SeaMonkey 1.0.2, due to bug 334515?
Chris Ilias
soon (targeted for today[2]), because of bug 334515.[3]
It's a core bug, and from what I can see, I assume it also affects
SeaMonkey. Does it affect SeaMonkey? If so, is there work being done to
get a 1.0.2 release out the door ASAP? Are there 1.0.2 candidates
available for testing?
[1]<http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/44d49e09870ae0de>
[2]<http://wiki.mozilla.org/Firefox:Home_Page#Firefox_1.5.0.3_.28Deer_Park.29_Plan>
[3]<https://bugzilla.mozilla.org/show_bug.cgi?id=334515>
--
Chris Ilias
mozilla.test.multimedia moderator
Mozilla links <http://ilias.ca>
(Please do not email me tech support questions)
Andrew Schultz
> According to Michael Schroepfer[1], Firefox 1.5.0.3 will released very
> soon (targeted for today[2]), because of bug 334515.[3]
>
> It's a core bug, and from what I can see, I assume it also affects
> SeaMonkey. Does it affect SeaMonkey? If so, is there work being done to
> get a 1.0.2 release out the door ASAP? Are there 1.0.2 candidates
> available for testing?
It does affect SeaMonkey.
The current plan is to skip releasing off Gecko 1.8.0.3 and ship 1.0.2
off of 1.8.0.4. There are a couple reasons for this, but at the top of
the list is that the bug is not a security exploit (at least no one has
produced exploit code). It's a denial of service attack (there are more
of these in bugzilla if you go looking for them). I guess they put
together a FF release in large part because outside sources found the
bug shortly after 1.5.0.2 and they want to get fixed builds out before
the next scheduled point release (due May 25).
--
Andrew Schultz
aj...@buffalo.edu
http://www.sens.buffalo.edu/~ajs42/
Adrian (Adrianer) Kalla
> It does affect SeaMonkey.
>
> The current plan is to skip releasing off Gecko 1.8.0.3 and ship 1.0.2
> off of 1.8.0.4. There are a couple reasons for this, but at the top of
> the list is that the bug is not a security exploit (at least no one has
> produced exploit code). It's a denial of service attack (there are more
> of these in bugzilla if you go looking for them). I guess they put
> together a FF release in large part because outside sources found the
> bug shortly after 1.5.0.2 and they want to get fixed builds out before
> the next scheduled point release (due May 25).
Secunia says, the bug is highly critical:
http://secunia.com/advisories/19802/
Is the same bug in SeaMonkey 1.0.1?
Robert Kaiser
> Secunia says, the bug is highly critical:
> http://secunia.com/advisories/19802/
>
> Is the same bug in SeaMonkey 1.0.1?
Yes, it exists there, and the really critical thing there is that
potentially a specially crafted web page could make your brwoser crash.
Any other exploit is only theory right now, and not proven in any way.
The bug will be fixed in SeaMonkey 1.0.2, which should be released in
3-4 weeks from now.
Robert Kaiser