On 10/14/2016 08:49 PM, Edward wrote:
On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey12...@gmail.com
There's at least one security vulnerability that is missing from
this NSS version:
There was a bugfix in NSS
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this
issue but unfortunately it seems that this bugfix is not in 3.20.x
according to the developer entries. I didn't check the code yet if
the bugfix is really missing!
So my question is why seamonkey uses still this outdated NSS
version? It should use at least 3.21.1 (that is in latest firefox
esr /45.4.0/ and also in latest thunderbird /45.4.0/)
As a workaround i can copy the nss libraries from firefox esr to
seamonkey until a security release of seamonkey let's say 2.40.1
arrives. I tried this end i can start seamonkey with newer NSS
library because they're compatible.
You can graft the NSS dlls, sure. I have done that in the past with
success. But, there is a build of 2.46 that's stable enough to use if
you want to test.
Just curious... Does the Linux version of SeaMonkey use the nss
package that is included with the Linux distribution being used? The
currently installed version here is 3.23.0-1 (Fedora 24).
Thanks in advance.
Users can enter about:support in the address bar and scroll down to the
Library Versions section of the Troubleshooting Information page to see
what their version of SeaMonkey, Firefox or Thunderbird is using.
If you prefer Help > Troubleshooting Information also gets you there.
Thanks for that tip.
It looks like nss was just updated. That screen shows the Expected
Minimum Version as 3.25, with 3.27 as the Version in use.
support-seamonkey mailing list