MozillaZine

URGENT: update for FireFox needed now!?! What abouty SM?

Discussion of general topics about Seamonkey
Peter Creasey

User avatar
 
Posts: 657
Joined: October 26th, 2007, 2:32 pm
Location: Texas

Post Posted January 12th, 2020, 5:33 pm

What is the implication of this for SeaMonkey?

Mozilla Patches Critical Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.


https://www.us-cert.gov/ncas/current-ac ... nerability
. . . . . . . . . . Pete

frg
 
Posts: 917
Joined: December 15th, 2015, 1:20 pm

Post Posted January 13th, 2020, 1:31 am

Fix is in the unofficial 2.53.2 since 2 days and will be in the final 2.53.1 too.

I suggest you use NoScript 5.1.9 if you are concerned. I do. In the wild you find these type of nasties usually on bad obscure websites or in ads served by compromised ad servers.

FRG

Peter Creasey

User avatar
 
Posts: 657
Joined: October 26th, 2007, 2:32 pm
Location: Texas

Post Posted January 13th, 2020, 6:28 am

Thanks, I figured you had everything covered in good fashion.
. . . . . . . . . . Pete

ElTxolo

User avatar
 
Posts: 2532
Joined: July 30th, 2007, 9:35 am
Location: Localhost

Post Posted January 13th, 2020, 11:54 am

frg wrote:
Peter Creasey wrote:What is the implication of this for SeaMonkey?

Mozilla Patches Critical Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.


https://www.us-cert.gov/ncas/current-ac ... nerability

Fix is in the unofficial 2.53.2 since 2 days and will be in the final 2.53.1 too.

I suggest you use NoScript 5.1.9 if you are concerned. I do. In the wild you find these type of nasties usually on bad obscure websites or in ads served by compromised ad servers.

    Image From your response, I gather that you are NOT going to patch SeaMonkey 2.49.5 with any new updates, to fix this critical issue, right ... ???
    Which according to numerous sources, that is actively being exploited ... Image

    You seem NOT to care about the security of SeaMonkey 2.49.5 users. As the only valid solution you recommend to use the NoScript extension. [-(








    Image

How to Ask Questions The Smart Way - How to Report Bugs Effectively ;)
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200426 SeaMonkey/2.53.2
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200529 SeaMonkey/2.53.4

therube

User avatar
 
Posts: 20356
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted January 13th, 2020, 6:44 pm

I gather that you are NOT going to patch SeaMonkey 2.49.5 with any new updates, to fix this critical issue, right ... ???

Correct.
https://freenode.logbot.info/seamonkey/20200113
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

ElTxolo

User avatar
 
Posts: 2532
Joined: July 30th, 2007, 9:35 am
Location: Localhost

Post Posted January 14th, 2020, 3:15 am

therube wrote:
I gather that you are NOT going to patch SeaMonkey 2.49.5 with any new updates, to fix this critical issue, right ... ???

Correct.
https://freenode.logbot.info/seamonkey/20200113


    Image

    .... Never underestimate human stupidity (Pittacus Lore) Image











    Image

Last edited by ElTxolo on January 14th, 2020, 3:24 am, edited 1 time in total.
How to Ask Questions The Smart Way - How to Report Bugs Effectively ;)
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200426 SeaMonkey/2.53.2
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200529 SeaMonkey/2.53.4

frg
 
Posts: 917
Joined: December 15th, 2015, 1:20 pm

Post Posted January 14th, 2020, 3:24 am

> .... Never underestimate human stupidity (Pittacus Lore)

Yours or mine? I really know that we need to get releases out faster but i can also wish for the moon. By the time we do 2.49.6 we would have 2.53.1 anyway. We are around 4 to 5 core people and as long as this does not change it will go nowhere. We did make tremedous progress in the last months rebuilding the infrastructure but we are not yet at releases. The 2.53.1 beta is done for 14 days now and still not up.

ElTxolo

User avatar
 
Posts: 2532
Joined: July 30th, 2007, 9:35 am
Location: Localhost

Post Posted January 14th, 2020, 4:26 am

frg wrote:.... I really know that we need to get releases out faster but i can also wish for the moon. By the time we do 2.49.6 we would have 2.53.1 anyway. We are around 4 to 5 core people and as long as this does not change it will go nowhere. We did make tremedous progress in the last months rebuilding the infrastructure but we are not yet at releases. The 2.53.1 beta is done for 14 days now and still not up.

    Image Let's see, dude. You still don't seem to get it.

    I have NOT criticized, the work you do at SeaMonkey at all. In fact, I have always been one of the first, to personally congratulate you several times.

    What I do criticize and totally disagree with, is that you do NOT anything about the serious/critical security issues in SeaMonkey 2.49.5.
    Except recommend users to use a shitty extension to mitigate the security problem.

    Firefox, Firefox ESR, Thunderbird, Pale Moon, Basilisk, Waterfox ... etc, have released almost immediate security updates, to fix this issue.
    But at SeaMonkey NOTHING has been done. ](*,)
    And with this last one, it's what I do NOT agree with. Do you get it now or what? Image








    Image
How to Ask Questions The Smart Way - How to Report Bugs Effectively ;)
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200426 SeaMonkey/2.53.2
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20200529 SeaMonkey/2.53.4

therube

User avatar
 
Posts: 20356
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted January 14th, 2020, 6:13 am

Waterfox

I'd been wondering about that. Glad to see that he's go it.
(Reddit sucks. So I tend to not follow or use WF because of that.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

frg
 
Posts: 917
Joined: December 15th, 2015, 1:20 pm

Post Posted January 14th, 2020, 6:46 am

It is a free world. No one is forced to use SeaMonkey. Use whatever you want to use but if you do not contribute with code or helping to actually get releases out don't tell me what to do. It is a community project and the remaining devs do it all in their spare time. And I say I miss broader support from the community. Usually the same people helping out and ausually the same people demanding the moon.

Please close. This discussion goes nowhere and I get more angry by the minute.

FRG

Frank Lion

User avatar
 
Posts: 20649
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted January 14th, 2020, 6:49 am

ElTxolo wrote:What I do criticize and totally disagree with, is that you do NOT anything about the serious/critical security issues in SeaMonkey 2.49.5.

It's a fair point. If they are going to fix anything then fixing what 98% of the userbase are using does make the most sense.
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Peter Creasey

User avatar
 
Posts: 657
Joined: October 26th, 2007, 2:32 pm
Location: Texas

Post Posted January 14th, 2020, 7:48 am

frg wrote: It is a community project and the remaining devs do it all in their spare time.


It is unfortunate that more of us are not in a position and/or qualified to be helpful with development.

Please know that the vast majority of us appreciate all that you do and how you do it. And please continue same.

Thanks.
. . . . . . . . . . Pete

ndebord

User avatar
 
Posts: 839
Joined: December 7th, 2002, 9:53 am

Post Posted January 14th, 2020, 10:04 am

Frank Lion wrote:
ElTxolo wrote:What I do criticize and totally disagree with, is that you do NOT anything about the serious/critical security issues in SeaMonkey 2.49.5.

It's a fair point. If they are going to fix anything then fixing what 98% of the userbase are using does make the most sense.


Frank,

Well, as we have 4 to 5 developers now, all working in their spare time, the timing of this bug is unfortunate as SM 2.53.xx is almost a reality. SM 2.49.xx is yesterday's browser and to my mind it makes sense to allocate sparse resources to bug fix the new SM, not the old. Just sayin'

Nick
-N- Quis custodiet ipsos custodes
SeaMonkey, Acer Spin, Windows 10 Home (X64), WinPatrol, MalwarebytesPremium & PandaDome

frg
 
Posts: 917
Joined: December 15th, 2015, 1:20 pm

Post Posted January 14th, 2020, 11:10 am

Thanks Nick. It is better to have a few hundered new sec patches than 1. It is not that I like the current situation.

As always: tanstaafl.

Frank Lion

User avatar
 
Posts: 20649
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted January 14th, 2020, 11:15 am

ndebord wrote:... the timing of this bug is unfortunate as SM 2.53.xx is almost a reality.

Well, this is no ordinary bug, but an actively exploited critical security issue. Plus, in my opinion, 2.53 may be almost a reality but it's also not yet ready for prime time at the moment.

There will come a time in SeaMonkey's future when security issues just cannot be fixed, but we're not at that point yet. Therefore a 'Let them eat cake' attitude to users of the existing official version of SeaMonkey is far from ideal.

Users of software have the right to bring up issues of things that concern them. It is the heat of the particular kitchen we have chosen to work in.

The answer to users (especially ones regarding a critical security issue!) is never '
Please close. This discussion goes nowhere and I get more angry by the minute.', as above.

Even I never talk to users like that. :)
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Return to SeaMonkey General


Who is online

Users browsing this forum: No registered users and 1 guest