On 12/1/16, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote:
> WaltS48 wrote on 30-11-16 15:06:
>>> There's a zero-day exploit in the wild that's being used to execute
>>> malicious code on the computers of people using Tor and possibly
>>> other users of the Firefox browser, officials of the anonymity
>>> service confirmed Tuesday.
>>> The versions span from 41 to 50, with version 45 ESR being the
>>> version used by the latest version of the Tor browser.
>> <http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/>
>> Is a fix for SeaMonkey needed?
> Am I affected ?
> User agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101
> Firefox/43.0 SeaMonkey/2.40

Most probably.
has a link to the FF 50.0.2 patch which links to the bug discussion
see comment 17:
This file hasn't changed substantially in 5 years, so I imagine all
branches are affected.

> Someone told us that to protect us, It's simple, just disable javascript
> ... BUT
> A lot of sites needs javascript otherwise, they simply never deliver the
> page you asked.
> So what ?

Most sites that require javascript I just close that tab.  But yes,
there's a few that I do enable javascript for.. in which case
> Must I install
> https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/ ?

I do.  Along with requestpolicy continued
*AND* I log in as a regular user with no privileges.  The idea  being
that for an exploit to work not only does the exploit have to run on
my machine, it also has to do a privilege elevation before it can do
any serious damage.

When I need to do some admin function like updating software I'll log
out & log back in as the admin.  The downside for some people is
things like the FF/SM automatic update don't work if logged in as a
normal user (which I see as a Good Thing)

support-seamonkey mailing list

Reply via email to