On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>> There's at least one security vulnerability that is missing from this NSS
>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>> There was a bugfix in NSS
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>> the developer entries. I didn't check the code yet if the bugfix is really
>> missing!
>> So my question is why seamonkey uses still this outdated NSS version? It
>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>> also in latest thunderbird /45.4.0/)
>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>> this end i can start seamonkey with newer NSS library because they're
>> compatible.
> "As a workaround i can copy the nss libraries from firefox esr to
> seamonkey "
> Could you tell us what we need (in details) to do ?
> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.


The current version of Firefox is 49.0.1
about:support / Library Versions says the NSS* expected & in use version is 3.25

The 'current' version of SeaMonkey is 2.40 and is missing a lot of
security patches.  Upgrading requires that you download & install a
new version of SM instead of waiting for it to upgrade automatically.
**where** to download the new version from is a bit of a question tho
:(   I'm guessing the safest bet is
if only because akalla had to pick _this_ particular build to make
available for downloading.  SeaMonkey 2.46 has the same 3.25
about:support / Library Versions for NSS* as FF.

support-seamonkey mailing list

Reply via email to