Re: [Fwd: Re: New Mozilla vulnerabilities??]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/9/06, Josh Bressers <bressers@xxxxxxxxxx> wrote:
>
> Matthew Miller wrote:
> > On Sat, Jun 03, 2006 at 02:36:13PM -0500, David Eisenstein wrote:
> >
> >>It mentions a bunch of vulnerabilities (all of which seem to affect
> >>Seamonkey, Thunderbird, and Firefox).  After looking at each VU#, it appears
> >>that none of the announcements mention the Mozilla suite.  Also, at least as
> >>of last night, none of them mention any CVE #'s.
> >
> >
> > No updates for Firefox for Fedora Core yet, either....
> >
> > <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194617>
> >
>
> I heard a rumor the other day that Red Hat Enterprise Linux may be planning
> to replace Mozilla with Seamonkey in their currently-maintained distros.  Am
> wondering if there is any truth to this rumor?  Also wondering if there is
> anything we in Fedora Legacy can do to help in this process of dealing with
> these critical Mozilla/Firefox/Seamonkey bugs?

This is true.  We're going with seamonkey in RHEL.  I think this current
round of issues is proof as to why this has to happen.  Backporting to the
firefox 1.0 branch is nearly impossible given the drastic changes between
versions.

Right now we're furiously working on backporting patches for the most
critical issues.  If you want to help mail Chris Aillon (caillon@redhat)
with your request.  He's currently heading up a small group of various
distributors trying to get all this work done.


I would say that it is not worth the effort to do that much
backporting. I am having to deal with sites that just want to block
old Firefox browser strings anyway at their firewalls. So my day job
is basically going to be get 1.5.0.4{5,6,7} onto RHL-7.3 -> RHEL-4
anyway.

My {I am not much of a coder, but have to deal with the mess left over
by them} possition would be that  getting a modularized javascript
interpreter written, debugged, security minded than trying to back-fix
things might be a better idea.


--
Stephen J Smoogen.
CSIRT/Linux System Administrator

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux