Date: Thu, 05 Mar 2015 15:55:43 +0100 From: Jan Beich <jbeich@FreeBSD.org> To: "Thomas Mueller" <mueller6724@bellsouth.net> Cc: freebsd-ports@freebsd.org Subject: Re: www/seamonkey 2.32.1 vulnerable? Message-ID: <wq2v-ze6o-wny@FreeBSD.org> In-Reply-To: <901146.90545.bm@smtp112.sbc.mail.ne1.yahoo.com> (Thomas Mueller's message of "Thu, 5 Mar 2015 03:01:43 -0800 (PST)") References: <901146.90545.bm@smtp112.sbc.mail.ne1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain "Thomas Mueller" <mueller6724@bellsouth.net> writes: > A massive portmaster upgrade resulting from png last December 25, > delayed by other snags, stopped quickly because www/seamonkey was said > to be vulnerable. > > But this is the newest version of Seamonkey either on FreeBSD ports or > upstream (www.seamonkey-project.org where there was no mention of > vulnerability in current version). Mozilla vulnerabilities are often generic to the engine/core. While many cannot be exploited in Thunderbird due to scripting disabled the same cannot be said about SeaMonkey which includes a browser. After looking through the past MFSAs it appears upstream only marks SeaMonkey vulnerable after there's a corresponding release with vulnerabilities fixed. In a situation where such release is delayed (like 2.33) or even canceled (2.27, 2.28) there's a window for attackers to take action on the disclosure. Do you have a better suggestion? I'm in favor of populating VuXML first instead of pretending using 2.32.1 is safe at this point. -- SeaMonkey 2.33 status can be tracked in bug 1137028 or via hg tags: https://bugzilla.mozilla.org/show_bug.cgi?id=1137028 https://hg.mozilla.org/releases/comm-release/ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJU+G5vXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bNKMH/RRDJHWqZeSfJ8EFZudSAiVS 4pH8aiXkwg5v4JafEwsm3L5eNwBuNVR7jtgKq7cx7q8TFQrwljoyDGBd4xTtfx1R exoAiQuSX5g0vi6Z8sEv37/PHgtsswpCbNPp1QNnkiS2rR9M+ti9PvMcjB65j140 W/3DuEfw9QbH4GiaZ1/2gIiBcmfAwXU9cxmT2KW1SEYf0DZE143Mp2IUAIZaEFHc ydUOL758dmEnMwbMcowvhAZBoz/8WnhM+tFXRa6LEbjJV5wdS6Qy1LrNIM/a7WTk 7wvrqX+kaWsDRvjwIycbr0Wfmi7wUHpITJo2YjJ9k4086paEHzcAI8fLRZSdpqI= =Ygc4 -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wq2v-ze6o-wny>