Re: Full list of Seamonkey (unpatched Mozilla Suite??) vulnerabilities...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

> Similar lists exists for Firefox ("Fixed in Firefox") and
> Thunderbird ("Fixed in Thunderbird") vulnerabilities on that same page.
> Somehow, I suspect that if these vulnerabilities exist in Seamonkey, then
> many will also exist in Mozilla-1.7.13, in Firefox-1.0.8, and
> Thunderbird-1.0.8 ....

Some of them do, some of them don't.  I don't have a complete list yet.

I've tracked down the most critical issues.  Take a look at these bugs for
the CVE ids I've identified.

Mozilla: 193906
Firefox: 193895

We're working on a patch for those particular issues.

Thunderbird has no critical bugs.

> What is the Mozilla Foundation trying to do here?  Make zero-day exploits
> available to malware writers to use against legacy users of Mozilla-1.7.13
> Firefox-1.0.8, and Thunderbird-1.0.8 users?!?  Is there any coordination
> among outside maintainers of these legacy packages (since the Mozilla
> foundation's official policy is that Mozilla-1.7.13 was the end of the line
> for the Mozilla suite)?  Should there be??

The Mozilla Foundation doesn't care about users running the older versions
of the suite and Firefox.  I could go into detail about their mishandling
of this, but I'd rather not.  They have no interest in coordinating with
vendors in any way.  They've done a very poor job communicating the EOL of
their products.

I personally consider releasing a critical update on a Friday very
irresponsible.  I've let them know this more than once, which has been

> 	Regards,
> 	David Eisenstein
> ps:  None of the detailed MSFA's linked to from the known-vulnerabilities
> page that I looked at had any CVE's listed for them.  Does anyone know if
> any CVE's are assigned for these vulnerabilities?  Also, all of the
> links from the MFSA's seem to be embargoed (at least
> for me).  Does anyone here have access to those bug reports?

All issues have CVE ids.  I'm attaching the CVE mails that detail these.




[Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Free Internet Dating]     [Yosemite Questions]

Powered by Linux