On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com

>There's at least one security vulnerability that is missing from this NSS 
>version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>There was a bugfix in NSS https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 
>to solve this issue but unfortunately it seems that this bugfix is not in 
>3.20.x according to the developer entries. I didn't check the code yet if the 
>bugfix is really missing!
>So my question is why seamonkey uses still this outdated NSS version? It 
>should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also in 
>latest thunderbird /45.4.0/)
>As a workaround i can copy the nss libraries from firefox esr to seamonkey 
>until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
>end i can start seamonkey with newer NSS library because they're compatible.

You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.
support-seamonkey mailing list

Reply via email to