GNU bug report logs - #39766
Security-Problems, probably known

Previous Next

Package: gnuzilla;

Reported by: Arne Wichmann <aw <at> old-forest.org>

Date: Mon, 24 Feb 2020 15:28:02 UTC

Severity: normal

Full log

Message #17 received at 39766 <at> debbugs.gnu.org (full text, mbox):

From: Antonio Trande <anto.trande <at> gmail.com>
To: "info <at> dantalion.nl" <info <at> dantalion.nl>, 39766 <at> debbugs.gnu.org
Cc: help-gnuzilla <at> gnu.org
Subject: Re: bug#39766: Security-Problems, probably known
Date: Tue, 10 Mar 2020 18:24:22 +0100

[Message part 1 (text/plain, inline)]
These issues have been fixed with Firefox ESR 68.4.1; current IceCat
release on 68 branch is the 68.6.0. So, what's the problem?

On 10/03/20 10:29, info <at> dantalion.nl wrote:
> Hello,
> 
> It seems no one has replied to this. I think IceCat should no longer be
> recommended to users until this issue is resolved especially since
> IceCat is advertised as a browser with "Privacy protection features".
> Suffice to say such protection features are no good if the browser
> itself is vulnerable to the types of vulnerabilities as eluded to before.
> 
> I understand that there aren't sufficient developers to maintain IceCat
> but that does not mean the GNU website should offer the browser without
> at least clearly addressing it's potential vulnerabilities on the
> appropriate webpages.
> 
> As of now, users might download, install and subsequently use IceCat
> with the understanding that they have downloaded a browser with enhanced
> privacy protection features while not being aware that it is potentially
> susceptible to recently discovered vulnerabilities.
> 
> This is precisely the sort of situation that free software, and free and
> open information should prevent.
> 
> I hope we can resolve this quickly.
> 
> Kind regards,
> Corne
> 
> On 2/24/20 7:05 PM, info <at> dantalion.nl wrote:
>> Hello,
>>
>> I was also really wondering about this as the current version of IceCat
>> is a version of Firefox that was affected.
>>
>> On 24-02-2020 12:09, Arne Wichmann wrote:
>>> Good day tou you!
>>>
>>> I see here some security problems referenced for Firefox, which are
>>> probably applicable to Icecat, too:
>>>
>>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and
>>>   FallibleStoreElement
>>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp
>>>
>>> More less critical ones are referenced, too.
>>>
>>> Are there plans to adress these?
>>>
>>> cu
>>>
>>> AW
>>>


-- 
---
Antonio Trande
Fedora Project
mailto 'sagitter at fedoraproject dot org'
GPG key: 0x7B30EE04E576AA84
GPG key server: https://keys.openpgp.org/


[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 5 years and 96 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.