On Thursday, October 13, 2016 at 3:10:42 PM UTC+2, TCW wrote: > On Wed, 12 Oct 2016 23:06:52 -0700 (PDT), seemonkey > > >There's at least one security vulnerability that is missing from this NSS > >version: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 > > > >There was a bugfix in NSS > >https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 to solve this issue but > >unfortunately it seems that this bugfix is not in 3.20.x according to the > >developer entries. I didn't check the code yet if the bugfix is really > >missing! > > > >So my question is why seamonkey uses still this outdated NSS version? It > >should use at least 3.21.1 (that is in latest firefox esr /45.4.0/ and also > >in latest thunderbird /45.4.0/) > > > >As a workaround i can copy the nss libraries from firefox esr to seamonkey > >until a security release of seamonkey let's say 2.40.1 arrives. I tried this > >end i can start seamonkey with newer NSS library because they're compatible. > > You can graft the NSS dlls, sure. I have done that in the past with > success. But, there is a build of 2.46 that's stable enough to use if > you want to test.
I tried with firefox's/thunderbirds 3.21.1 and it works. I trust this version of nss (at the moment) _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
