on IceCat

Hi, Raghav Gururajan wrote: > It was just weird that this is issue started after the upgrade. > Before that, all was fine. I have a hypothesis of what might have happened here. Since the upgrade to version 68, the IceCat package in GNU Guix is no longer using our system ffmpeg. Although

Re: Icecat on PureOS has crazy icons

Hi Wayne, Thanks very much for this report. > installed via guix on pureos > > looks fine on my laptop I'm glad to hear it! > looks like attached on my desktop This is a known Guix-specific issue, where some Guix-installed programs are unable to load fonts from the foreign distro they are

Re: Missing Tor Button

Mark H Weaver writes: > One possible solution would be to enable DNS-over-HTTPS, which I believe > is supported by IceCat-68 although it's disabled by default. See: > > https://support.mozilla.org/en-US/kb/firefox-dns-over-https > > Incidentally, I think that a case can be

Re: IceCat-68.2.0-guix0-preview2 now available via GNU Guix

Hi Johannes, Johannes Marbach writes: > I have successfully built the source tarball with guix on OpenSuse and > then after installing all needed dependencies managed to compile it > following the steps in the README. Nothing stuck out during compilation > and IceCat seems to run fine from what

Re: "Firefox" next to logo in private window.

Hi Diego, Diego Nicola Barbato writes: > I have installed IceCat version 68.2.0-guix0-preview3 (corresponds to > commit 930298e1efff3e40721659d8fd7118cdd2477bd4 on the '68' branch) > whith GNU Guix. > > When I open a private window it says Firefox instead of IceCat next to > the IceCat logo.

Re: IceCat-68.2.0-guix0-preview2 now available via GNU Guix

Hi Gary, I took the liberty of rearranging your reply to bottom-posting style and making the quoting more clear, to make it easier for others to follow the natural order of our conversation. Gary Driggs writes: > On Oct 31, 2019, at 12:41 PM, Mark H Weaver wrote: > >> Gary Dr

Re: IceCat-68.2.0-guix0-preview2 now available via GNU Guix

Hi Gary, Gary Driggs writes: > Kudos for your work on this, Mark. Is there any chance that this is > also available on a source code repository? I can understand the desire for this, but I personally do not have the server resources required to host a 388 megabyte source tarball for public

Re: Missing Tor Button

Mark H Weaver writes: > One possible solution would be to enable DNS-over-HTTPS, which I believe > is supported by IceCat-68 although it's disabled by default. See: > > https://support.mozilla.org/en-US/kb/firefox-dns-over-https Also see: https://blog.mozilla.org/futurerelease

Re: Missing Tor Button

Hi Mike, Mike Gerwitz writes: > On Tue, Oct 29, 2019 at 16:12:50 -0400, Mark H Weaver wrote: >> It was not intentional. I cannot speak for the IceCat project, but I >> think it's safe to say that they intend to continue including the Tor >> button in IceCat. > > I

IceCat-68.2.0-guix0-preview2 now available via GNU Guix

Hello all, Although the IceCat project has not yet released IceCat-68, for the benefit of those who are impatient to update their IceCat (e.g. due to security flaws recently publicized by Mozilla which affect IceCat-60), I wanted to let you all know that the GNU Guix project now provides a

Re: Missing Tor Button

Hi Raghav, Raghav Gururajan writes: > I use Guix System (guix.gnu.org) as GNU+Linux OS Distribution. > After recent update on Icecat, the Tor button (add-on) disappeared from > Icecat. > What was the reason? It was not intentional. I cannot speak for the IceCat project, but I think it's safe

Re: webauthn support?

Hi Jack, Jack Hill writes: > What's the status of webauthn support? When using firefox esr 68 on > Debian or ungoogled-chromium on GNU Guix, sites that use webauthn seem > to work: the led color changes on my usb token, I press the button, > and the webauthn exchange happens. However using

Re: Icecat versioning

Mark H Weaver writes: > FYI, in order to address the recently announced security flaws which > affect IceCat 60, I recently pushed an IceCat update to GNU Guix, to > which I assigned the version "68.2.0-guix0-preview1" to reflect that > this is only a preview, and not an o

Re: Icecat versioning

Hi Andrew, Andrew Kaminski writes: > Hello, the page at https://www.gnu.org/software/gnuzilla/ indicates > that "IceCat is generated from Firefox with the scripts available at > http://git.savannah.gnu.org/cgit/gnuzilla.git.; Does this mean that > Icecat can be built against Firefox 68+? No,

Re: [Bug-gnuzilla] Audio/Video calls do not work (WebRTC issue?)

Hi, Tirifto writes: >> Odds are the binary is explicitly build without webrtc. The GNU/Linux >> mozconfig file in the icecat repos indeed has the --disable-webrtc >> compilation flag in there. You can check about:buildconfig to see if >> the flag is present. > > It is indeed! I suppose that

Re: [Bug-gnuzilla] Up-to-date IceCat source tarballs now available via GNU Guix

Hi, bill-auger writes: > that specific concern is only one symptom of the current > situation - at the root of it, is the fact that there is often a > significant amount of work involved to prepare each new release > of these browsers; Significant work is needed only when updating to a new

Re: [Bug-gnuzilla] Up-to-date IceCat source tarballs now available via GNU Guix

Antonio Trande writes: > Where the source is hosted? I'm not able to make it available for direct download at this time. For now, all I can offer is the ability to build it using Guix. Mark > On 24/06/19 18:34, Mark H Weaver wrote: >> GNU Guix is now capable of producin

[Bug-gnuzilla] Up-to-date IceCat source tarballs now available via GNU Guix

GNU Guix is now capable of producing up-to-date source tarballs for IceCat that should hopefully build on any system that IceCat supports. For example, GNU Guix has icecat-60.7.2-guix1, which includes fixes for CVE-2019-11707 and CVE-2019-11708, which are apparently quite serious flaws that are

Re: [Bug-gnuzilla] JavaScript bug in Date class, incorrect date/time returned

Hi Jelle, Jelle Geerts writes: > var s1 = new Date().toString(); > var s2 = new Date().toLocaleString(); > var s3 = new Date().toLocaleString('nl', {'timeZone': 'Europe/Amsterdam'}); > > The resulting strings were: > s1 === 'Fri Jun 07 2019 13:58:32 GMT+ (UTC)' > s2 === '6/7/2019,

Re: [Bug-gnuzilla] GNU Icecat - default DNS provider

Hi Robin, writes: > I heard that Mozilla firefox uses Cloudflare DNS by default. I believe that's incorrect. It's true that Mozilla is considering making future versions of Firefox use Cloudflare DNS by default, and that they've conducted a shield study to collect performance data on

Re: [Bug-gnuzilla] Installer doesn't recognize new manifest files

Hi Rubén, Ruben Rodriguez writes: > That was corrected in commit > http://git.savannah.gnu.org/cgit/gnuzilla.git/commit/?id=7859a9131fcda359265dc16ef55933e5ed218119 While looking at the recent batch of commits, I was glad to see that you removed the debian-specific code from makeicecat. Thank

Re: [Bug-gnuzilla] IceCat and security updates

Mart Rootamm writes: > As and when Mozilla releases 60.6.2 or 60.7.0, there quickly needs to > be a new build because of an upstream brouhaha involving the expiry of > an intermediate signing certificate that disabled all extensions. > > To mitigate the issue, existing users can set > >

Re: [Bug-gnuzilla] IceCat and security updates

writes: > Currently, the last version of IceCat is 60.3.0 while the last version > of Firefox ESR is 60.6.1. Doesn't that make IceCat exposed to security > vulnerabilities > (https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/) > already fixed on Firefox? You're right, and

Re: [Bug-gnuzilla] autoconf 2.13 not 2.69

carl hansen writes: > On Fri, Sep 14, 2018 at 4:22 PM bill-auger wrote: >> >> On Fri, 14 Sep 2018 11:38:03 -0700 carl wrote: >> > What's the deal? autoconf up to date is 2.69, why should I have to >> > reinstall old versions? >> >> one good reason would be because that is the version that will

Re: [Bug-gnuzilla] GNU/Icecat update (Corrected)

Hi Alexander, Alexander writes: > Firefox ESR updated on the 16th of March, 2018 to version 52.7.2 from > 52.6.2 and we need to update Icecat to reflect those changes. Indeed. Unfortunately, GNU IceCat often lags behind Firefox ESR. I agree that it is a serious

Re: [Bug-gnuzilla] Icecat

Hi, Stephan Mark writes: > Hi. Would love to use icecat, but still some important addons are > broken, like noscript I've been using IceCat with NoScript as my primary browser for years. What problem did you have with NoScript? Mark -- http://gnuzilla.gnu.org

[Bug-gnuzilla] Spectre mitigation for IceCat

FYI, Mozilla has included two mitigations for Spectre in Firefox 57.0.4. They are described here: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ The blog post notes that one of the

Re: [Bug-gnuzilla] icecat maintenance

Antonio Trande <anto.tra...@gmail.com> writes: > Hi Mark. > > On 26/12/2017 03:15, Mark H Weaver wrote: >> Gammel Holte <gammel.ho...@gmail.com> writes: >> >>> On Thu, Dec 21, 2017 at 5:33 PM, Antonio Trande <anto.tra...@gmail.com> >>

Re: [Bug-gnuzilla] icecat maintenance

Gammel Holte writes: > On Thu, Dec 21, 2017 at 5:33 PM, Antonio Trande wrote: > Will Icecat be upgraded still? > > I was wondering the same thing. As much as I dislike the latest moves > by Mozilla [1] and as much as I like GNU and IceCat, I'm a

Re: [Bug-gnuzilla] Concerning your browser

Hi, Lalin Paranawithana writes: > I read somewhere that you successfully completed G SoC stipend. The > changes included changes in your privacy settings. May I know what > they were with full details? As far as I know, the IceCat project has applied for a GSoC slot

Re: [Bug-gnuzilla] clarify if icecatmobile is associated with gnu icecat

Ian Kelling writes: > https://f-droid.org/packages/org.gnu.icecat/ On that page, it's using > the icecat logo, it links to the gnu icecat page as it's homepage, but > it says bug tracking is at mozilla's page, and source code is at > mozilla's page, which is clearly wrong,

Re: [Bug-gnuzilla] Icecat question

Hi, "Robert S." writes: > Is all the Mozilla telemetry removed from the Icecat browser? I can tell you that among the changes made by IceCat to upstream Firefox ESR 52 is to change the default setting for "toolkit.telemetry.enabled" in about:config to "false".

Re: [Bug-gnuzilla] I need Riot/WebRTC!

Narcis Garcia <informat...@actiu.net> writes: > El 24/08/17 a les 11:08, Mark H Weaver ha escrit: >> We generally stick as close to upstream as we can, although in the case >> of IceCat we promptly cherry-pick fixes from upstream Firefox ESR since >> most of those f

Re: [Bug-gnuzilla] I need Riot/WebRTC!

"csh" <c...@bluehome.net> writes: > Mark H Weaver <m...@netris.org> wrote .. >> If that isn't sufficient to get WebRTC >> working, then you probably need to address (2), which you could do by >> either compiling IceCat from source code, or installi

Re: [Bug-gnuzilla] request - remove dbus dependency

writes: > Icecat didn't start without it. It works in devuans weasel so why not > in icecat too? I assume that the difference has to do with the compile-time flags passed to ./configure when these two browsers were built. I started to investigate this, and found that

Re: [Bug-gnuzilla] I need Riot/WebRTC!

"csh" writes: > Please show me how to re-enable WebRTC in IceCat. I see two places in the IceCat build scripts related to disabling WebRTC: (1) In about:config, IceCat has the following default settings, which are the opposite of how they are set in upstream Firefox:

[Bug-gnuzilla] IceCat signed source tarball should accompany Trisquel version

Rubén, It seems quite common lately for the version of IceCat in Trisquel to be newer than the source tarball on ftp.gnu.org. As I write this, Trisquel apparently has IceCat 52.1.2-gnu1, but the newest version on ftp.gnu.org is 52.1.0-gnu1. This is problematic, because it puts all other free

Re: [Bug-gnuzilla] I am really getting sick of this. Goodbye

Jens Lody writes: > As long as others answer to your mails (as I do at the moment), it's > not possible to "mark you as spam". To much broken threads would be the > result. > > You behave like a classical agent provocateur and if I would follow you > own arguments, I could

Re: [Bug-gnuzilla] I am really getting sick of this. Goodbye

Go away troll, or else I'll take steps to ban you from this list. This is your final warning. Mark writes: > I see what you're doing here, you're playing game of questions with me > and being very evasive while pretending to have no idea what I am > talking about,

Re: [Bug-gnuzilla] IceCat distribution delay and the NSA

David Hedlund writes: > I got icecat-45.7.0 too in Trisquel 7. > > But it doesn't really matter because the latest Firefox ESR is 52.0. IceCat 45.8.0 would also be fine for now, if it existed. Firefox ESR 45.8.0 was released at about the same time as 52.0, and includes

Re: [Bug-gnuzilla] IceCat 45.5.1 release

Thanks very much for this, Rubén. Mark -- http://gnuzilla.gnu.org

Re: [Bug-gnuzilla] IceCat 45 IMPORTANT consideration: Keep cookie prompt "ask me every time"

"Daniel Quintiliani" writes: > Why is everyone so opposed to an addon for something that nobody uses? > I can't imagine anyone clicking 20 dialog boxes per each loaded banner > ad. So opposed to using an addon that they are unwilling to update > serious security problems in

[Bug-gnuzilla] Firefox ESR 45.4 released with more security fixes

FYI, Firefox ESR 45.4 has been released, with more security fixes labelled "critical" by Mozilla, which means the "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."

Re: [Bug-gnuzilla] IceCat v45 beta

Rubén Rodríguez writes: > after some radio silence that I apologize for, I recently took some > vacation that I used to put time into free software projects. Combined > with some more hours this weekend the output is a beta release of v45 > that is available here:

Re: [Bug-gnuzilla] Icecat 45.3 urgently needed

Mark H Weaver <m...@netris.org> writes: > On June 7, Mozilla released a batch of security updates on their ESR 45 > branch. Upstream support for the ESR 38 has apparently been dropped. > Several of the fixed bugs are labelled "critical" by Mozilla, and some > are expe

[Bug-gnuzilla] Icecat 45.2 urgently needed

On June 7, Mozilla released a batch of security updates on their ESR 45 branch. Upstream support for the ESR 38 has apparently been dropped. Several of the fixed bugs are labelled "critical" by Mozilla, and some are expected to allow arbitrary code execution by a remote attacker.

Re: [Bug-gnuzilla] Unable to browse https://gnupg.org/ with IceCat

Mark H Weaver <m...@netris.org> writes: > When I try to connect to https://gnupg.org/ with IceCat 38.6.0, I get > the following error: > > Secure Connection Failed > > An error occurred during a connection to gnupg.org. Cannot communicate > securely with peer: no

[Bug-gnuzilla] Unable to browse https://gnupg.org/ with IceCat

When I try to connect to https://gnupg.org/ with IceCat 38.6.0, I get the following error: Secure Connection Failed An error occurred during a connection to gnupg.org. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Re: [Bug-gnuzilla] IceCat 38.4.0 release

Dimitris Arvanitis writes: > Thank you. Unfortunately I am not able to compile it. It stops after > some minutes, these are the last lines of output: > > make[6]: Leaving directory > '/tmp/compile/icecat-38.4.0/src/obj-x86_64-linux-gnu/dom/bindings' > make[5]: Leaving

Re: [Bug-gnuzilla] Unpatched security flaws in IceCat

David Hedlund <pub...@beloved.name> writes: > Have this been fixed in IceCat 38.3.0? > > Forwarded Message > > From: Mark H Weaver <m...@netris.org> > To: bug-gnuzilla <

Re: [Bug-gnuzilla] Unpatched security flaws in IceCat

FYI, it has now been over six weeks since I posted the message below. For over six weeks, anyone running GNU IceCat has been vulnerable to widely known security flaws that are believed to allow remote code execution. Mark Mark H Weaver <m...@netris.org> writes: > Since the last G

Re: [Bug-gnuzilla] IceCat 31.8.0-gnu2 release

Rubén Rodríguez ru...@gnu.org writes: == Changes since v31.8.0 == * Applied patch for CVE-2015-4473 CVE-2015-4482 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 from Guix As the author of the backported patches from GNU Guix included in this release, I feel compelled

[Bug-gnuzilla] Unpatched security flaws in IceCat

Since the last GNU IceCat release, there have been 12 security advisories from Mozilla addressing 18 CVEs and associated releases of Firefox ESR 38.1.1 (on August 6) and ESR 38.2 (yesterday). https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ CVE-2015-4473,

Re: [Bug-gnuzilla] IceCat 31.8.0 release

a patch to GNU Guix that reverses this change in our IceCat package. We have users who care about these features. Mark On Mon, 2015-07-20 at 13:57 -0400, Mark H Weaver wrote: Rubén Rodríguez ru...@gnu.org writes: Why did you disable hardware acceleration and WebGL? Hardware

Re: [Bug-gnuzilla] IceCat 31.8.0 release

Rubén Rodríguez ru...@gnu.org writes: == Changes since v31.7.0 == * Applied fix for LogJam attack [https://weakdh.org/] * HTML5 Video Everywhere updated to 0.2.38.1 * LibreJS updated to 6.0.9 * HTTPS-Everywhere updated to 5.0.5 * Spyblock updated to 2.6.9.0 from upstream changes *

Re: [Bug-gnuzilla] IceCat ARM binaries for GNU/Linux

Laine Gholson laine.ghol...@gmail.com writes: I would like to have a copy of the GNU IceCat browser for ARM (hard float) GNU/Linux, but I cannot build it from source, because I have a 32-bit ARM device (As of early 2015 it is no longer possible to build Firefox on most 32-bit machines.) or

Re: [Bug-gnuzilla] IceCat 31.1.1 pre-release announcement

Rubén Rodríguez ru...@gnu.org writes: After many small changes and improvements I managed to produce a new release for IceCat, available (by now) here: http://gnuzilla.gnu.org/releases/31.1.1/ Thank you, Rubén! I've added it to GNU Guix, and it works very well. I'd like to get some testing