GNU bug report logs -
#39766
Security-Problems, probably known
Previous Next
Full log
Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello,
It seems no one has replied to this. I think IceCat should no longer be
recommended to users until this issue is resolved especially since
IceCat is advertised as a browser with "Privacy protection features".
Suffice to say such protection features are no good if the browser
itself is vulnerable to the types of vulnerabilities as eluded to before.
I understand that there aren't sufficient developers to maintain IceCat
but that does not mean the GNU website should offer the browser without
at least clearly addressing it's potential vulnerabilities on the
appropriate webpages.
As of now, users might download, install and subsequently use IceCat
with the understanding that they have downloaded a browser with enhanced
privacy protection features while not being aware that it is potentially
susceptible to recently discovered vulnerabilities.
This is precisely the sort of situation that free software, and free and
open information should prevent.
I hope we can resolve this quickly.
Kind regards,
Corne
On 2/24/20 7:05 PM, info <at> dantalion.nl wrote:
> Hello,
>
> I was also really wondering about this as the current version of IceCat
> is a version of Firefox that was affected.
>
> On 24-02-2020 12:09, Arne Wichmann wrote:
>> Good day tou you!
>>
>> I see here some security problems referenced for Firefox, which are
>> probably applicable to Icecat, too:
>>
>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and
>> FallibleStoreElement
>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp
>>
>> More less critical ones are referenced, too.
>>
>> Are there plans to adress these?
>>
>> cu
>>
>> AW
>>
>
>
>
This bug report was last modified 5 years and 96 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.