On 12/2/2016 6:15 PM, NoOp wrote:
On 12/2/2016 2:30 PM, NFN Smith wrote:
I'm watching discussions relating to the SVG exploit, and am a little
confused about what steps I should take.
I'm one of the users that has stayed with 2.40, and for the most
part, I'm content to wait until a new release comes through the
normal update channel, although I am concerned about the number of
security fixes accumulating, that have been applied to Firefox and
Thunderbird.
Right now, the primary question would is whether there will be an
update to 2.40 to address the SVG exploit, or if it's going to take
moving to one of the later builds, to get that.
I've seen ewong's notes about what's happening with 2.46, 2.47, etc.,
and I hope he's able to get a breakthrough soon. (Personally, I'm OK
with dropping both Chatzilla and DOM). But it appears that nothing
is going to be coming down the official pipeline for a while.
Assuming that, what are the options?
- Stay with 2.40, and hope that most of the risk can be offset by use
of NoScript, as suggested by Frank-Rainer Grahl? I already run
NoScript, so I'm used to how that behaves.
Turn off javascript and leave it off until 2.40 is patched. Better yet,
turn off 2.40 until 2.40 is patched.
Is it confirmed that v2.40 will get a patch?
--
"We ants are runnin' the show! We're the lords of the earth!" --ANTZ
Note: A fixed width font (Courier, Monospace, etc.) is required to see
this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) Axe ANT from its address if e-mailing privately.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
