Re: Seamonkey 2.40 and SVG exploit

Sun, 04 Dec 2016 12:50:42 -0800 

On 12/02/2016 03:30 PM, NFN Smith wrote:
I'm watching discussions relating to the SVG exploit, and am a little confused about what steps I should take. 


I'm one of the users that has stayed with 2.40, and for the most part, 
I'm content to wait until a new release comes through the normal update 
channel, although I am concerned about the number of security fixes 
accumulating, that have been applied to Firefox and Thunderbird.



Right now, the primary question would is whether there will be an update 
to 2.40 to address the SVG exploit, or if it's going to take moving to 
one of the later builds, to get that.



I've seen ewong's notes about what's happening with 2.46, 2.47, etc., 
and I hope he's able to get a breakthrough soon. (Personally, I'm OK 
with dropping both Chatzilla and DOM). But it appears that nothing is 
going to be coming down the official pipeline for a while.


Assuming that, what are the options?


- Stay with 2.40, and hope that most of the risk can be offset by use of 
NoScript, as suggested by Frank-Rainer Grahl? I already run NoScript, so 
I'm used to how that behaves.



- Use one of Adrian Kalla's unofficial builds? If so, which build, and 
what potential problems are there?


- Something else?



Our organization uses mostly Firefox and Thunderbird, as preferred 
clients. (I'm actually one of only a couple that use Seamonkey). We have 
a fairly aggressive policy stance about requiring our users to apply 
security updates promptly. I know that the last time there was a break 
in Seamonkey development, one of our admins was questioning me about 
whether Seamonkey is still supported -- at that time, I was running the 
most current version, but it was already behind Firefox development, and 
the current gap between releases is even larger. For me, a temporary 
move from Seamonkey to Firefox isn't a huge thing, but having to 
relocate my mail to Thunderbird is more painful, as I still do nearly 
everything through POP.


Smith



Elected to find the most recent 2.49a2 SM build for 64 bit linux, from 
Dec 4 here:


https://archive.mozilla.org/pub/seamonkey/nightly/2016/12/2016-12-04-01-30-01-comm-aurora/

so far, so good...

sean
--
The purpose of life is to be happy.
     ~ Dalai Lama
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey























					Reply via email to