Re: Full list of Seamonkey (unpatched Mozilla Suite??) vulnerabilities...
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
> > Similar lists exists for Firefox ("Fixed in Firefox 220.127.116.11") and > Thunderbird ("Fixed in Thunderbird 18.104.22.168") vulnerabilities on that same page. > > Somehow, I suspect that if these vulnerabilities exist in Seamonkey, then > many will also exist in Mozilla-1.7.13, in Firefox-1.0.8, and > Thunderbird-1.0.8 .... Some of them do, some of them don't. I don't have a complete list yet. I've tracked down the most critical issues. Take a look at these bugs for the CVE ids I've identified. Mozilla: 193906 Firefox: 193895 We're working on a patch for those particular issues. Thunderbird has no critical bugs. > > What is the Mozilla Foundation trying to do here? Make zero-day exploits > available to malware writers to use against legacy users of Mozilla-1.7.13 > Firefox-1.0.8, and Thunderbird-1.0.8 users?!? Is there any coordination > among outside maintainers of these legacy packages (since the Mozilla > foundation's official policy is that Mozilla-1.7.13 was the end of the line > for the Mozilla suite)? Should there be?? The Mozilla Foundation doesn't care about users running the older versions of the suite and Firefox. I could go into detail about their mishandling of this, but I'd rather not. They have no interest in coordinating with vendors in any way. They've done a very poor job communicating the EOL of their products. I personally consider releasing a critical update on a Friday very irresponsible. I've let them know this more than once, which has been ignored. > > Regards, > > David Eisenstein > > ps: None of the detailed MSFA's linked to from the known-vulnerabilities > page that I looked at had any CVE's listed for them. Does anyone know if > any CVE's are assigned for these vulnerabilities? Also, all of the > bugzilla.mozilla.org links from the MFSA's seem to be embargoed (at least > for me). Does anyone here have access to those bug reports? All issues have CVE ids. I'm attaching the CVE mails that detail these. -- JB
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Fedora Development] [Fedora Announce] [Fedora Legacy Announce] [Fedora Config] [PAM] [Fedora General Discussion] [Big List of Linux Books] [Gimp] [Free Internet Dating] [Yosemite Questions]