Re: [Ping Adrian - 2.47 Windows Builds] Re: 0day exploit - Security update for SeaMonkey needed?

[NoOp]

On 12/1/2016 10:46 AM, TCW wrote:
> On 12/1/2016 12:29 PM, NoOp wrote:
>> On 12/1/2016 10:23 AM, TCW wrote:
>>> On 12/1/2016 12:12 PM, NoOp wrote:
 On 12/01/2016 08:40 AM, Lee wrote:
> On 12/1/16, TCW <"."> wrote:
>> On 11/30/2016 8:06 AM, WaltS48 wrote:
 There's a zero-day exploit in the wild that's being used to execute
 malicious code on the computers of people using Tor and possibly other
 users of the Firefox browser, officials of the anonymity service
 confirmed Tuesday.

>>>
 The versions span from 41 to 50, with version 45 ESR being the version
 used by the latest version of the Tor browser.
>>>
>>> 
>>>
>>>
>>> Is a fix for SeaMonkey needed?
>>
>> Looks like Adrian has applied it to his 2.47 build @
>> http://tinyurl.com/j2ju4s7.
>
> Would you please not post obfuscated URLs?  Especially now, in a
> thread about a 0day & probably most everybody reading the thread
> running exploitable software, enticing people to click on random links
> is a really bad idea.
>
> $ curl -s --head  http://tinyurl.com/j2ju4s7 | grep Location
> Location: 
> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
>
> Thanks,
> Lee
>

 Mine updated from 2.46 to2.46 - however on the Windows 10 systems I'm
 getting crashes from these builds:

 User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
 SeaMonkey/2.47
 Build identifier: 20161201093907
 https://crash-stats.mozilla.com/report/index/033876b9-52eb-4a25-99aa-6c0b22161201

 and

 User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
 Gecko/20100101 Firefox/50.0 SeaMonkey/2.47
 Build identifier: 20161201025712
 https://crash-stats.mozilla.com/report/index/adc9e74f-2090-4b7f-b849-eb0082161201

 I can repeat the crashes on two separate Windows machines just by trying
 to reply to an email or nntp post. Works OK on Linux:

 User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
 Firefox/50.0 SeaMonkey/2.47
 Build identifier: 20161201022155

 which is what I am replying from for this post.

 Ping Adrian: please look at the crash reports.
>>>
>>> How about Safe Mode?
>>>
>>
>> Ah... [wacks head & says 'why didn't I do that from the start] very good
>> point - thanks! Works on both windows machines (posting from one now).
>> Could be that the extensions/plugins may not like the update. I'll go
>> through each one & see if I can pin it down.
> 
> As I get older, I get those "whack head" moments more and more. If you 
> figure out the culprit, let us all know.
> 

Found it:
https://addons.mozilla.org/en-US/seamonkey/addon/extra-format-buttons/?src=cb-dl-toprated


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: [Ping Adrian - 2.47 Windows Builds] Re: 0day exploit - Security update for SeaMonkey needed?

[TCW]

On 12/1/2016 12:29 PM, NoOp wrote:

On 12/1/2016 10:23 AM, TCW wrote:

On 12/1/2016 12:12 PM, NoOp wrote:

On 12/01/2016 08:40 AM, Lee wrote:

On 12/1/16, TCW <"."> wrote:

On 11/30/2016 8:06 AM, WaltS48 wrote:

There's a zero-day exploit in the wild that's being used to execute
malicious code on the computers of people using Tor and possibly other
users of the Firefox browser, officials of the anonymity service
confirmed Tuesday.




The versions span from 41 to 50, with version 45 ESR being the version
used by the latest version of the Tor browser.





Is a fix for SeaMonkey needed?


Looks like Adrian has applied it to his 2.47 build @
http://tinyurl.com/j2ju4s7.


Would you please not post obfuscated URLs?  Especially now, in a
thread about a 0day & probably most everybody reading the thread
running exploitable software, enticing people to click on random links
is a really bad idea.

$ curl -s --head  http://tinyurl.com/j2ju4s7 | grep Location
Location: 
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/

Thanks,
Lee



Mine updated from 2.46 to2.46 - however on the Windows 10 systems I'm
getting crashes from these builds:

User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
SeaMonkey/2.47
Build identifier: 20161201093907
https://crash-stats.mozilla.com/report/index/033876b9-52eb-4a25-99aa-6c0b22161201

and

User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
Gecko/20100101 Firefox/50.0 SeaMonkey/2.47
Build identifier: 20161201025712
https://crash-stats.mozilla.com/report/index/adc9e74f-2090-4b7f-b849-eb0082161201

I can repeat the crashes on two separate Windows machines just by trying
to reply to an email or nntp post. Works OK on Linux:

User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
Firefox/50.0 SeaMonkey/2.47
Build identifier: 20161201022155

which is what I am replying from for this post.

Ping Adrian: please look at the crash reports.


How about Safe Mode?



Ah... [wacks head & says 'why didn't I do that from the start] very good
point - thanks! Works on both windows machines (posting from one now).
Could be that the extensions/plugins may not like the update. I'll go
through each one & see if I can pin it down.


As I get older, I get those "whack head" moments more and more. If you 
figure out the culprit, let us all know.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: [Ping Adrian - 2.47 Windows Builds] Re: 0day exploit - Security update for SeaMonkey needed?

[NoOp]

On 12/1/2016 10:23 AM, TCW wrote:
> On 12/1/2016 12:12 PM, NoOp wrote:
>> On 12/01/2016 08:40 AM, Lee wrote:
>>> On 12/1/16, TCW <"."> wrote:
 On 11/30/2016 8:06 AM, WaltS48 wrote:
>> There's a zero-day exploit in the wild that's being used to execute
>> malicious code on the computers of people using Tor and possibly other
>> users of the Firefox browser, officials of the anonymity service
>> confirmed Tuesday.
>>
>
>> The versions span from 41 to 50, with version 45 ESR being the version
>> used by the latest version of the Tor browser.
>
> 
>
>
> Is a fix for SeaMonkey needed?

 Looks like Adrian has applied it to his 2.47 build @
 http://tinyurl.com/j2ju4s7.
>>>
>>> Would you please not post obfuscated URLs?  Especially now, in a
>>> thread about a 0day & probably most everybody reading the thread
>>> running exploitable software, enticing people to click on random links
>>> is a really bad idea.
>>>
>>> $ curl -s --head  http://tinyurl.com/j2ju4s7 | grep Location
>>> Location: 
>>> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
>>>
>>> Thanks,
>>> Lee
>>>
>>
>> Mine updated from 2.46 to2.46 - however on the Windows 10 systems I'm
>> getting crashes from these builds:
>>
>> User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
>> SeaMonkey/2.47
>> Build identifier: 20161201093907
>> https://crash-stats.mozilla.com/report/index/033876b9-52eb-4a25-99aa-6c0b22161201
>>
>> and
>>
>> User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
>> Gecko/20100101 Firefox/50.0 SeaMonkey/2.47
>> Build identifier: 20161201025712
>> https://crash-stats.mozilla.com/report/index/adc9e74f-2090-4b7f-b849-eb0082161201
>>
>> I can repeat the crashes on two separate Windows machines just by trying
>> to reply to an email or nntp post. Works OK on Linux:
>>
>> User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
>> Firefox/50.0 SeaMonkey/2.47
>> Build identifier: 20161201022155
>>
>> which is what I am replying from for this post.
>>
>> Ping Adrian: please look at the crash reports.
> 
> How about Safe Mode?
> 

Ah... [wacks head & says 'why didn't I do that from the start] very good
point - thanks! Works on both windows machines (posting from one now).
Could be that the extensions/plugins may not like the update. I'll go
through each one & see if I can pin it down.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: [Ping Adrian - 2.47 Windows Builds] Re: 0day exploit - Security update for SeaMonkey needed?

[TCW]

On 12/1/2016 12:12 PM, NoOp wrote:

On 12/01/2016 08:40 AM, Lee wrote:

On 12/1/16, TCW <"."> wrote:

On 11/30/2016 8:06 AM, WaltS48 wrote:

There's a zero-day exploit in the wild that's being used to execute
malicious code on the computers of people using Tor and possibly other
users of the Firefox browser, officials of the anonymity service
confirmed Tuesday.




The versions span from 41 to 50, with version 45 ESR being the version
used by the latest version of the Tor browser.





Is a fix for SeaMonkey needed?


Looks like Adrian has applied it to his 2.47 build @
http://tinyurl.com/j2ju4s7.


Would you please not post obfuscated URLs?  Especially now, in a
thread about a 0day & probably most everybody reading the thread
running exploitable software, enticing people to click on random links
is a really bad idea.

$ curl -s --head  http://tinyurl.com/j2ju4s7 | grep Location
Location: 
https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/

Thanks,
Lee



Mine updated from 2.46 to2.46 - however on the Windows 10 systems I'm
getting crashes from these builds:

User agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101
SeaMonkey/2.47
Build identifier: 20161201093907
https://crash-stats.mozilla.com/report/index/033876b9-52eb-4a25-99aa-6c0b22161201

and

User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0)
Gecko/20100101 Firefox/50.0 SeaMonkey/2.47
Build identifier: 20161201025712
https://crash-stats.mozilla.com/report/index/adc9e74f-2090-4b7f-b849-eb0082161201

I can repeat the crashes on two separate Windows machines just by trying
to reply to an email or nntp post. Works OK on Linux:

User agent: Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101
Firefox/50.0 SeaMonkey/2.47
Build identifier: 20161201022155

which is what I am replying from for this post.

Ping Adrian: please look at the crash reports.


How about Safe Mode?
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: [Ping Adrian - 2.47 Windows Builds] Re: 0day exploit - Security update for SeaMonkey needed?

[NoOp]

On 12/01/2016 10:12 AM, NoOp wrote:
> On 12/01/2016 08:40 AM, Lee wrote:
>> On 12/1/16, TCW <"."> wrote:
>>> On 11/30/2016 8:06 AM, WaltS48 wrote:
> There's a zero-day exploit in the wild that's being used to execute
> malicious code on the computers of people using Tor and possibly other
> users of the Firefox browser, officials of the anonymity service
> confirmed Tuesday.
>

> The versions span from 41 to 50, with version 45 ESR being the version
> used by the latest version of the Tor browser.

 


 Is a fix for SeaMonkey needed?
>>>
>>> Looks like Adrian has applied it to his 2.47 build @
>>> http://tinyurl.com/j2ju4s7.
>> 
>> Would you please not post obfuscated URLs?  Especially now, in a
>> thread about a 0day & probably most everybody reading the thread
>> running exploitable software, enticing people to click on random links
>> is a really bad idea.
>> 
>> $ curl -s --head  http://tinyurl.com/j2ju4s7 | grep Location
>> Location: 
>> https://l10n.mozilla-community.org/~akalla/unofficial/seamonkey/nightly/latest-comm-release-windows32/
>> 
>> Thanks,
>> Lee
>> 
> 
> Mine updated from 2.46 to2.46 - however on the Windows 10 systems I'm
> getting crashes from these builds:

Correction: ...from 2.46 to 2.47 (release update channel)...

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey