On 12/1/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
> WaltS48 wrote on 30-11-16 15:06:
>>> There's a zero-day exploit in the wild that's being used to execute
>>> malicious code on the computers of people using Tor and possibly
>>> other users of the Firefox browser, officials of the anonymity
>>> service confirmed Tuesday.
>>> The versions span from 41 to 50, with version 45 ESR being the
>>> version used by the latest version of the Tor browser.
>> Is a fix for SeaMonkey needed?
> Am I affected ?
> User agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101
> Firefox/43.0 SeaMonkey/2.40
has a link to the FF 50.0.2 patch which links to the bug discussion
see comment 17:
This file hasn't changed substantially in 5 years, so I imagine all
branches are affected.
> ... BUT
> page you asked.
> So what ?
> Must I install
> https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/22.214.171.124 ?
I do. Along with requestpolicy continued
*AND* I log in as a regular user with no privileges. The idea being
that for an exploit to work not only does the exploit have to run on
my machine, it also has to do a privilege elevation before it can do
any serious damage.
When I need to do some admin function like updating software I'll log
out & log back in as the admin. The downside for some people is
things like the FF/SM automatic update don't work if logged in as a
normal user (which I see as a Good Thing)
support-seamonkey mailing list