Re: Security Vulnerability

The Fx version is in: mozilla\browser\config\version.txt Be aware that SeaMonkey is build from the THUNDERBIRD_52_VERBRANCH which is not bleeding edge but contains OSX and some other mailnews fixes. If you want bleeding edge you need to merge default to it. FRG Richmond wrote:

Re: Security Vulnerability

Frank-Rainer Grahl writes: > 2.49.1 is based on the latest 52.4 so the CVE is in it. > OK thanks but how can I tell that is the case without asking here? Or to put it another way, how do I know when to recompile and what version of firefox ESR the code I check out will be based

Re: Security Vulnerability

2.49.1 is based on the latest 52.4 so the CVE is in it. Richmond wrote: How do I tell if, for example, CVE-2017-7810 has been addressed in Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will it be in Seamonkey comm-esr52? I have been looking here:

Re: Security Vulnerability

On 03/11/2017 16:26, Richmond wrote: > How do I tell if, for example, CVE-2017-7810 has been addressed in > Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will > it be in Seamonkey comm-esr52? https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810

Security Vulnerability

How do I tell if, for example, CVE-2017-7810 has been addressed in Seamonkey? I see it is fixed in Firefox ESR 52.4. So if I recompile will it be in Seamonkey comm-esr52? I have been looking here: https://hg.mozilla.org/releases/comm-esr52/log But cannot see anything corresponding to CVE

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

seemonkey wrote: But it would close the vulnerability in nss. If one would release a seamonkey let's say 2.40.1 only with the change of nss 3.21.1 the result would be the same as i described. I didn't mention any bug in the base product. The whole topic was started with nss and not bugs/sec

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

will be 2.46 if the l10n build > bug > can be fixed in time. > > FRG > > On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote: > > >>Lee wrote on 16/10/2016 17:45: > >>> On 10/16/16, Ray_Net wrote: > >>>> seemonkey wrote on 13/10/2016 08

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

Frank-Rainer Grahl wrote on 18/10/2016 22:03: I wouldn't start hacking together a version with different binaries. Might work might not. And this won't close any bugs in the base product which could be exploited if you are so concerned about security. Ok, I will stay with my official SM 2.40

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

gt; On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >>>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06: >>>>> There's at least one security vulnerability that is missing from this NSS >>>>> version: http://www.cve.mitre.org/cgi-bi

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On Sunday, October 16, 2016 at 9:59:26 PM UTC+2, Ray_Net wrote: > Lee wrote on 16/10/2016 17:45: > > On 10/16/16, Ray_Net wrote: > >> seemonkey wrote on 13/10/2016 08:06: > >>> There's at least one security vulnerability that is missing from this NSS > >>>

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >Lee wrote on 16/10/2016 17:45: >> On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06: >>>> T

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

Lee wrote on 16/10/2016 17:45: On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: seemonkey12...@gmail.com wrote on 13/10/2016 08:06: There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: > seemonkey12...@gmail.com wrote on 13/10/2016 08:06: >> There's at least one security vulnerability that is missing from this NSS >> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 >

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

seemonkey12...@gmail.com wrote on 13/10/2016 08:06: There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

WaltS48 wrote: On 10/14/2016 08:49 PM, Edward wrote: TCW wrote: On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com wrote: There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On 10/14/2016 08:49 PM, Edward wrote: TCW wrote: On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com wrote: There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 There was a bugfix

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On Saturday, October 15, 2016 at 2:49:48 AM UTC+2, Edward wrote: > TCW wrote: > > On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey > > wrote: > > > >> There's at least one security vulnerability that is missing from this NSS > >> version: http://www.cve

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On Thursday, October 13, 2016 at 3:10:42 PM UTC+2, TCW wrote: > On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey > > >There's at least one security vulnerability that is missing from this NSS > >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 > &g

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

TCW wrote: On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com wrote: There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 There was a bugfix in NSS https://bugzilla.mozilla.org

Re: Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com wrote: >There's at least one security vulnerability that is missing from this NSS >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 > >There was a bugfix in NSS https://bugzilla.mozilla.org/sho

Seamonkey 2.40 (latest stable) uses NSS 3.20.1 - possible security vulnerability

There's at least one security vulnerability that is missing from this NSS version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue but unfortunately it seems that this bugfix

Re: Security Vulnerability

This sounds more like a SeaMonkey support issue than a general security issue. Adding support-seamonkey@lists.mozilla.org mailto:support-seamonkey@lists.mozilla.org. to addresss this issue. -- Curtis Koenig Mozilla Corp. Security Program Manager On 2012-02-16 14:23 PM, L Davis wrote: Hi, Even

Re: Security vulnerability in FF3.*

Stéphane Grégoire wrote: Hi, Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug : http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ I don't know for sure, but this may give some calm to SM users, at least those on newer Windows

Security vulnerability in FF3.*

Hi, Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug : http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ -- Stéphane http://pasdenom.info ___ support-seamonkey mailing list

Re: Security vulnerability in FF3.*

Stéphane Grégoire wrote: Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug : http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ The 2.0 branch is affected for sure; it uses the same back-end as Firefox 3.5. SeaMonkey 2.0.10 will be

Re: Security vulnerability in FF3.*

Stéphane Grégoire schrieb: Is Seamonkey 2.0.9 or Seamonkey 2.1b1 affected by this bug : http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ SeaMonkey 2.0.9 is affected and we are working on 2.0.10 right now to fix it. SeaMonkey 2.1 Beta 1 is at

Re: Firefox 3.6 security vulnerability -- shared by SM?

Paul B. Gallagher wrote: http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug Any experts care to comment? This problem only exists in Gecko 1.9.2 and higher, but SeaMonkey 2.0.x uses 1.9.1.x, so our security update for a few other things stays targeted for

Re: Firefox 3.6 security vulnerability -- shared by SM?

Sun, 21 Mar 2010 17:33:35 -0700, /NoOp/: On 03/21/2010 03:03 PM, Paul B. Gallagher wrote: http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug Any experts care to comment? Not an expert... but I suspect that the 2.0.4 testing request from kairo: quote If no

Re: Firefox 3.6 security vulnerability -- shared by SM?

Stanimir Stamenkov wrote: http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ linked from the given Computerworld article: *Update:* To clarify, as originally claimed this issue affects Firefox 3.6 only and not any earlier versions. Thunderbird and SeaMonkey are

Re: Firefox 3.6 security vulnerability -- shared by SM?

On 3/22/2010 6:57 AM PT, Paul B. Gallagher typed: http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ linked from the given Computerworld article: *Update:* To clarify, as originally claimed this issue affects Firefox 3.6 only and not any earlier versions.

Firefox 3.6 security vulnerability -- shared by SM?

http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug Any experts care to comment? -- War doesn't determine who's right, just who's left. -- Paul B. Gallagher ___ support-seamonkey mailing list

Re: Firefox 3.6 security vulnerability -- shared by SM?

On 03/21/2010 03:03 PM, Paul B. Gallagher wrote: http://www.computerworld.com/s/article/9173698/Mozilla_confirms_critical_Firefox_bug Any experts care to comment? Not an expert... but I suspect that the 2.0.4 testing request from kairo: quote If no problems come up in testing those builds,