[rdf8585]

I've seen a few things reference 1.1.10, but what is the status of 1.1.10?

i.e http://www.mozilla.org/security/announc ... 08-20.html

[rsx11m]

Should come soon. As far as I can tell, that's the only security/stability bug for this update, to fix an issue introduced in the most recent round. To get Firefox 2.0.0.14 out, Thunderbird 2.0.0.13 was put on hold (.14 will be released instead). SM 1.1.10 would shadow FF 2.0.0.14, but KaiRo is on his well-deserved vacation, so maybe this is the reason that we don't see release candidates yet...

[ndebord]

Should come soon. As far as I can tell, that's the only security/stability bug for this update, to fix an issue introduced in the most recent round. To get Firefox 2.0.0.14 out, Thunderbird 2.0.0.13 was put on hold (.14 will be released instead). SM 1.1.10 would shadow FF 2.0.0.14, but KaiRo is on his well-deserved vacation, so maybe this is the reason that we don't see release candidates yet...

Thanks much for the info. I look forward to the release of the bugfix for my favorite suite.

[rsx11m]

According to the information on KaiRo's blog, SeaMonkey 1.1.10 will "shadow" the Firefox 2.0.0.15 release. The bug for MFSA 2008-20 doesn't seem severe enough to justify the effort for another SeaMonkey release at this time.

[therube]

LOL, I replied without looking, & now see rsx11m had it covered.

was whether you were going to release 1.1.10 to match 1.8.1.14 or just wait for 1.8.1.15 ?

from all we know, we'll wait for 1.8.1.15 - we have no evidence that the crash is really exploitable, and every release is quite costly to us, localizers, and users (full re-download)

on newsgroups, we only had one user objecting to this, everyone else agreed
and we asked that one to use a nightly instead

a branch nightly, that is - which are just less tested and have no relnotes
but should really be stable enough for daily use nowadays (with the small amount of stuff happening on branch)

1.8.1.15 should be end-of-June: http://wiki.mozilla.org/Releases
fyi for planning purposes
but Firefox 3 is a huge tidal force that may push us one way or the other a couple of weeks

[rsx11m]

FYI: If you are running Linux and don't want to wait until June, check your distribution's repositories. For example, the openSUSE build service provides RPM's for SeaMonkey 1.1.9 with Gecko 1.8.1.14, thus containing the fix for MSFA 2008-20.

[ndebord]

Well, it does look like we "may" need this interim release sooner rather than later; depending of course on whether or not a FF 2/3 bug also impacts Seamonkey.

"According to a note from TippingPoint’s Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x."

http://blogs.zdnet.com/security/?p=1288&tag=nl.e622

[rsx11m]

As far as I know, 1.1.10 should come around the Firefox 2.0.0.15 release, the latter on track for June 24. SM 1.1.10 candidates were posted June 15/16 on the FTP side, so it's coming...

As for the new vulnerability, if it's a Core bug in trunk and branch (not enough information given there), SeaMonkey would be affected as well. Looks like a "firedrill release" again to fix this, in which case 1.1.10 may be delayed if that fix comes quick enough. This happened before, which is one reason that SM is a few minor-version numbers behind FF/TB.

[rsx11m]

Just an update on this: According to the IRC logs, a second release candidate containing a fix for the security bug should appear shortly. Also, Firefox 2.0.0.15 release is pushed to July 1 now, a respin for the same reason I assume.

[ndebord]

Just an update on this: According to the IRC logs, a second release candidate containing a fix for the security bug should appear shortly. Also, Firefox 2.0.0.15 release is pushed to July 1 now, a respin for the same reason I assume.

Thanks for the update. July 1 looks like a plan and a way to properly incorporate the bug fix.

[rsx11m]

You are welcome. The updated SeaMonkey 1.1.10 builds are already in the nightly folder, don't see anything for Firefox yet. This would have been much easier if that so-called "anonymous researcher" had simply filed a bug report during the FF3 beta phase rather than holding back and cashing in for this in a publicity stunt...

[Rickkins]

What...???
Going from 1.1.9 to 1.1.10...
That doesn't make sense.
Isn't the next number 1.2.0 ???

[rsx11m]

Going from 1.1.9 to 1.1.10...
That doesn't make sense.

Why not? It's a minor upgrade, just as Firefox goes from 2.0.0.14 to 2.0.0.15 in that branch.

Isn't the next number 1.2.0 ???

No, never was. SM 1.1.x is based on the same 1.8.1 branch as FF/TB 2.0. There have been 1.5 pre-alphas some time ago, then the numbering was moved to 2.0, and this will be the next major release (likely based on the 1.9.1 branch, thus on the level what Firefox 3.1 would be).

[therube]

Instead of looking at it as 1.1.9, think of it as, 001.001.009.
Then the next update would be, 001.001.010.

Ten being greater then nine. It is typically only when going from an x9 to a .x0 revision that the numbering seems strange.

PS: after 1.1.10 will be 1.1.11

[rsx11m]

Ok, I may have misunderstood Rickkins' question then - thanks therube.