Google
  Web www.spinics.net

Re: Full list of Seamonkey (unpatched Mozilla Suite??) vulnerabilities...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> 
> Similar lists exists for Firefox ("Fixed in Firefox 1.5.0.4") and
> Thunderbird ("Fixed in Thunderbird 1.5.0.4") vulnerabilities on that same page.
> 
> Somehow, I suspect that if these vulnerabilities exist in Seamonkey, then
> many will also exist in Mozilla-1.7.13, in Firefox-1.0.8, and
> Thunderbird-1.0.8 ....

Some of them do, some of them don't.  I don't have a complete list yet.

I've tracked down the most critical issues.  Take a look at these bugs for
the CVE ids I've identified.

Mozilla: 193906
Firefox: 193895

We're working on a patch for those particular issues.

Thunderbird has no critical bugs.

> 
> What is the Mozilla Foundation trying to do here?  Make zero-day exploits
> available to malware writers to use against legacy users of Mozilla-1.7.13
> Firefox-1.0.8, and Thunderbird-1.0.8 users?!?  Is there any coordination
> among outside maintainers of these legacy packages (since the Mozilla
> foundation's official policy is that Mozilla-1.7.13 was the end of the line
> for the Mozilla suite)?  Should there be??

The Mozilla Foundation doesn't care about users running the older versions
of the suite and Firefox.  I could go into detail about their mishandling
of this, but I'd rather not.  They have no interest in coordinating with
vendors in any way.  They've done a very poor job communicating the EOL of
their products.

I personally consider releasing a critical update on a Friday very
irresponsible.  I've let them know this more than once, which has been
ignored.

> 
> 	Regards,
> 
> 	David Eisenstein
> 
> ps:  None of the detailed MSFA's linked to from the known-vulnerabilities
> page that I looked at had any CVE's listed for them.  Does anyone know if
> any CVE's are assigned for these vulnerabilities?  Also, all of the
> bugzilla.mozilla.org links from the MFSA's seem to be embargoed (at least
> for me).  Does anyone here have access to those bug reports?

All issues have CVE ids.  I'm attaching the CVE mails that detail these.

-- 
    JB


--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Free Internet Dating]     [Yosemite Questions]

Powered by Linux