seemonkey wrote:
But it would close the vulnerability in nss. If one would release a seamonkey
let's say 2.40.1 only with the change of nss 3.21.1 the result would be the
same as i described. I didn't mention any bug in the base product. The whole
topic was started with nss and not bugs/sec vuln. in seamonkey.
So keeping SM 2.40 official release without replacing the nss is the worst one
can do at the moment. If you trust an unofficial build (2.46) then install it.
Or copy the dlls as i described.
The worst thing you could do is assume you are covered. It would close
one vulnerability in nss not all. Current nss is 3.28 beta and 3.26.2 in
the next Firefox release. I am quite sure there some few security fixes
in the latest version too. You best protection is still a script and an
Ad blocker when browsing the web.
A 2.40.1 can not be released because the l10n part of the build system
is broken. It it weren't so we would have 2.46 already.
Adrians unofficial builds are ok. You can trust them. And if you run
en-US there are now candidate builds for every platform available too.
They are not final but this only means that the build process stopped
with an error when it came to building the l10n versions. Building en-US
was mostly finished at this stage.
That said ewong is still busy building and I hope we will see the final
2.46 soon.
FRG
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
