On Thursday, October 13, 2016 at 3:10:42 PM UTC+2, TCW wrote:
> On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey
> >There's at least one security vulnerability that is missing from this NSS 
> >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
> >
> >There was a bugfix in NSS 
> >https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue but 
> >unfortunately it seems that this bugfix is not in 3.20.x according to the 
> >developer entries. I didn't check the code yet if the bugfix is really 
> >missing!
> >
> >So my question is why seamonkey uses still this outdated NSS version? It 
> >should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also 
> >in latest thunderbird /45.4.0/)
> >
> >As a workaround i can copy the nss libraries from firefox esr to seamonkey 
> >until a security release of seamonkey let's say 2.40.1 arrives. I tried this 
> >end i can start seamonkey with newer NSS library because they're compatible.
> You can graft the NSS dlls, sure. I have done that in the past with
> success. But, there is a build of 2.46 that's stable enough to use if
> you want to test.

I tried with firefox's/thunderbirds 3.21.1 and it works. I trust this version 
of nss (at the moment)
support-seamonkey mailing list

Reply via email to