[Fwd: Re: New Mozilla vulnerabilities??]
Stephen John Smoogen
smooge at gmail.com
Fri Jun 9 17:44:18 UTC 2006
On 6/9/06, Josh Bressers <bressers at redhat.com> wrote:
> >
> > Matthew Miller wrote:
> > > On Sat, Jun 03, 2006 at 02:36:13PM -0500, David Eisenstein wrote:
> > >
> > >>It mentions a bunch of vulnerabilities (all of which seem to affect
> > >>Seamonkey, Thunderbird, and Firefox). After looking at each VU#, it appears
> > >>that none of the announcements mention the Mozilla suite. Also, at least as
> > >>of last night, none of them mention any CVE #'s.
> > >
> > >
> > > No updates for Firefox for Fedora Core yet, either....
> > >
> > > <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194617>
> > >
> >
> > I heard a rumor the other day that Red Hat Enterprise Linux may be planning
> > to replace Mozilla with Seamonkey in their currently-maintained distros. Am
> > wondering if there is any truth to this rumor? Also wondering if there is
> > anything we in Fedora Legacy can do to help in this process of dealing with
> > these critical Mozilla/Firefox/Seamonkey bugs?
>
> This is true. We're going with seamonkey in RHEL. I think this current
> round of issues is proof as to why this has to happen. Backporting to the
> firefox 1.0 branch is nearly impossible given the drastic changes between
> versions.
>
> Right now we're furiously working on backporting patches for the most
> critical issues. If you want to help mail Chris Aillon (caillon at redhat)
> with your request. He's currently heading up a small group of various
> distributors trying to get all this work done.
>
I would say that it is not worth the effort to do that much
backporting. I am having to deal with sites that just want to block
old Firefox browser strings anyway at their firewalls. So my day job
is basically going to be get 1.5.0.4{5,6,7} onto RHL-7.3 -> RHEL-4
anyway.
My {I am not much of a coder, but have to deal with the mess left over
by them} possition would be that getting a modularized javascript
interpreter written, debugged, security minded than trying to back-fix
things might be a better idea.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the Fedora-security-list
mailing list