It's a core bug, and from what I can see, I assume it also affects
SeaMonkey. Does it affect SeaMonkey? If so, is there work being done to
get a 1.0.2 release out the door ASAP? Are there 1.0.2 candidates
available for testing?
[1]<http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/44d49e09870ae0de>
[2]<http://wiki.mozilla.org/Firefox:Home_Page#Firefox_1.5.0.3_.28Deer_Park.29_Plan>
[3]<https://bugzilla.mozilla.org/show_bug.cgi?id=334515>
--
Chris Ilias
mozilla.test.multimedia moderator
Mozilla links <http://ilias.ca>
(Please do not email me tech support questions)
It does affect SeaMonkey.
The current plan is to skip releasing off Gecko 1.8.0.3 and ship 1.0.2
off of 1.8.0.4. There are a couple reasons for this, but at the top of
the list is that the bug is not a security exploit (at least no one has
produced exploit code). It's a denial of service attack (there are more
of these in bugzilla if you go looking for them). I guess they put
together a FF release in large part because outside sources found the
bug shortly after 1.5.0.2 and they want to get fixed builds out before
the next scheduled point release (due May 25).
--
Andrew Schultz
aj...@buffalo.edu
http://www.sens.buffalo.edu/~ajs42/
Secunia says, the bug is highly critical:
http://secunia.com/advisories/19802/
Is the same bug in SeaMonkey 1.0.1?
Yes, it exists there, and the really critical thing there is that
potentially a specially crafted web page could make your brwoser crash.
Any other exploit is only theory right now, and not proven in any way.
The bug will be fixed in SeaMonkey 1.0.2, which should be released in
3-4 weeks from now.
Robert Kaiser