On 12/1/16, Ray_Net <[email protected]> wrote: > WaltS48 wrote on 30-11-16 15:06: >>> There's a zero-day exploit in the wild that's being used to execute >>> malicious code on the computers of people using Tor and possibly >>> other users of the Firefox browser, officials of the anonymity >>> service confirmed Tuesday. >>> >> >>> The versions span from 41 to 50, with version 45 ESR being the >>> version used by the latest version of the Tor browser. >> >> <http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/> >> >> >> >> Is a fix for SeaMonkey needed? >> >> > Am I affected ? > User agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 > Firefox/43.0 SeaMonkey/2.40
Most probably. https://www.mozilla.org/en-US/security/advisories/ has a link to the FF 50.0.2 patch which links to the bug discussion https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 see comment 17: This file hasn't changed substantially in 5 years, so I imagine all branches are affected. > Someone told us that to protect us, It's simple, just disable javascript > ... BUT > A lot of sites needs javascript otherwise, they simply never deliver the > page you asked. > So what ? Most sites that require javascript I just close that tab. But yes, there's a few that I do enable javascript for.. in which case > Must I install > https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/2.9.0.14 ? I do. Along with requestpolicy continued https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/ *AND* I log in as a regular user with no privileges. The idea being that for an exploit to work not only does the exploit have to run on my machine, it also has to do a privilege elevation before it can do any serious damage. When I need to do some admin function like updating software I'll log out & log back in as the admin. The downside for some people is things like the FF/SM automatic update don't work if logged in as a normal user (which I see as a Good Thing) Regards, Lee _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
