Received: (at 39766) by debbugs.gnu.org; 10 Mar 2020 17:27:39 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 10 13:27:39 2020 Received: from localhost ([127.0.0.1]:53240 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1jBifL-0005Yz-C2 for submit <at> debbugs.gnu.org; Tue, 10 Mar 2020 13:27:39 -0400 Received: from mail-wm1-f50.google.com ([209.85.128.50]:54324) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <anto.trande@HIDDEN>) id 1jBicV-0005Tb-Sm for 39766 <at> debbugs.gnu.org; Tue, 10 Mar 2020 13:24:44 -0400 Received: by mail-wm1-f50.google.com with SMTP id n8so2322832wmc.4 for <39766 <at> debbugs.gnu.org>; Tue, 10 Mar 2020 10:24:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:references:autocrypt:message-id:date:user-agent :mime-version:in-reply-to; bh=UVhxcfsgE9nKeNQJV1shWLC8HlEZtQWA274STPss2UI=; b=vEEfx/f252ZyhEoMbNJosjUsadcmuIgfZyrPWbeyd0KZYfPUem1H4pnmA99l5jwflB 90ONfWztIQQX6ZqsTLdah9O/uVhDZvN8S7qEGThnCdsN1AdEoEBfSUPiFr/kN4KL/sD7 3XBR9gWmH1+Ze3mTSM16ImdR8Ey+zWQKLU087aibGSFJwz4XJWxbQpjhPdlacAHIAHmy YlrK5NaTIF3lXIjo0KTH1arue5cguF8VVnRdGnllHZnXmvUdEADfUHHqeVwytZNYYauv XPA1x42K6cwxAagyRe/O6g9tp8xwiRiYoPgFt7hss+4lBbNvnZIjaKggBkKfBEfGNkq2 lfPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=UVhxcfsgE9nKeNQJV1shWLC8HlEZtQWA274STPss2UI=; b=TFmsS7jL6glACINVUTY4y58DhUt0TInr4HBKC/Ed/zTa2nAQp9up46pq15wVjg2O1t 7k87HnV4EB3k3yRcca1YlMHRkLhfKr4esSH28HzXwbzDBmgM2dS/CnRg0GfdEd026Osw WqhPzljtknEF5lx/hte6jZIzkWY74Ml2WF/zKhOy3W6yPJx6rWm83Zqmj+ziLu9KN/XS 4bLHmskfS/z1CdFYalHtEdpLoKhVzG76Zoda/DFS5aLGy5m6vqPod8ymh9rGXdb6qRzV Im1hIqquPvWDqtxq2l/sHtyDN+v0ffxqnnYlFff0LlkctYg1bzzHyrD+q5t8zwzudWd2 aAhA== X-Gm-Message-State: ANhLgQ0IlZLuxqPtwWOH58eaPQx6VzUbyjJvp/2JsJ/6pZLq86i7OWE3 x2FVDpUCtZaoZk0JyzDzVAE= X-Google-Smtp-Source: ADFU+vsEb8s3VHfniplGiJ/tp2/GJOaxF4yTUYNaoP6cSilwus7eC7ptH1XPsnQ+TaHPwfSmxcSc0A== X-Received: by 2002:a1c:9d09:: with SMTP id g9mr3224051wme.68.1583861077878; Tue, 10 Mar 2020 10:24:37 -0700 (PDT) Received: from localhost.localdomain ([37.77.122.222]) by smtp.gmail.com with ESMTPSA id c3sm16389595wrw.95.2020.03.10.10.24.33 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 10 Mar 2020 10:24:37 -0700 (PDT) From: Antonio Trande <anto.trande@HIDDEN> X-Google-Original-From: Antonio Trande <sagitter@HIDDEN> Subject: Re: bug#39766: Security-Problems, probably known To: "info@HIDDEN" <info@HIDDEN>, 39766 <at> debbugs.gnu.org References: <20200224110908.GA30626@HIDDEN> <368582f2-a547-5585-e995-ca343ab1927c@HIDDEN> <1d0e372c-1427-ae8d-8fde-4cf6385bd6ff@HIDDEN> Autocrypt: addr=sagitter@HIDDEN; prefer-encrypt=mutual; keydata= mQSuBF2y7VURDAD3VN0+cpPnzexleHqLyrd/nbOygmhJVbITCnLU0cHdfMov0Qup1cyU5wYO s7YG1PJBvwI6bRQkpTpaNS9ECSn6PNraZzPI8dvpZwTlFWNXhV5iFL9sYVRZRKsMKXDwi+mu IqgawSEqAeZ4aW1TfNItSFq0lX6xgxczxDJgibelquHfV5Nhpe7WUEDSld3WpVIgMFyUk/vG d/vw1nHZyE7jmQURaeWbAtjbGjMDNMQLf9wTnXPGU5OlS+Wx5J3Pom5Qk97aFAUQPogFmuxM qgNqSNxRLkckfbVNMwbhePXDnyKeQUTTGFel+P5NYlM4vZ+3SmJqC/Cw8+o7F/jNLKR5ZUxH 3YOFYHC6GX3aA9eA47u+nNhOCMhjYM6fuM6cce9p37C4EC4FBwvjZHZm3m+QhH0zyJdP1uE6 xdUeMNe6Z+x9x8qx1wChp87MRhQ92xscpOloi/1d6Yu20tYST+XzHbRhPYkjD721qmhXwaL2 WYsZ29i2O7zqimgTOxMHdl8BANewKKtyFEBRsImMbkdF9CG5rLXJhKOoiY6MOZUL7+0vC/oC 57Q1p5GN/gZs2pPhXP1ycE5S6bqxglyS2qabIAHeMqi2eKGphkVHkqmH7OH3dvbFwqi1/kKs lTzBD1KbFfBdZrEdyG9/zsiiDHwXTVrESD7BosXaa4DHN+LxCMeSBYp3CY55d8o1Bsl7TCQz NdalVpwtBI1q2nzgOM0aXZyRom022BeuJpyOX+lyiw3LefdsDD9bHP1nOQ/Y/8HzWWmdVcjJ U4bi44bBYhTps5rzR+m2R0u4BEBm1hIE/FyaeMsO/HMzY/LU9cF8nc+rTYRywgmWp8/XNXEY vBOQ/ZlM/QTlcu97NQQWI9Q/7jdHQAKvgC5O7wT/NN6Kr7zpt+fyPOVv27hnI3SEx1S1Ko5u 6RE32whkBlF7ortd1UDCkHA/PDhAkim2x38XD+yJ50FFwiOs5eCTXYKSPMtnLJYe0M0W5Se3 8Nr9jzxMxuw+87XhxAtybey2heNun2n71gOZtdS5Ll0QaL7o2OqQiWv4+vZ5Mx4AbWlQUJ3M qCtGTF8L/0lvwFU7C4rDlLnlzWppJGuwTZiutWdPNq1PHtrplEapOw9V/gpwtFefxgh7810l uDDYA6T2jreV6gCEhn85zdjwJSUH5tyFIHVWxWxAjvL8DtW7MFXKGm8Mb98lK4cmT4Iq5aHy c5+IoZYuE8WJ3x9zgXCRe/ob3bGMU6LTuazS13VcoeytrmzdH88UkUVMkIFUSlFcYMpdgyv7 LBb0QXaHLdttJeY3YNfCpcEOrfffzm/UJ9tTrb5ZW6pLQz0oebTNchbpPzebnckfjrwDReqL +OXGiOa4jzR2Gg6vijgpVGgwrGGoh0kPcx3Qj1CQzpk5h7e5D7/5tF/kcf2grxNuZmms0qH5 xBCDZUtSqt4Ta+rVfKRk+70Orez5uYf+BbpLmVy2Em5eFNyKD9+eW/uYRaRn5tg8mDjlVDNn CZm1CU6lQP+VQ9STg04OL+KZeXfim1XH3dC85Bd83I7ncdcWwm2oBAoWK/RqxFnHC38TvxNy ZI9arD49aphfHWPuN7RBQW50b25pbyBUcmFuZGUgKEZlZG9yYSBQcm9qZWN0IDIwMjApIDxz YWdpdHRlckBmZWRvcmFwcm9qZWN0Lm9yZz6IlgQTEQgAPhYhBMp8RITaal0/cG930nsw7gTl dqqEBQJdsu1VAhsDBQkB66fbBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHsw7gTldqqE z+EA/2iKoToDux82nIGdGxuukwZHM2fv/zed76yhJp0pBnLyAP9b0ufjfzM2J8sKGgsTRbDq GEw3INc9iNQKWolgjEd4q7kEDQRdsu1VEBAAybID/xTY53ajol+tm2eQze1K/E9OEFtuXfQK 0QLyf/ZGYzWK0d92HDjj7u/K2BRPh4oQSC3M6pXsWMdEAslcGGFFsn2qZmpbt6/wujCrNc3X 9AMsoBSHi5cPEZ9EGRz2FVS3gSPIF7oHg3i8tuhAg/rvCX4r5cs5/AXxXdycuIqMJDH/JyBE zarxAIa433b3KKu4GhYbAFFbgeUJAdGUMGjtPozOqY+fY43eyhFG4nYTM31nwD6KxK67V7Ts WKTOAu8XeOpz2Wov09H42Buq+FkStk0xLGV8lYXCvhx0O0zxSSXoS6ve0XyLFKIgff8k/GTN HVMq6v3syMEJqI8PNm5MAIyQBJdRJyKHkgjiSfctd15i1qYQF+4UWQvWcZGjPwD22PI71bge mOrkxMzUezngV9dMJoIhPakXzl5X2+1yNl0QlviaVxrgvvEN0kgi60x/wH6B1lo/MPiiE9zi xF8b0YjO0Gte59LDLU0HMEOZhXH6oXfJy73i1VLzZuExpfO4MYsxYQYKhxkT+9R8B7JxgUSu YQiJL4eNXXeIWdthIRwM1+YU5s3CHuQ+AV1Y+0zIWQSC7Npx0o1ClI8BZELdgAZxRHroUjEN Q0pP3isfkCocth6eoVd6E2MHpRRS3b6xZQUMr3GSBUhEmIH1iomB6OijiYueznh0ALSmLj8A BA0QAJwyo2EX6HVDHBWHiGzE/Yh4nrsu9Z5Z2G0h0INuKC81TQtaL/Em6cHu23aO7jNIm7jJ yi4Jv2oFVtOVFWcCdRSDOjJwfiVG6BgX6X0oer4/kJzKLecS4fkSHcmtHluKBZUsgslvyEAJ +CncPYIuo+YyjfJy/uQfSF1CJl7dWTzm6mKEiusENZu579bQ8H+nVlNYEbqXLHEICdT7i13s QHIDacpiuycPVcofVUqV9XRVgEZ7Kk4GgkVNuIsossr0JoFVcOP0JZHzJQkPcl8SVlqSoeO3 YrSp3LfQacJAw6ku0XOIepQNh+iw4SCEJ6IUwm2E1TDVEMuWqWNOXUpmFU4BtHH14l4D7Rzr zdlZ+a5NK+PRzIHcFm/MGplEeMjopQG95sd3hqrka5CLpIViwt9es/4KMb5au+odo/f7p1xS PoZ2MxfkMTiLOHMBkitcA4t8fVWX+ztNWOl8mvdZATZQnKm+A61Wxq2dEXOoCbCe+enD2kGL NtLc+h5fOVdTnQrtU1CJ5QcmUNQqXn4LFtRS+vo1DW6klrHWE3fVdWZYlebOMUdbTXgaOhl+ l/fnAAUIdMEvf+Z+9Kf+VkdzfDJhXRry8kkAqVMT12BUwJK/C50wEpk8fo+J1pmOuUv/tqMd W2Cr/4ZNJ/ugKjyvi5BZnDe3JQDeJzlkp5qH6fejiH4EGBEIACYWIQTKfESE2mpdP3Bvd9J7 MO4E5XaqhAUCXbLtVQIbDAUJAeun2wAKCRB7MO4E5XaqhJ/IAQDDGUy4hWJi6lPiSwB3KUi/ PY0O+1dDM4d5xaPdkIk2RAEA1Dtll06A/WX/f6JxgxxUcaTE+jXrEzb4uy60ywJusyM= Message-ID: <68eba345-dd0b-39a7-bb7e-190d6265a159@HIDDEN> Date: Tue, 10 Mar 2020 18:24:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <1d0e372c-1427-ae8d-8fde-4cf6385bd6ff@HIDDEN> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="U8KAxmgVweIEn5CWnY2cNaxvZ7UmjCWHY" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39766 X-Mailman-Approved-At: Tue, 10 Mar 2020 13:27:37 -0400 Cc: help-gnuzilla@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --U8KAxmgVweIEn5CWnY2cNaxvZ7UmjCWHY Content-Type: multipart/mixed; boundary="Vo92cqJLCZGHtumAmHAZxjCcqrHIAUVTW" --Vo92cqJLCZGHtumAmHAZxjCcqrHIAUVTW Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable These issues have been fixed with Firefox ESR 68.4.1; current IceCat release on 68 branch is the 68.6.0. So, what's the problem? On 10/03/20 10:29, info@HIDDEN wrote: > Hello, >=20 > It seems no one has replied to this. I think IceCat should no longer be= > recommended to users until this issue is resolved especially since > IceCat is advertised as a browser with "Privacy protection features". > Suffice to say such protection features are no good if the browser > itself is vulnerable to the types of vulnerabilities as eluded to befor= e. >=20 > I understand that there aren't sufficient developers to maintain IceCat= > but that does not mean the GNU website should offer the browser without= > at least clearly addressing it's potential vulnerabilities on the > appropriate webpages. >=20 > As of now, users might download, install and subsequently use IceCat > with the understanding that they have downloaded a browser with enhance= d > privacy protection features while not being aware that it is potentiall= y > susceptible to recently discovered vulnerabilities. >=20 > This is precisely the sort of situation that free software, and free an= d > open information should prevent. >=20 > I hope we can resolve this quickly. >=20 > Kind regards, > Corne >=20 > On 2/24/20 7:05 PM, info@HIDDEN wrote: >> Hello, >> >> I was also really wondering about this as the current version of IceCa= t >> is a version of Firefox that was affected. >> >> On 24-02-2020 12:09, Arne Wichmann wrote: >>> Good day tou you! >>> >>> I see here some security problems referenced for Firefox, which are >>> probably applicable to Icecat, too: >>> >>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and >>> FallibleStoreElement >>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp >>> >>> More less critical ones are referenced, too. >>> >>> Are there plans to adress these? >>> >>> cu >>> >>> AW >>> --=20 --- Antonio Trande Fedora Project mailto 'sagitter at fedoraproject dot org' GPG key: 0x7B30EE04E576AA84 GPG key server: https://keys.openpgp.org/ --Vo92cqJLCZGHtumAmHAZxjCcqrHIAUVTW-- --U8KAxmgVweIEn5CWnY2cNaxvZ7UmjCWHY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iHUEAREIAB0WIQTKfESE2mpdP3Bvd9J7MO4E5XaqhAUCXmfNSwAKCRB7MO4E5Xaq hDjzAQDQuwUovMKltVpj3W2vfQ7UGm891t3+Npk7PONv6dglaAEAg7luqDiCewIO cOpkWi8i3pyy2fbCAoM7KnCGh6yAasc= =gJDW -----END PGP SIGNATURE----- --U8KAxmgVweIEn5CWnY2cNaxvZ7UmjCWHY--
bug-gnuzilla@HIDDEN:bug#39766; Package gnuzilla.
Full text available.Received: (at 39766) by debbugs.gnu.org; 10 Mar 2020 17:27:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 10 13:27:21 2020 Received: from localhost ([127.0.0.1]:53238 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1jBif0-0005YT-OM for submit <at> debbugs.gnu.org; Tue, 10 Mar 2020 13:27:19 -0400 Received: from s02.spamexperts.axc.nl ([185.182.56.112]:53047) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <info@HIDDEN>) id 1jBiew-0005YE-E9 for 39766 <at> debbugs.gnu.org; Tue, 10 Mar 2020 13:27:15 -0400 Received: from vserver22.axc.nl ([185.182.56.82]) by s02.spamexperts.axc.nl with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <info@HIDDEN>) id 1jBieh-0005NE-Au; Tue, 10 Mar 2020 18:27:07 +0100 Received: from mail.axc.nl ([185.182.56.42]) by vserver22.axc.nl with esmtp (Exim 4.92) (envelope-from <info@HIDDEN>) id 1jBieM-008lcG-8j; Tue, 10 Mar 2020 18:26:38 +0100 Subject: Re: bug#39766: Security-Problems, probably known To: Antonio Trande <anto.trande@HIDDEN>, 39766 <at> debbugs.gnu.org References: <20200224110908.GA30626@HIDDEN> <368582f2-a547-5585-e995-ca343ab1927c@HIDDEN> <1d0e372c-1427-ae8d-8fde-4cf6385bd6ff@HIDDEN> <68eba345-dd0b-39a7-bb7e-190d6265a159@HIDDEN> From: "info@HIDDEN" <info@HIDDEN> Message-ID: <447714f2-3d8f-14bc-b298-51d99e00c333@HIDDEN> Date: Tue, 10 Mar 2020 18:31:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <68eba345-dd0b-39a7-bb7e-190d6265a159@HIDDEN> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit PrimaryMX: Accepted email from trusted host. Hint: This skips spam scanning so make sure other host is not vulnerable SPFCheck: Server passes SPF test, -30 Spam score X-Relay-Host: 185.182.56.42 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "vserver22.axc.nl", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Current binary release is 60.7.0 which is vulnerable and that is the problem, see: https://ftp.gnu.org/gnu/gnuzilla/?C=M;O=D On 3/10/20 6:24 PM, Antonio Trande wrote: > These issues have been fixed with Firefox ESR 68.4.1; current IceCat > release on 68 branch is the 68.6.0. So, what's the problem? > > On 10/03/20 10:29, in [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: gnu.org] SpamTally: Final spam score: -90 X-AuthUser: X-Originating-IP: 185.182.56.82 X-SpamExperts-Domain: vserver22.axc.nl X-SpamExperts-Username: 185.182.56.82 Authentication-Results: spamexperts.axc.nl; auth=pass smtp.auth=185.182.56.82@HIDDEN X-SpamExperts-Outgoing-Class: unsure X-SpamExperts-Outgoing-Evidence: Combined (0.38) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0c21/ZGerkmA2qMAhBYlqympSDasLI4SayDByyq9LIhVV3P7+zsTsdAW TjhbpwStAkTNWdUk1Ol2OGx3IfrIJKyP9eGNFz9TW9u+Jt8z2T3KePJuGUY65Cj4Uh2i3OwwYkYA pUp/khQ8H7I+V6VJNBdi8wWc+4yCPv0u8PqCFiEnIYC5b43V6PyRGXLrVQdw5PqSjx73F0p/XGxX 8YQS/6K/q5f5MtjuoCH585QksFvpWmuNA8WTybi1JN85FSnfKQQaH2wjyOen9n43sb5/bwtpw2IT CGzTa8j2UYVqjPqMPx7YKSc64FgIFBfuASKVtwbG1HJMGGaR7kqafQye7jY7YxJrtChiZZEdCQqr ceoTbmvTNWWAwO5ZPceCdI3FV4H8dkRkFi5XTKWKzjwdbpCb662/rVKGbaZ5TUU0LhsTBQUpxGu6 0ep3MKn/Zxd12697IdvSIUBO8mbZ+L0zAAGo2nDJJ7etIbmtBL4g5Nq7vvE/X9f4ikS6v/cnqp1T bBmSvC6qJad8oDRDO7zv2HyUKXBN5egnPhpSCzBGhpXdr4g47/dXqNFGfPUjdI4X5Q2QEetkvH00 /xmn6oF5z8skuB4fLNdsm49znGEOwW1RyaT+fhnmPmZ+OUuV5BM6eyy5Vo6xOiF9lxkCbdmQZuSv ViZm4XpHa4HCbA5RwXWosUtN6Zd4kJhNnLO7YVLjnuJrRiSq8ksEBlGWXxXc8TirIo0LA+KZk1ak xG4AJe2OzhRC7isOoIq7T/qV3mBwXVMwvu8lQhYAhscMiq2v7oKxgvqz+DMwHjW2kjiNWALMUyQ5 +BVz8/sZB2WQ295Xe/5HTkpQ5VFDq5iH+oIzk3hP2ts4KzDEMQk6HpPAIpm9XPWlFdaGOH191uXj gjQN/cAhfvkuvQuvUgfMQyJsPqpCLx99Idn15jlF1y/kvN+ftz0IZNnK945Xfgrb1AV15ncehzMV YKlZeUETYXlVkozvpZLSAr3jBzAtGBhZHAsUVOtEHDFKmZKcB0WKucuGpzKuauQo9YUZtcE0zacu y9Bgicwe2ic7PfN3cCzD4rmaMJM04c3rsnK5BEzcM+hsjg== X-Report-Abuse-To: spam@HIDDEN X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39766 Cc: help-gnuzilla@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Current binary release is 60.7.0 which is vulnerable and that is the problem, see: https://ftp.gnu.org/gnu/gnuzilla/?C=M;O=D On 3/10/20 6:24 PM, Antonio Trande wrote: > These issues have been fixed with Firefox ESR 68.4.1; current IceCat > release on 68 branch is the 68.6.0. So, what's the problem? > > On 10/03/20 10:29, info@HIDDEN wrote: >> Hello, >> >> It seems no one has replied to this. I think IceCat should no longer be >> recommended to users until this issue is resolved especially since >> IceCat is advertised as a browser with "Privacy protection features". >> Suffice to say such protection features are no good if the browser >> itself is vulnerable to the types of vulnerabilities as eluded to before. >> >> I understand that there aren't sufficient developers to maintain IceCat >> but that does not mean the GNU website should offer the browser without >> at least clearly addressing it's potential vulnerabilities on the >> appropriate webpages. >> >> As of now, users might download, install and subsequently use IceCat >> with the understanding that they have downloaded a browser with enhanced >> privacy protection features while not being aware that it is potentially >> susceptible to recently discovered vulnerabilities. >> >> This is precisely the sort of situation that free software, and free and >> open information should prevent. >> >> I hope we can resolve this quickly. >> >> Kind regards, >> Corne >> >> On 2/24/20 7:05 PM, info@HIDDEN wrote: >>> Hello, >>> >>> I was also really wondering about this as the current version of IceCat >>> is a version of Firefox that was affected. >>> >>> On 24-02-2020 12:09, Arne Wichmann wrote: >>>> Good day tou you! >>>> >>>> I see here some security problems referenced for Firefox, which are >>>> probably applicable to Icecat, too: >>>> >>>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and >>>> FallibleStoreElement >>>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp >>>> >>>> More less critical ones are referenced, too. >>>> >>>> Are there plans to adress these? >>>> >>>> cu >>>> >>>> AW >>>> > >
bug-gnuzilla@HIDDEN:bug#39766; Package gnuzilla.
Full text available.Received: (at submit) by debbugs.gnu.org; 10 Mar 2020 14:28:43 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 10 10:28:43 2020 Received: from localhost ([127.0.0.1]:53026 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1jBfsA-0007aK-SW for submit <at> debbugs.gnu.org; Tue, 10 Mar 2020 10:28:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:44496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <info@HIDDEN>) id 1jBb8k-0003Wz-Ji for submit <at> debbugs.gnu.org; Tue, 10 Mar 2020 05:25:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48092) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <info@HIDDEN>) id 1jBb8j-0003Aw-EL for bug-gnuzilla@HIDDEN; Tue, 10 Mar 2020 05:25:30 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <info@HIDDEN>) id 1jBb8i-00079o-5T for bug-gnuzilla@HIDDEN; Tue, 10 Mar 2020 05:25:29 -0400 Received: from s02.spamexperts.axc.nl ([185.182.56.112]:41493) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <info@HIDDEN>) id 1jBb8f-0006x2-Cl; Tue, 10 Mar 2020 05:25:25 -0400 Received: from vserver22.axc.nl ([185.182.56.82]) by s02.spamexperts.axc.nl with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <info@HIDDEN>) id 1jBb8W-0003vu-1j; Tue, 10 Mar 2020 10:25:21 +0100 Received: from mail.axc.nl ([185.182.56.42]) by vserver22.axc.nl with esmtp (Exim 4.92) (envelope-from <info@HIDDEN>) id 1jBb8L-006yeh-79; Tue, 10 Mar 2020 10:25:05 +0100 Subject: Re: bug#39766: Security-Problems, probably known To: bug-gnuzilla@HIDDEN References: <20200224110908.GA30626@HIDDEN> <368582f2-a547-5585-e995-ca343ab1927c@HIDDEN> From: "info@HIDDEN" <info@HIDDEN> Message-ID: <1d0e372c-1427-ae8d-8fde-4cf6385bd6ff@HIDDEN> Date: Tue, 10 Mar 2020 10:29:50 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <368582f2-a547-5585-e995-ca343ab1927c@HIDDEN> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 8bit PrimaryMX: Accepted email from trusted host. Hint: This skips spam scanning so make sure other host is not vulnerable SPFCheck: Server passes SPF test, -30 Spam score X-Relay-Host: 185.182.56.42 SpamTally: Final spam score: -60 X-AuthUser: X-Originating-IP: 185.182.56.82 X-SpamExperts-Domain: vserver22.axc.nl X-SpamExperts-Username: 185.182.56.82 Authentication-Results: spamexperts.axc.nl; auth=pass smtp.auth=185.182.56.82@HIDDEN X-SpamExperts-Outgoing-Class: unsure X-SpamExperts-Outgoing-Evidence: Combined (0.37) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0c21/ZGerkmA2qMAhBYlqympSDasLI4SayDByyq9LIhVeAA4E8d7j74C HouF4CpeQUTNWdUk1Ol2OGx3IfrIJKyP9eGNFz9TW9u+Jt8z2T3KePJuGUY65Cj4Uh2i3OwwYuIB FIzMWo6hpoEMRIgL+9sn0zGVpG0c6zkK2erhX3IBQEJ7CzvDpS++3d23c94qhq8uYoOybhvnnFLf wJrV7qYxOEnX8zgzl/R7TYEOW+/nF3ec9p+LIJZNn+ZU1p8L27r+KYLTTm/GWD/uBn6U0gY04npx Wlq2P0Wj4LKWBk7zwmsL1QouhwwuwaEg6acCMy2UzZMb4kuX6D5eETmGUuUcqbdy+7WYS7ujrPXH qhox0HpT3S2SFmqVvJUoDpLg153GLC8mUuZ69ZuJHxVoTX+2hjnXmPuZpD5ALRwGiv0ZChNE2HVO gSnsCR/VCR1em3TaVz/7pRFegyFAy3NGHeok5WBPmXJ/Kdaz6RuuD9cuo6y2shoCA2iF+tBt75gH +amHZ7x6u9Brd8pYitTyb+KBE9EEBMUUr/EeHfiqlF+7YOaeuiH/yEdZH8S1+TgcJBOjh0vPxcQO jKKOrYIQYpwamUdylUIKhf3z2GAHxH7ItK/fbC3fJgkL7hvQ995X8KTY4Zbeyl3eNW4IAoy5+BdB Xz790yMtq6d2IMRosM1Lz4gcUBegcV7vZJaIiEo2SD9VKXB7fqUmI5FNjfBO/A7g7tbTiKU7sa8y wZQEu33tERWeKKG4PAQYNyavp7c49EN7brS9MRCben9MugshJqaLGcWW448WoxHX6ojCPCMQFRFM a/vW1Fx3U8kCRfDyui3LCmcldLypr1tqR1P42GAHvzL7egntIuzWc454Pn0ilnL0+YNBRaTiw1qA w0rTAH6m+UeFXprlCOm3BAEbJtCtRwosParqTl7hy89HQrA8BIExPWPgIB62PjgcP/Vy4jfV62kT ht0+bD/yaxKQmg6tP1GMDhHqwwIEZ7GVleVYMG1QP35nsYfP84c+RFK3KqN3P9gfVJTm3zezSOvX iuQZrqpC1wjAV/qK1pG17sL3 X-Report-Abuse-To: spam@HIDDEN X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 185.182.56.112 X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 10 Mar 2020 10:28:40 -0400 Cc: help-gnuzilla@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.7 (/) Hello, It seems no one has replied to this. I think IceCat should no longer be recommended to users until this issue is resolved especially since IceCat is advertised as a browser with "Privacy protection features". Suffice to say such protection features are no good if the browser itself is vulnerable to the types of vulnerabilities as eluded to before. I understand that there aren't sufficient developers to maintain IceCat but that does not mean the GNU website should offer the browser without at least clearly addressing it's potential vulnerabilities on the appropriate webpages. As of now, users might download, install and subsequently use IceCat with the understanding that they have downloaded a browser with enhanced privacy protection features while not being aware that it is potentially susceptible to recently discovered vulnerabilities. This is precisely the sort of situation that free software, and free and open information should prevent. I hope we can resolve this quickly. Kind regards, Corne On 2/24/20 7:05 PM, info@HIDDEN wrote: > Hello, > > I was also really wondering about this as the current version of IceCat > is a version of Firefox that was affected. > > On 24-02-2020 12:09, Arne Wichmann wrote: >> Good day tou you! >> >> I see here some security problems referenced for Firefox, which are >> probably applicable to Icecat, too: >> >> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and >> FallibleStoreElement >> CVE-2019-17017 - Type Confusion in XPCVariant.cpp >> >> More less critical ones are referenced, too. >> >> Are there plans to adress these? >> >> cu >> >> AW >> > > >
bug-gnuzilla@HIDDEN:bug#39766; Package gnuzilla.
Full text available.Received: (at submit) by debbugs.gnu.org; 24 Feb 2020 18:15:01 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 24 13:15:01 2020 Received: from localhost ([127.0.0.1]:54050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j6IFw-0001Zl-Ew for submit <at> debbugs.gnu.org; Mon, 24 Feb 2020 13:15:01 -0500 Received: from lists.gnu.org ([209.51.188.17]:56394) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <info@HIDDEN>) id 1j6I7B-0001MX-EI for submit <at> debbugs.gnu.org; Mon, 24 Feb 2020 13:05:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:55409) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <info@HIDDEN>) id 1j6I7A-0003nZ-Ab for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 13:05:57 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <info@HIDDEN>) id 1j6I79-0001Ss-0U for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 13:05:55 -0500 Received: from s02.spamexperts.axc.nl ([185.182.56.112]:41703) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <info@HIDDEN>) id 1j6I78-0001PM-Pt for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 13:05:54 -0500 Received: from vserver22.axc.nl ([185.182.56.82]) by s02.spamexperts.axc.nl with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <info@HIDDEN>) id 1j6I73-00084v-7u for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 19:05:51 +0100 Received: from mail.axc.nl ([185.182.56.42]) by vserver22.axc.nl with esmtp (Exim 4.92) (envelope-from <info@HIDDEN>) id 1j6I6s-001xer-M2 for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 19:05:38 +0100 Subject: Re: bug#39766: Security-Problems, probably known To: bug-gnuzilla@HIDDEN References: <20200224110908.GA30626@HIDDEN> From: "info@HIDDEN" <info@HIDDEN> Autocrypt: addr=info@HIDDEN; prefer-encrypt=mutual; keydata= xsFNBFhJEIkBEADOo1uqQuwqWyjCd8iXWxVaGfmcaHtY/bjG8Rx5s/cB5jTwgXveG4hvEhAG 9KajjQw9exDLcuwvMjlBY1pM0utNC3I8gK9uHwiQ5MHknL76JhvTOzVot98+pZXVIMmc0IqX uG53NJoxxdYNgVgcdwMJEwPdBVbUVQvHdml6HtZdJULttn0D/RDgKFrgYKrx17g0flaIU/at G8eR9mG0ZRWxWZcubi2je7JAVQ6Myix0alu0Dod9xR10sm4A/Hja04NAKtquj/AUa14C247q WpS/cvkhRTEERbkAwdCDP8zWWk/VpPWBULmlCNWuzHncMyBod82mmWDtniOKIWrUWD+7YAu2 oN/6lffBFvQoOYwr4Fg2tTl5sXvr0++SFNOTOWgxM1dH5eGr+ge8YDibGWj4LzamfJI1bXT3 FREM5a6/zlPVkbjuHfZ0fUl/T/9VSOhDtc6mjKRQTBOqXsMXYk3RyUyXA0y2Z9KtGRaPHjM9 sEutKHkdZ46Fghj+K4cEau2Cru2VvJmWZtCIa0A7U8PdkLjBSlt+ZJ+9jrOKmRTODZQAf/fd 3mbgWnn9oU+oY3t/slZQpyFE1kj2MRmVwejUEUywbMRARToPY3UhkzhtEQ8opeYcl1SHwGxq FM8Ip06gG9n5LewU8WOCvhnguvoDNNFkPUgG39nVzSLE2IZzKwARAQABzR1EYW50YWxpMG4g PGluZm9AZGFudGFsaW9uLm5sPsLBfgQTAQIAKAUCWEkQiQIbAwUJCWYBgAYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQU4wQwpJuFRbosA//dd8DAU6B/Y9opPOzoCz1Y0lsQXBp+FK+ cb+dlDLNisvfsJWUgoEiaK33lOryy/eUo6DLVzIr46i9MkG9mH7Nv0Qb7GEwPpL0T5dx+cE6 GcgyV7hEauH0Dp4elfFAfeIgjL8o2dhyrtKjMKGIAeWptcpA1C42CIk4OclvMxW6UZLYXuTd JFYmXtCvKkn8UBxAuwI8wORKFVmIyWwFvRYOIdMbVuxkMHbd/aCEUdDkufsZfuVkHz5F6ECI bCLC2bmI+25E9HZcDMtylf9BLuen2WLlQpWyN4UkiJjyHqfRBNS2r39QvXul+YXFHSigH2me hTKEUZ+9ZYNkler83oUb0azGPKwP0ePSgObhHv2pPIZZSFz/GXohJYEhB2QZkJV4AIOnMtlL 4kCjwjEeulfWixtLx7k1DSmRwgvwP6v/N/yDS2O4Qv50UprOhS5OWe06+FeS5j6CMB/IhS79 ZcCiLU3IK84FRuE3hUzw3gNMG44wzZqQ1Zps8+EKu0a9XLHhmBR+LfY/dkcrpxMnqLBgIDqu 45o1uVYP9RjuZdtBxeOqD9Z4J5wjFK72Qfn2n620oeLGhBa/zh298fdHlAP6Pv78DmDEIWR2 1+qbE9k0FTO43GKg+7HFyHkMN/qiperjqJ1DXXOBoqAbMcHRAr3ArrVasZHzMTe6XkNmXqSB FurOwU0EWEkQiQEQAJTxfbluFXZO4pxCxetZASmZ6hVmRbwWUGmnXPcgcJl/Gb+PKhPotXU2 KgJDpvukYzMIyTc4Lb5Y9Zl50eCkqEdrdQbbCYpttOV1Nulm7gpdbzJalqZu7+WD8KFBRpSg 9lmNvZoQluiZ2VMlYd0NhLjiOgGVL1cCuhE5730HHLc0/7zeccGL2HmVqQ5BxA46M4nha+uZ pydfZeEXLaZjsxHwV1j6WnH+a/DsxcCgZn5p19w+AdrGbDxCT77dLTM6kWR8abFimkooett6 lV7sFUCoEas+6pX7UQSRTZZk7AroR5yYkRxaRz323kgcj49ePciCyM4rdVg4VopN8UzstB9s luIma8gKCWIdajvSGAwhdV/rRJE7bGXSKc6WhPNPR+gkRr3a2yYy/qiGJXHyTXqhecGcZqu/ 6hfphcUho01BlP9IQjnmmW+gV1wCEPiXRND7CEvV5XKq+16/jC2IkVSSN/PetF4oP5sc0GZ/ qWCiDwShFPoX3Fcpo6n/rYL7VZG5ZmIMitYKHNTrYhfRcthR7Yxz0gse460GwpsWPl3w1TRJ Z0Sp4FsNYlI0M2Lf7u68ULS6T1MwjIuG2EKoF4mQzcRXAmP1OfD9HHBLcqyWZOcEz9+XmANw Xa532Ofwrpy+9mWiOC9iZaG/z7TORyBRBFaMHhPuEAyb3hRLNGNlABEBAAHCwWUEGAECAA8F AlhJEIkCGwwFCQlmAYAACgkQU4wQwpJuFRbC4Q/+J0HaQ6bEUQL5LUf6DNEzkUDAZy2q+Yiy npRIghU2nGbvc/Huo/uOVO8So6kxbASjEICv/dZgSsAtFCl+rLpgq1zUruYigTxml30O9EjJ iopRbUWMZ/9gGLkZ0Lxx02KrMP0kk8xyasnJWMarMhqZGm7WDOqRsHja8B6+K9V20yokBPZ8 YCKMZ8jhBvn2ogVExSCbhaoezFIZRjKonok8Ra43NX3Ps0aQ5/G2rfpDEEfXE43lYe9RUnaT n/CKIYrvPCykkWZVHQRdxQ5mMHaIVrTwXFRpEuUyuy3CN8qtTOlfz1w1QR/AKzdyqHgA18Un +f1XCX0YJNJBPFhoIVfyMa2OEOL7EXN0/G0qy+Lj5KVCbDdc2frtnIF0aqd1cHvYkp+F34Ra enUFhAoDVrEdo8LanIaJVOqlexifE2JSBW4KSWCgKlT3aKQKazoXrkaHWo5kv7Rgx2WTJCwD C3Klo0pHwSXuAoDcEq9hOv2Q+4buzi4tKTzpEWL6TGtrjcYiB0xqfIZMKs2bSPxfo7GyxeAq Bc4Si7HRzsg4Rv4As6sdyb6E8jWskWe0gt7gtP0PQB9xZRkP2dIyA6AI7IeLSYfAgmEDLW/t MVl6UJcU6I2YOJ9H8sWLy6Rhd6Y+rOKKr59dP9UKxGh+Z5mY8cGR3uVoRTFrfU8yw/BCHkcO 4W8= Message-ID: <368582f2-a547-5585-e995-ca343ab1927c@HIDDEN> Date: Mon, 24 Feb 2020 19:05:31 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <20200224110908.GA30626@HIDDEN> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit PrimaryMX: Accepted email from trusted host. Hint: This skips spam scanning so make sure other host is not vulnerable SPFCheck: Server passes SPF test, -30 Spam score X-Relay-Host: 185.182.56.42 SpamTally: Final spam score: -30 X-AuthUser: X-Originating-IP: 185.182.56.82 X-SpamExperts-Domain: vserver22.axc.nl X-SpamExperts-Username: 185.182.56.82 Authentication-Results: spamexperts.axc.nl; auth=pass smtp.auth=185.182.56.82@HIDDEN X-SpamExperts-Outgoing-Class: unsure X-SpamExperts-Outgoing-Evidence: Combined (0.39) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0eYBE/I2+wvb5IJ3WTuccampSDasLI4SayDByyq9LIhVdnb6eh2Mad9a 6RimvoHbC0TNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDQGbTc3ZGTZa+rTPXxdGs0FKC ZuDzeM/QymeO8B9NFMmoGdZc/C9BM3Zwm6KQcdC/QVFPFt+4EqMnp4CTDhVg0lKlzDUUdXZXKiJE 9FAeBYpBbCpe79Kozx0nomzoHNuE3M5vj1mDOPKpdpCGjirSghKXEGJ0Tua96W0W3xbHbuwNjS91 xLLHjz8tOnVewUzjK7zD8+2VdbSTJCSyYgZzt99gQK3D3eDvx0S6Eeo7KsUpk7cjbWy91pm/jG4G U42zKLTFpngmCzMfOMV6XuhaofZKWD9oWdUil6qsNtvy2jQf7lN25FLvYrmmV4cTlBHfdCZm6kTr qH+fmxyzQoG+NtezYqxGMqsKjARq8PBC4qjD+4dJhUym39SjYnQVEUVBkxwuudjecZtFeqTLBVNZ aJ9TrjYo22Tif+7yfJXbGyN6EipRzMVZ5LqwTx7Vvn9SP+LiFhV9TEgXGI3XmDfDnNTJRxEGU2Da RttYwn1TGi12IXMmVAQPt11XkEwxOYwNZPcytf1kxCJwvehZcCCrC5G9nwrglhrrfuarY2+8I92c dXV7LSoYz5iFheogXHzf5L7jRXQ1s5g5AllOOECxDZq7xqDoiTjjGpNS1XGXbXIqJ+ZN4bITaKN5 n7YEltBiuJoevVTmoeXfaVS7ga0qElPrUoH2tvxl37FSEzkqC/3RCwXTJopjKJhdgGe0IyFDIbtf 63VNbf0lrvssY+k7ALKRmTa5VFvlmwmdHh2582BhskTn1DOWgs8ZFF04wLkfoF7v+ap0oBiqDUek XtdxPDnCpc370COEMoySnnDCdTC4brFV2mGtSlhA75FqrK3cBZ6++DfkTVlBWsR5QGklueMZzqho KSP8IceFEZcohuLhYJZfEc4CpfbHSlMZ/VUqT4cG8eHoZAvkGaGh2Q6N6A== X-Report-Abuse-To: spam@HIDDEN X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 185.182.56.112 X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 24 Feb 2020 13:14:59 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.7 (/) Hello, I was also really wondering about this as the current version of IceCat is a version of Firefox that was affected. On 24-02-2020 12:09, Arne Wichmann wrote: > Good day tou you! > > I see here some security problems referenced for Firefox, which are > probably applicable to Icecat, too: > > CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and > FallibleStoreElement > CVE-2019-17017 - Type Confusion in XPCVariant.cpp > > More less critical ones are referenced, too. > > Are there plans to adress these? > > cu > > AW >
bug-gnuzilla@HIDDEN:bug#39766; Package gnuzilla.
Full text available.Received: (at submit) by debbugs.gnu.org; 24 Feb 2020 15:27:42 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 24 10:27:42 2020 Received: from localhost ([127.0.0.1]:53940 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j6Fe2-0005Q4-49 for submit <at> debbugs.gnu.org; Mon, 24 Feb 2020 10:27:42 -0500 Received: from lists.gnu.org ([209.51.188.17]:48199) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <aw@HIDDEN>) id 1j6Bc5-0002IV-VL for submit <at> debbugs.gnu.org; Mon, 24 Feb 2020 06:09:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49812) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <aw@HIDDEN>) id 1j6Bc5-0006X3-0c for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 06:09:25 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_50,KHOP_HELO_FCRDNS, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <aw@HIDDEN>) id 1j6Bc3-0002OP-9l for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 06:09:24 -0500 Received: from penta.old-forest.org ([217.197.86.38]:47386 helo=old-forest.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <aw@HIDDEN>) id 1j6Bc3-0002Jy-2u for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 06:09:23 -0500 Received: from [192.168.3.5] (helo=chao) by old-forest.org with esmtp (Exim 4.92.2) (envelope-from <aw@HIDDEN>) id 1j6Bby-0005aK-Vb for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 11:09:19 +0000 Received: from [192.168.10.23] (helo=anhrefn.saar.de) by chao with esmtps (Exim 4.89) (envelope-from <aw@HIDDEN>) id 1j6BXE-00006M-Ie for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 12:04:24 +0100 Received: from aw by anhrefn.saar.de with local (Exim 4.92) (envelope-from <aw@HIDDEN>) id 1j6Bbp-00081b-1u for bug-gnuzilla@HIDDEN; Mon, 24 Feb 2020 12:09:09 +0100 Date: Mon, 24 Feb 2020 12:09:08 +0100 From: Arne Wichmann <aw@HIDDEN> To: bug-gnuzilla@HIDDEN Subject: Security-Problems, probably known Message-ID: <20200224110908.GA30626@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga" Content-Disposition: inline X-message-flag: Outluck ist kaputt :-) User-Agent: Mutt/1.10.1 (2018-07-13) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 217.197.86.38 X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 24 Feb 2020 10:27:41 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.7 (/) --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good day tou you! I see here some security problems referenced for Firefox, which are probably applicable to Icecat, too: CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17017 - Type Confusion in XPCVariant.cpp More less critical ones are referenced, too. Are there plans to adress these? cu AW --=20 [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (aw@HIDDEN) --opJtzjQTFsWo+cga Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEtFUkbndwdIn81UX3EIremXYA/4kFAl5TrtQACgkQEIremXYA /4mt9BAAnafOMCxCYfvcCPH6qd5XtbcR4kurhmjwEaoSkr4LUbnNyGK0OfxJaIL3 ENIzUKTjukEMz0rY+sLc7O36927LcQy7G6qVeZLPdAs57IKpBIJHC3TyYhJqB8gN gjCy7KR/dta9BaF7dUnNR7tg8JD9KqyWWT4ZVr2bZMS/cNQRsmp0fY87d4gFIwI8 GJDS+qevIkB/6L3EucR/5tTOZDGYW/r9q7AuosoVhiVu4qW1i8IYBlbjGwmmwyfG ct65sO8rBfP+jzF6t6SplHtnDEsRwJecaLskubs8rr0wff2HUMInBVrMwnyCRIHU R4SQ84fAomK7l3K8jCAyK5HftwW78maKrqeFmECLnAB+2rblCl44+Nn5w0I5pAXH OwioDyYjnGV1uQ/zaKIqig3xdNhcwUEZziaVwVrusxF2rGAR0KZVXHfGfYRzlR7w nPxjlg8YJTRxjLyydOguF1HXWTr/GWaIv3fyKmmpbkYrcikPcyEvy+y8D3A/B1vR BC9+d4aoVIz5DB7VOhlaQhdmEb8ohGhDfgO3NCVFCZtQonqgiF0npwcNuYoHqNBx 8tOLFR8LH8Ml7YBMiFvuEjI/aeh28Ce0iV/a+a+f3Gkcv+U0+30gHgxIUHEy41YD S6pcDdq1K/RVgGBSpoc+BvdQXpltqXtMPIp5EwccIF9XXOcLb4Y= =/ZiZ -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga--
Arne Wichmann <aw@HIDDEN>:bug-gnuzilla@HIDDEN.
Full text available.bug-gnuzilla@HIDDEN:bug#39766; Package gnuzilla.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.