I wouldn't start hacking together a version with different binaries. Might work 
might not. And this won't close any bugs in the base product which could be 
exploited if you are so concerned about security.

Better check if the latest en-US candidate 2.46 test builds works for you or 
Adrians latest 2.46 build. They are both build from the same sources and 
to the next official build whenever it arrives will be possible just by 
downloading it. Adrians is gtk3 and the candidate gtk2 for Linux users. Windows 
VS2015 but Adrians should be a little faster because he used -O2 for compiling.

If you use a hacked together build do not open bug reports against it.

There will be no 2.40.x builds. The next one will be 2.46 if the l10n build bug 
can be fixed in time.


On Sun, 16 Oct 2016 21:59:19 +0200, Ray_Net wrote:

>>Lee wrote on 16/10/2016 17:45:
>>> On 10/16/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
>>>> seemonkey12...@gmail.com wrote on 13/10/2016 08:06:
>>>>> There's at least one security vulnerability that is missing from this NSS
>>>>> version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
>>>>> There was a bugfix in NSS
>>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue
>>>>> but unfortunately it seems that this bugfix is not in 3.20.x according to
>>>>> the developer entries. I didn't check the code yet if the bugfix is really
>>>>> missing!
>>>>> So my question is why seamonkey uses still this outdated NSS version? It
>>>>> should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and
>>>>> also in latest thunderbird /45.4.0/)
>>>>> As a workaround i can copy the nss libraries from firefox esr to seamonkey
>>>>> until a security release of seamonkey let's say 2.40.1 arrives. I tried
>>>>> this end i can start seamonkey with newer NSS library because they're
>>>>> compatible.
>>>> "As a workaround i can copy the nss libraries from firefox esr to
>>>> seamonkey "
>>>> Could you tell us what we need (in details) to do ?
>>>> I have Firefox 46.0.1 and SeaMonkey 2.40 on a windows pc.
>>> Upgrade.
>>> The current version of Firefox is 49.0.1
>>> about:support / Library Versions says the NSS* expected & in use version is 
>>> The 'current' version of SeaMonkey is 2.40 and is missing a lot of
>>> security patches.  Upgrading requires that you download & install a
>>> new version of SM instead of waiting for it to upgrade automatically.
>>> **where** to download the new version from is a bit of a question tho
>>> :(   I'm guessing the safest bet is
>>> if only because akalla had to pick _this_ particular build to make
>>> available for downloading.  SeaMonkey 2.46 has the same 3.25
>>> about:support / Library Versions for NSS* as FF.
>>> Regards,
>>> Lee
>>You don't understand.
>>- I hate to install a not released SM.
>>- I stay with FireFox 46.0.1 because I am able with it to do "View 
>>Selection Source" using my version of Firefox, because my SM 2.40 cannot 
>>do it.
>>- He said " It should use at least 3.21.1 (that is in latest firefox esr 
>>/45.4.0/" and because my version of Firefox is greater (46.0.1) I can 
>>use nss from this version to put into SM because it should be > 3.21.1.
>>So the question is still open:
>>How, in details,  can I use the NSS of my FireFox 46.0.1 into my SM 2.40 ?

 Frank-Rainer Grahl

support-seamonkey mailing list

Reply via email to