[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39766: Security-Problems, probably known

From: address@hidden
Subject: bug#39766: Security-Problems, probably known
Date: Tue, 10 Mar 2020 18:31:23 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0

Current binary release is 60.7.0 which is vulnerable and that is the
problem, see: https://ftp.gnu.org/gnu/gnuzilla/?C=M;O=D

On 3/10/20 6:24 PM, Antonio Trande wrote:
> These issues have been fixed with Firefox ESR 68.4.1; current IceCat
> release on 68 branch is the 68.6.0. So, what's the problem?
> On 10/03/20 10:29, address@hidden wrote:
>> Hello,
>> It seems no one has replied to this. I think IceCat should no longer be
>> recommended to users until this issue is resolved especially since
>> IceCat is advertised as a browser with "Privacy protection features".
>> Suffice to say such protection features are no good if the browser
>> itself is vulnerable to the types of vulnerabilities as eluded to before.
>> I understand that there aren't sufficient developers to maintain IceCat
>> but that does not mean the GNU website should offer the browser without
>> at least clearly addressing it's potential vulnerabilities on the
>> appropriate webpages.
>> As of now, users might download, install and subsequently use IceCat
>> with the understanding that they have downloaded a browser with enhanced
>> privacy protection features while not being aware that it is potentially
>> susceptible to recently discovered vulnerabilities.
>> This is precisely the sort of situation that free software, and free and
>> open information should prevent.
>> I hope we can resolve this quickly.
>> Kind regards,
>> Corne
>> On 2/24/20 7:05 PM, address@hidden wrote:
>>> Hello,
>>> I was also really wondering about this as the current version of IceCat
>>> is a version of Firefox that was affected.
>>> On 24-02-2020 12:09, Arne Wichmann wrote:
>>>> Good day tou you!
>>>> I see here some security problems referenced for Firefox, which are
>>>> probably applicable to Icecat, too:
>>>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and
>>>>   FallibleStoreElement
>>>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp
>>>> More less critical ones are referenced, too.
>>>> Are there plans to adress these?
>>>> cu
>>>> AW

reply via email to

[Prev in Thread] Current Thread [Next in Thread]