David E. Ross wrote:
On 6/20/2009 6:02 PM, David E. Ross wrote:
On 6/20/2009 5:00 PM, Nairda wrote:
Can someone with a bit more understanding of these things please read
this article and say weather this applies to SM as well?
In a surprise move this year, Microsoft has decided to quietly install
what amounts to a massive security vulnerability in Firefox without
informing the user. Find out what Microsoft has to say about it, and how
you can undo the damage. Microsoft pushed out its .NET Framework 3.5
Service Pack 1 update this February....
It looks rather nasty, and I wish I had read it sooner.
The malware is a Firefox extension that (among other things) disables
the ability of Firefox to remove it. This apparently affects only
Firefox 3.x because of the way extensions are installed. SeaMonkey
1.1.x is related to Firefox 2.x and is not affected because of a
different scheme for installing extensions. I don't know if SeaMonkey
2.x will be affected, but it does use the same extension installation
scheme as Firefox 3.x.
In any case, I've avoided this problem. My Automatic Updates is set for
"Notify me but don't automatically download or install them." Since I
use Internet Explorer only to get Windows updates and to check my own
Web pages, I have rejected all .NET Framework (and ActiveX) updates.
Suddenly, I'm very glad I did not update my Windows XP SP2 to Windows XP
SP3. The latter would have included this malware.
See bug #499521 at <https://bugzilla.mozilla.org/show_bug.cgi?id=499521>.
It turns out that this problem was known at the beginning of February.
New bug #499521 is a duplicate of bug #476430 (see
<https://bugzilla.mozilla.org/show_bug.cgi?id=476430>). I find it
strange that there is some debate whether to take any corrective action.
Thank you David for your most adroit observations.
support-seamonkey mailing list