Re: Seamonkey 2.40 and SVG exploit

On 12/6/2016 7:50 AM, NFN Smith wrote: > NoOp wrote: > >>> >> >> My SeaMonkey profile is a little over 10GB with some files going back >> over 15 years. I have many POP3 and IMAP email addresses - several >> having both POP3 and IMAP - many RSS feeds, and a huge nntp >> collection/subscription

Re: Seamonkey 2.40 and SVG exploit

Gérard wrote on 12/06/2016 04:59 PM: NFN Smith wrote on 12/06/2016 04:50 PM: NoOp wrote: My SeaMonkey profile is a little over 10GB with some files going back over 15 years. I have many POP3 and IMAP email addresses - several having both POP3 and IMAP - many RSS feeds, and a huge nntp

Re: Seamonkey 2.40 and SVG exploit

NFN Smith wrote on 12/06/2016 04:50 PM: NoOp wrote: My SeaMonkey profile is a little over 10GB with some files going back over 15 years. I have many POP3 and IMAP email addresses - several having both POP3 and IMAP - many RSS feeds, and a huge nntp collection/subscription from

Re: Seamonkey 2.40 and SVG exploit

NoOp wrote: My SeaMonkey profile is a little over 10GB with some files going back over 15 years. I have many POP3 and IMAP email addresses - several having both POP3 and IMAP - many RSS feeds, and a huge nntp collection/subscription from news.mozilla.support, news.gmain.org,

Re: Seamonkey 2.40 and SVG exploit

On 6/12/2016 5:50 PM, NoOp wrote: On 12/5/2016 10:40 PM, Daniel wrote: On 6/12/2016 3:22 PM, NoOp wrote: Gary (as a PS: I do basically the same on linux to set up TB there as well - only I usually grsync the SeaMonkey profile from Windows to linux first) Why bother?? I have SM installed on

Re: Seamonkey 2.40 and SVG exploit

On 12/5/2016 10:40 PM, Daniel wrote: > On 6/12/2016 3:22 PM, NoOp wrote: > > >> Gary >> (as a PS: I do basically the same on linux to set up TB there as well - >> only I usually grsync the SeaMonkey profile from Windows to linux first) >> > Why bother?? I have SM installed on both my Win7 and my

Re: Seamonkey 2.40 and SVG exploit

On 6/12/2016 3:22 PM, NoOp wrote: Gary (as a PS: I do basically the same on linux to set up TB there as well - only I usually grsync the SeaMonkey profile from Windows to linux first) Why bother?? I have SM installed on both my Win7 and my Mageia Linux systems and have my SM profile on one

Re: Seamonkey 2.40 and SVG exploit

On 12/5/2016 9:18 AM, NFN Smith wrote: > NoOp wrote: >> On 12/2/2016 2:30 PM, NFN Smith wrote: ... >>> me, a temporary move from Seamonkey to Firefox isn't a huge thing, >>> but having to relocate my mail to Thunderbird is more painful, as I >>> still do nearly everything through POP. >> >>

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 6:48 AM, TCW wrote: On Sun, 04 Dec 2016 03:29:14 -1000, Desiree wrote: On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little

Re: Seamonkey 2.40 and SVG exploit

NoOp wrote: On 12/2/2016 2:30 PM, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. - Use one of Adrian Kalla's unofficial builds? If so, which build, and what potential problems are there? Yes, 2.47

Re: Seamonkey 2.40 and SVG exploit

On 12/5/2016 9:58 AM, Ray_Net wrote: TCW wrote on 04-12-16 23:19: On Sun, 4 Dec 2016 23:05:25 +0100, Ray_Net wrote: Lee wrote on 04-12-16 19:16: On 12/4/16, Ray_Net wrote: Lee wrote on 04-12-16 17:18: On 12/4/16,

Re: Seamonkey 2.40 and SVG exploit

TCW wrote on 04-12-16 23:19: On Sun, 4 Dec 2016 23:05:25 +0100, Ray_Net wrote: Lee wrote on 04-12-16 19:16: On 12/4/16, Ray_Net wrote: Lee wrote on 04-12-16 17:18: On 12/4/16, Desiree wrote:

Re: Seamonkey 2.40 and SVG exploit

> So given the results ... it appears to me that Adrian has > indeed patched those builds agains the exploit. Thanks! Lee On 12/4/16, NoOp wrote: > On 12/4/2016 10:16 AM, Lee wrote: > >> >> nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey >>

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 2:49 PM, Richmond wrote: > Richmond writes: > >> In this thread there are some test cases: >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 >> > > I cannot get Aurora to crash today. I am not sure why. But some of the > tests show that the address

Re: Seamonkey 2.40 and SVG exploit

Richmond writes: > In this thread there are some test cases: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 > I cannot get Aurora to crash today. I am not sure why. But some of the tests show that the address sanitizer has trapped something. So maybe having a build

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 2:25 PM, Richmond wrote: > NoOp writes: > >> On 12/4/2016 11:50 AM, Richmond wrote: >>> NoOp writes: >>> >>> (See comments: 84, 85, and 86 - which for some reason have been marked as 'offtopic' by ryanvm) >>>

Re: Seamonkey 2.40 and SVG exploit

NoOp writes: > On 12/4/2016 11:50 AM, Richmond wrote: >> NoOp writes: >> >> >>> (See comments: 84, 85, and 86 - which for some reason have been marked >>> as 'offtopic' by ryanvm) >> >> Because the bug report is for firefox, not

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 11:33 AM, NoOp wrote: > On 12/4/2016 10:16 AM, Lee wrote: > >> >> nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey >> 2.47 has the patch for that exploit? > > I tested Adrian's 2.47's per bug report: > https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 > (See

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 11:50 AM, Richmond wrote: > NoOp writes: > > >> (See comments: 84, 85, and 86 - which for some reason have been marked >> as 'offtopic' by ryanvm) > > Because the bug report is for firefox, not seamonkey. > Sorry, but I disagree: Product:

Re: Seamonkey 2.40 and SVG exploit

Lee wrote on 04-12-16 19:16: On 12/4/16, Ray_Net wrote: Lee wrote on 04-12-16 17:18: On 12/4/16, Desiree wrote: On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: I'm

Re: Seamonkey 2.40 and SVG exploit

On 12/02/2016 03:30 PM, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. I'm one of the users that has stayed with 2.40, and for the most part, I'm content to wait until a new release comes through the normal

Re: Seamonkey 2.40 and SVG exploit

On 12/04/2016 11:48 AM, TCW wrote: On Sun, 04 Dec 2016 03:29:14 -1000, Desiree wrote: On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little

Re: Seamonkey 2.40 and SVG exploit

NoOp writes: > (See comments: 84, 85, and 86 - which for some reason have been marked > as 'offtopic' by ryanvm) Because the bug report is for firefox, not seamonkey. ___ support-seamonkey mailing list

Re: Seamonkey 2.40 and SVG exploit

On 12/4/2016 10:16 AM, Lee wrote: > > nit: has anyone that _knows_ said that the Dec 1 version of SeaMonkey > 2.47 has the patch for that exploit? I tested Adrian's 2.47's per bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 (See comments: 84, 85, and 86 - which for some reason

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Richmond wrote: > Lee writes: > > >> Can Firefox or SeaMonkey automatically update on your machine? If yes >> you're running with admin privs and are _not_ practicing safe >> anything. >> > > That isn't quite true. If you are running firefox on

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Ray_Net wrote: > Lee wrote on 04-12-16 17:18: >> On 12/4/16, Desiree wrote: >>> On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: > I'm watching

Re: Seamonkey 2.40 and SVG exploit

Lee writes: > Can Firefox or SeaMonkey automatically update on your machine? If yes > you're running with admin privs and are _not_ practicing safe > anything. > That isn't quite true. If you are running firefox on windows you can install the mozilla update service and it

Re: Seamonkey 2.40 and SVG exploit

Lee wrote on 04-12-16 17:18: On 12/4/16, Desiree wrote: On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I

Re: Seamonkey 2.40 and SVG exploit

On 12/4/16, Desiree wrote: > On 12/3/2016 3:30 AM, TCW wrote: >> On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith >> wrote: >> >>>I'm watching discussions relating to the SVG exploit, and am a little >>>confused about what steps I should take. >>> <..

Re: Seamonkey 2.40 and SVG exploit

On 12/3/2016 3:30 AM, TCW wrote: On Fri, 2 Dec 2016 15:30:53 -0700, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. I'm one of the users that has stayed with 2.40, and for the most part,

Re: Seamonkey 2.40 and SVG exploit

On 12/3/16, Pat Connors wrote: > I am so confused! > > I get it that 2.40 SeaMonkey has some problems, not sure what they are > other than vulnerabilities. I'd say that's plenty enough of a problem. The latest 0day has example code posted, so the script kiddies have it --

Re: Seamonkey 2.40 and SVG exploit

On 03/12/2016 20:47, Pat Connors wrote: > I am so confused! > > I get it that 2.40 SeaMonkey has some problems, not sure what they are > other than vulnerabilities. Someone said to 'Turn off javascript' but > do not know how to do so. > > Others are saying to use a later release not yet on

Re: Seamonkey 2.40 and SVG exploit

I am so confused! I get it that 2.40 SeaMonkey has some problems, not sure what they are other than vulnerabilities. Someone said to 'Turn off javascript' but do not know how to do so. Others are saying to use a later release not yet on SeaMonkey site and not use 2.40 at all. Okay, I

Re: Seamonkey 2.40 and SVG exploit

EE writes: > I am using a Tinderbox build of SM 2.47 quite happily. It works for > me pretty well. It is also dated Dec 2, so hopefully has a patched > Firefox core in it. Also, some of the bugs that were present in 2.40 > are gone. In this thread there are some test cases:

Re: Seamonkey 2.40 and SVG exploit

NoOp wrote: On 12/2/2016 2:30 PM, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. I'm one of the users that has stayed with 2.40, and for the most part, I'm content to wait until a new release comes through the

Re: Seamonkey 2.40 and SVG exploit

Maybe it would help to set image.animation_mode = none ? I can't find anything which says one way or another. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey

Re: Seamonkey 2.40 and SVG exploit

On 03/12/2016 10:10, Ant wrote: > Is it confirmed that v2.40 will get a patch? Also, I suppose even SM 2.47 is vulnerable? Or was that the reason for the Dec 1 update, Adrian? Regards. ___ support-seamonkey mailing list

Re: Seamonkey 2.40 and SVG exploit

On 12/2/2016 6:15 PM, NoOp wrote: On 12/2/2016 2:30 PM, NFN Smith wrote: I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. I'm one of the users that has stayed with 2.40, and for the most part, I'm content to wait until a new

Re: Seamonkey 2.40 and SVG exploit

On 12/2/2016 2:30 PM, NFN Smith wrote: > I'm watching discussions relating to the SVG exploit, and am a little > confused about what steps I should take. > > I'm one of the users that has stayed with 2.40, and for the most > part, I'm content to wait until a new release comes through the >

Seamonkey 2.40 and SVG exploit

I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. I'm one of the users that has stayed with 2.40, and for the most part, I'm content to wait until a new release comes through the normal update channel, although I am concerned about