On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), [email protected] wrote: >There's at least one security vulnerability that is missing from this NSS >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 > >There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 >to solve this issue but unfortunately it seems that this bugfix is not in >3.20.x according to the developer entries. I didn't check the code yet if the >bugfix is really missing! > >So my question is why seamonkey uses still this outdated NSS version? It >should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in >latest thunderbird /45.4.0/) > >As a workaround i can copy the nss libraries from firefox esr to seamonkey >until a security release of seamonkey let's say 2.40.1 arrives. I tried this >end i can start seamonkey with newer NSS library because they're compatible.
You can graft the NSS dlls, sure. I have done that in the past with success. But, there is a build of 2.46 that's stable enough to use if you want to test. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
