SeaMonkey 2.13.1 Released

[Edmund Wong]

The SeaMonkey project is proud to present SeaMonkey 2.13.1: An updated
release of the all-in-one Internet suite is available for download [1]
now! Building on the same Mozilla platform as the newest Firefox
release, it delivers the latest developments in web technologies such as
HTML5, hardware acceleration and improved JavaScript speed.

SeaMonkey 2.13.l is available in 26 languages, for Windows, Mac OS X and
Linux.

Most notably, this release fixes a security bug.

For a more complete list of major changes [2] in SeaMonkey 2.13.1, see
the What's New in SeaMonkey 2.13.1 section of the Release Notes [3],
which also contain a list of known issues and answers to frequently
asked questions. For a more general overview of the SeaMonkey project
(and screen shots!), visit www.seamonkey-project.org.

Links:
[1] - http://www.seamonkey-project.org/releases/
[2] - http://www.seamonkey-project.org/releases/seamonkey2.13/changes
[3] - http://www.seamonkey-project.org/releases/seamonkey2.13/

[David E. Ross]

And, YES, the FTP servers have a .mar file for an incremental update
from 2.13 to 2.13.1, which is not what has happened for Thunderbird.

--

David E. Ross
<http://www.rossde.com/>

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation.
© 1997 by David E. Ross

[Rufus]

Grabbed it.

--
- Rufus

[Daniel]

Link (2) gives the very detailed comment that "Nothing but security
fixes" and link (3) just mentions SM 2.13.1 but gives no differences
between SM 2.13 and SM 2.13.1 and the wiki page is as good as blank!!

I know it's all security related but some details would be nice!!

--
Daniel

[Desiree]

"Edmund Wong" <ew...@pw-wspx.org> wrote in message
news:_M6dnfVUP-eBU-XN...@mozilla.org...

Why does the partial update fail? This is the third time in a row that I
have had to endure the very slow servers and download the full update. Why
is this?

I'm not going to further update SM if I have to do these big, slow full
updates.

[Jens Hatlak]

Daniel wrote:
> Link (2) gives the very detailed comment that "Nothing but security
> fixes" and link (3) just mentions SM 2.13.1 but gives no differences
> between SM 2.13 and SM 2.13.1 and the wiki page is as good as blank!!

Changes between minor versions of a release are only to be found on the
Changes page. And "Nothing but security fixes" is exactly what changed
between 2.13 and 2.13.1. There's no point in describing it in more
detail there since the details of security bugs are, like in this case
where mainly a JavaScript security issue was fixed, often not easy to
understand or explain anyway. Or do you understand what "defaultValue
security checks not applied" means?

> I know it's all security related but some details would be nice!!

As always, the following lists the security issues that were fixed:

<http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html>

(linked from the Release Notes as "Security Advisories for SeaMonkey")

HTH

Jens

--
Jens Hatlak <http://jens.hatlak.de/>
SeaMonkey Trunk Tracker <http://smtt.blogspot.com/>

[Sandy]

> Why does the partial update fail? This is the third time in a row that I
> have had to endure the very slow servers and download the full update. Why
> is this?
>
> I'm not going to further update SM if I have to do these big, slow full
> updates.
>

Updated very quickly and easily here using Windows 7 and about 7Meg
download speed. I also live on a small island off the West coast of
Scotland so I am a wee bit remote.

[Frank Wein]

Desiree wrote:
[...]

> Why does the partial update fail? This is the third time in a row that I
> have had to endure the very slow servers and download the full update. Why
> is this?
>
> I'm not going to further update SM if I have to do these big, slow full
> updates.

I assume you use Windows, right? Can you check if in the SeaMonkey
preferences (menu Edit->Preferences...) it says anything useful under
Advanced->Software Installation->Show Update History... ? Like does it
say anything about the failed partial update (the Status field there
should report some error I think)?

Frank
--
Ich habe gerade Zeit - Wo gibt es nichts zu tun?

[Zanqeutil]

Sandy schreef:

I agree

Windows XP 3 Pro.

Very fast update, small file, downloaded so fast that I could barely see
how big it was. Updated from SM 2.12.1 to SM 2.13.1 without any
problems. Seems to use less memory than the previous version on my computer.

Thanks Seamonkey team.

Zanqeutil

[Jim]

I just installed this release. During the install, I received a Norton
Antivirus alert that Suspicious.Cloud.7.F was detected and it "fixed it"
(like fixing a cat maybe :) ).

Anyway, according to MozillaZine, it says this is a false positive,
associated with Foxfire and Sea Monkey. So what did Norton "screw up"
by dealing with this "problem"?

[humptydumpty]

The identical issue happened to me. The Norton fix was to remove the
file which further research identified as nssckbi.dll. In my case, the
result was a certificate error at every secure site I attempted to visit
from my bookmarks.

I did a system restore and am back to running SM 2.12.1 with no problems.

[Desiree]

"Sandy" <sa...@millport.net> wrote in message
news:y8ednfYynp_lyuTN...@mozilla.org...

I'm in the middle of the Pacific ocean and have 15/1 plan but Mozilla has
extremely slow servers....always has. I get about 240KB/sec on download.
>

[Jim]

By golly Mr. Dumpty, I believe you are correct. I also get a security
error at every secure site I visit. As an aside, I first noticed this
when I did a Google search. I never knew that Google had a secure site
until now, but that's where Sea Monkey sent me. For now, I am just
checking out the certificates and then accepting them if the web site is
a legitimate one I go to, and the certificate appears to jive.

[Paul B. Gallagher]

Just updated here. Download took four seconds, install took seven
seconds, plus the time it took me to answer the Windows nag and say
"yes, go ahead and install."

As an experiment, I also went to the SeaMonkey website and downloaded
the full version of "SeaMonkey Setup 2.13.1.exe," declared to be 16 MB,
but the download manager claimed it was 19.1 MB. When it completed, the
download manager reported 19.3 MB, but the Windows property sheet
reported 19.2 MB (20,221,996 bytes). At any rate, this process took the
same four seconds as the other one.

So I don't think the SM servers are the issue for you. I can't have
received it quickly if they are running slowly. There must be something
else going on.

P.S. My Norton didn't alert on any of the files I received or installed.

--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

[Jens Hatlak]

Paul B. Gallagher wrote:
> As an experiment, I also went to the SeaMonkey website and downloaded
> the full version of "SeaMonkey Setup 2.13.1.exe," declared to be 16 MB,
> but the download manager claimed it was 19.1 MB. When it completed, the
> download manager reported 19.3 MB, but the Windows property sheet
> reported 19.2 MB (20,221,996 bytes).

Oops, forgot to update the size information (for quite some time they
didn't change much between releases so I skipped the step upon release
prep). It'll show 19 MB in a few minutes.

Greetings,

[Steve Wendt]

On 10/14/12 12:15 am, Paul B. Gallagher wrote:

> So I don't think the SM servers are the issue for you. I can't have
> received it quickly if they are running slowly.

The FTP server gets pretty slow when there is a new release. If you use
the standard HTTP downloads, you get the benefits of the distributed
mirrors, so it's pretty quick. The primary reason I go to the FTP
server is to see *all* the releases, including betas; a lot of stuff
gets hidden on the HTTP side (reasonably so).

[Justin Wood (Callek)]

Ugh sounds like either they mistook the whitelist here, or your
auto-update by them didn't go fast enough.

[We manually give our files to Norton shortly after they are available
to try and prevent this issue]

I'll reach out to my contact on monday to try and determine what happened.

--
~Justin Wood (Callek)

[Justin Wood (Callek)]

Steve Wendt wrote:
> On 10/14/12 12:15 am, Paul B. Gallagher wrote:
>
>> So I don't think the SM servers are the issue for you. I can't have
>> received it quickly if they are running slowly.
>
> The FTP server gets pretty slow when there is a new release.

Indeed and around the time we released this, there was also slow-down
issues in Mozilla's Datacenter causing some issues and some files to be
transfered around 10 KB/sec or so. For a time.

> If you use
> the standard HTTP downloads, you get the benefits of the distributed
> mirrors, so it's pretty quick. The primary reason I go to the FTP
> server is to see *all* the releases, including betas; a lot of stuff
> gets hidden on the HTTP side (reasonably so).

FWIW, if you use our website to download, you'll *always* get the
fastest download for your location, for our newer[est] releases, since
we go through "bouncer" (Which goes through CDN and/or Mozilla's Mirror
Network to find not only a fast mirror, but one close to you) while
ftp.m.o is (primarily?) served from CA, USA.

--
~Justin Wood (Callek)

[David E. Ross]

I go to the FTP server so that I can also download the related SHA1
checksum. I realize that SHA1 might be subject to some vulnerability.
However, it is still a good way to verify that the downloaded installer
file was not corrupted in transit through the Internet.

[Paul B. Gallagher]

If you'll post a link, I'll test that as well.

I neglected to consider one other possibility: if an ISP or some other
intermediary is caching popular downloads, they could deliver them more
quickly on request than if you downloaded directly from a slow source.

[Rufus]

I use Norton AV and haven't had any of these problems with the Mac
version of SM2.13.1.

I could see that being because of the drag and drop install for the Mac
version, but the other issues with https site have me a bit puzzled...I
use an add-on called HTTPS Everywhere that forces my browsing to https
when available and I haven't seen any problems.

--
- Rufus

[Ant]

On 10/14/2012 1:21 PM PT, Rufus typed:

>>> I just installed this release. During the install, I received a Norton
>>> Antivirus alert that Suspicious.Cloud.7.F was detected and it "fixed it"
>>> (like fixing a cat maybe :) ).
>>>
>>> Anyway, according to MozillaZine, it says this is a false positive,
>>> associated with Foxfire and Sea Monkey. So what did Norton "screw up"
>>> by dealing with this "problem"?
>>
>> Ugh sounds like either they mistook the whitelist here, or your
>> auto-update by them didn't go fast enough.
>>
>> [We manually give our files to Norton shortly after they are available
>> to try and prevent this issue]
>>
>> I'll reach out to my contact on monday to try and determine what
>> happened.
>
> I use Norton AV and haven't had any of these problems with the Mac
> version of SM2.13.1.

I don't think Mac NAV uses cloud to compare files like Windows' version
does.
--
"Lay a stick of bubble gum on an anthill for instant Siamese Ant Twins."
--unknown
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[Robert Kaiser]

David E. Ross schrieb:

> I go to the FTP server so that I can also download the related SHA1
> checksum.

FYI, if you use the SeaMonkey-internal update mechanism, you get both
the advantages of using as-local-as-possible mirrors *and* verification
with a checksum that is not just SHA-1 but SHA-512 - and the checksum
and other info about the update is coming via an encrypted connection
(SSL) that is only allowed to be signed by certain CAs, so that the
delivery mechanism is *really* secure.

Robert Kaiser

[David E. Ross]

Having to maintain two PCs, I prefer to download the update and then
install from my hard drive. For incremental updates via .mar files, I
developed a .bat file script to do this.

What I really want is to download once and install twice. The internal
update capability would download twice to install twice.

I recently obtained an application to compute and verify SHA512
checksums. While Thunderbird updates on the FTP servers have SHA512
checksums as well as MD5 and SHA1, SeaMonkey updates on the FTP servers
have only MD5 and SHA1.

[Rufus]

Ant wrote:
> On 10/14/2012 1:21 PM PT, Rufus typed:
>
>>>> I just installed this release. During the install, I received a Norton
>>>> Antivirus alert that Suspicious.Cloud.7.F was detected and it "fixed
>>>> it"
>>>> (like fixing a cat maybe :) ).
>>>>
>>>> Anyway, according to MozillaZine, it says this is a false positive,
>>>> associated with Foxfire and Sea Monkey. So what did Norton "screw up"
>>>> by dealing with this "problem"?
>>>
>>> Ugh sounds like either they mistook the whitelist here, or your
>>> auto-update by them didn't go fast enough.
>>>
>>> [We manually give our files to Norton shortly after they are available
>>> to try and prevent this issue]
>>>
>>> I'll reach out to my contact on monday to try and determine what
>>> happened.
>>
>> I use Norton AV and haven't had any of these problems with the Mac
>> version of SM2.13.1.
>
> I don't think Mac NAV uses cloud to compare files like Windows' version
> does.

Yuk...don't like the sound of that. Yeah, I still get downloaded NAV
updates and the scans take place locally - at least they do for my
SnoLep installs, Lion *is* a bit different. If the Mac version ever
goes that way I think I'll change protection software. I hope they at
least give you a choice of how to operate...

Frankly, I can't see how enterprise is going to deal with all this
"cloud" nonsense as far as corporate security, copyright, and
proprietary or competition sensitive information go. I've heard the
next version of Office is supposedly cloud-driven. I can't see any
corporate user upgrading to it, for those reasons.

--
- Rufus

[Steve Wendt]

On 10/14/12 12:20 pm, Paul B. Gallagher wrote:

>> The FTP server gets pretty slow when there is a new release. If you use
>> the standard HTTP downloads, you get the benefits of the distributed
>> mirrors, so it's pretty quick.
>

> If you'll post a link, I'll test that as well.

Not sure what you are asking about; this?
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/

[Paul B. Gallagher]

OK, I worked my way down the tree to
<http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/2.13.1/win32/en-US/>
and downloaded the file "SeaMonkey Setup 2.13.1.exe," which took about
two and a half minutes at roughly 105 kbps.

Definitely much slower than the other options.

[Justin Wood (Callek)]

FWIW, I reached them, apparently the way this person did the change
didn't go live to users until today. I also got an automated message
that it did go live, and mistook an earlier message of "successful
submission" as "successful whitelist".

I could have had it live on friday if I submitted it a few hours
earlier. -- I will endeavor to do so in the future.

--
~Justin Wood (Callek)

[Ant]

On 10/15/2012 5:21 PM PT, Justin Wood (Callek) typed:

> FWIW, I reached them, apparently the way this person did the change
> didn't go live to users until today. I also got an automated message
> that it did go live, and mistook an earlier message of "successful
> submission" as "successful whitelist".
>
> I could have had it live on friday if I submitted it a few hours
> earlier. -- I will endeavor to do so in the future.

Thanks. :)
--
"Ants never sleep." --Ralph Waldo Emerson, poet

[humptydumpty]

Thanks greatly. Much appreciated.

[Wayne]

was Thunderbird not affected then?

[humptydumpty]

Thanks, Justin. I updated Norton and installed SM 2.13.1 without
problems. Your intercession and help are most appreciated.

[Bill Davidsen]

I have no idea how you diddle your network settings on Windows, or if they
extend the "We know best" to that, but setting your window size larger often
helps for connections with slow ping times. That allows more packets to be "in
flight" out of the server but unacknowledged by your system. Bigger is better in
this case, defaults were probably set for 640k Windows 95 and never tuned for
current memory sizes.


--
Bill Davidsen <davi...@tmr.com>
We are not out of the woods yet, but we know the direction and have
taken the first step. The steps are many, but finite in number, and if
we persevere we will reach our destination. -me, 2010

[Bill Davidsen]

Good to know, and if you guys ever support 64bit Linux for real instead of as a
contributed build, that would be the way to go.

[Bill Davidsen]

David E. Ross wrote:
> On 10/14/12 3:09 PM, Robert Kaiser wrote:
>> David E. Ross schrieb:
>>> I go to the FTP server so that I can also download the related SHA1
>>> checksum.
>>
>> FYI, if you use the SeaMonkey-internal update mechanism, you get both
>> the advantages of using as-local-as-possible mirrors *and* verification
>> with a checksum that is not just SHA-1 but SHA-512 - and the checksum
>> and other info about the update is coming via an encrypted connection
>> (SSL) that is only allowed to be signed by certain CAs, so that the
>> delivery mechanism is *really* secure.
>>
>> Robert Kaiser
>>
>
> Having to maintain two PCs, I prefer to download the update and then
> install from my hard drive. For incremental updates via .mar files, I
> developed a .bat file script to do this.
>
> What I really want is to download once and install twice. The internal
> update capability would download twice to install twice.
>
> I recently obtained an application to compute and verify SHA512
> checksums. While Thunderbird updates on the FTP servers have SHA512
> checksums as well as MD5 and SHA1, SeaMonkey updates on the FTP servers
> have only MD5 and SHA1.
>

A short word about CRC methods: sources of error are transmission error and
deliberate tampering. the reason people moved away from MD5 was that it is in
some cases actually possible to modify a binary and fudge it to match an MD5sum.
The sha1 is more resistant to deliberate tampering, but since you are getting
the binary and CRC values from the same machine, if someone could hack the
binary they could hack the CRC as well, giving no protection against tampering.

The sha512 is better than sha1 and sha256, but there is a paper out showing that
sha224 is actually more resistant to tampering but less for random errors. I
leave it to you to find and read that topic if you care, the short answer is
that the MD5 is fine as a check for random damage in most cases, and getting the
CRC (of any kind) from the same site as the binary is a risk. If you want
secure, pull the sha512 via ftp from the master server, then download and check
the actual binary from somewhere fast.

[Ray_Net]

I am happy with the MD5 method to check my download.
I use it to check for :
- SeaMonkey Setup 2.12.1.exe
- seamonkey-2.12.1.fr.langpack.xpi
but i did not find the MD5 values for:
- dictionnaires_francais-4.6-fx+tb+sm.xpi
- adblock_plus-2.1.2-sm+an+fx+tb.xpi
- firebug-1.10.3-fx.xpi

[Ed Mullen]

What percentage of people using the Internet actually do some sort of
file check like this? Less than 1 %? Who cares?

You know, "paranoia strikes deep". Sorry, I'm an an old dude thinking
of 60s and 70s music. But, really now, stop obsessing. Get a life. Or,
"into your heart it will creep." Relax and enjoy. Sure, be careful
but, for God's sake, RELAX!!!

--
Ed Mullen
http://edmullen.net/
You have the right to remain silent. Anything you say will be misquoted,
then used against you.

[Jim]

All --

I followed up with Norton with this problem on their forums. The fix
that worked for me -- they told me to restored the file from quarantine
and Norton would no longer mess with it. I did that and that worked.

Also, I submitted the .dll to Norton, and they said they couldn't
reproduce the problem. From the forum users, it appears that some PCs
had the problem and some didn't -- but not sure if they all had this
release of SeaMonkey and Norton.

Also, Norton may have fixed the problem in their antivirus prior to my
file submission.

[Ant]

On 10/25/2012 8:47 PM PT, Jim typed:

> I followed up with Norton with this problem on their forums. The fix
> that worked for me -- they told me to restored the file from quarantine
> and Norton would no longer mess with it. I did that and that worked.
>
> Also, I submitted the .dll to Norton, and they said they couldn't
> reproduce the problem. From the forum users, it appears that some PCs
> had the problem and some didn't -- but not sure if they all had this
> release of SeaMonkey and Norton.
>
> Also, Norton may have fixed the problem in their antivirus prior to my
> file submission.

What's the URL to this Notron forum thread?
--
..."Like me with the anthill in my backyard. I spent days watching the
ants, trying to figure out which ones were good, and which ones were
bad, but they all just looked like ants, so I started smiting all of
them." "Well that's not --" "I was smiting them with the garden hose,
and with lighter fluid, and with the lawnmower, and to be perfectly
honest, I think I went a little crazy with the shovel. Those ants could
have been praying to me all day, I wouldn't have heard them." "There was
nothing they could do about it." "But, I don't think --" "Really, it's
the same with us. There's nothing we can do about anything either, so
why worry about it? Hey, this is making me feel better." "Well, that's
good, but --" "I guess all we can do is live our lives with as much
kindness and decency as possible, and try not to dwell on God standing
over us with a giant shovel."...--Dewey and Teacher in Day Care episode
from Malcolm in the Middle

[Jim]

Ant wrote:
> On 10/25/2012 8:47 PM PT, Jim typed:
>
>> I followed up with Norton with this problem on their forums. The fix
>> that worked for me -- they told me to restored the file from quarantine
>> and Norton would no longer mess with it. I did that and that worked.
>>
>> Also, I submitted the .dll to Norton, and they said they couldn't
>> reproduce the problem. From the forum users, it appears that some PCs
>> had the problem and some didn't -- but not sure if they all had this
>> release of SeaMonkey and Norton.
>>
>> Also, Norton may have fixed the problem in their antivirus prior to my
>> file submission.
>
> What's the URL to this Notron forum thread?

http://community.norton.com/t5/Norton-360/Help-with-false-positive/m-p/825018#U825018

[Ant]

On 10/26/2012 3:47 PM PT, Jim typed:

>> What's the URL to this Notron forum thread?
>
> http://community.norton.com/t5/Norton-360/Help-with-false-positive/m-p/825018#U825018

Thanks. :)
--
"I don't understand them anymore, these people that travel the
commuter-trains to their dormitory towns. These people call themselves
human, but, by a pressure they do not feel, are forced to do their work
like ants. With what do they fill their time when they are free of work
on their silly little Sundays?" --Antoine de saint-Exupéry, 'Wind, Sand,
and Stars,' 1939