On 11/30/16, Chris Ilias <[email protected]> wrote: > On 30/11/2016 9:06 AM, WaltS48 wrote: >>> There's a zero-day exploit in the wild that's being used to execute >>> malicious code on the computers of people using Tor and possibly other >>> users of the Firefox browser, officials of the anonymity service >>> confirmed Tuesday. >>> >> >>> The versions span from 41 to 50, with version 45 ESR being the version >>> used by the latest version of the Tor browser. >> >> <http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/> >> >> Is a fix for SeaMonkey needed? > > Given that there's a chemspill for Firefox on both desktop and android, > on both the latest version and ESR, as well as Thunderbird, I would say > it's a reasonable assumption that SeaMonkey is affected.
Will there be an announcement when a version of SM is available with the fix? The arstechnica.com article has this bit: Joshua Yabut, another researcher who also analyzed the code, told Ars it exploits a heap overflow bug that requires JavaScript to be enabled on the vulnerable computer. So it seems the work-around is disabling javascript. Regards, Lee _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
