[Gnome22-user] Known Vulnerabilities in Mozilla 1.4?

James Strandboge jamie@tpptraining.com
Mon, 27 Sep 2004 14:30:43 -0400


On Mon, 2004-09-27 at 13:05, Michael G. Morey wrote:
> All,
> 
> In response to recently discovered vulnerabilities in Mozilla (as
> documented at mozilla.org), our company President has taken it upon
> himself to repackage the latest binary tarball of Mozilla 1.7.3 as a
> Debian package, and has asked all employees at our firm to immediately
> begin using the repackaged Mozilla 1.7.3.
> 
> For several reasons, I'd like to continue using the backport of Mozilla
> 1.4 found at backports.org, but want to be certain that all known
> security vulnerabilities are addressed.
> 
> Can anyone speak to these issues?

My understanding of mozilla is that 1.4 is still supported.  I looked up
all the bugs issued on
http://www.mozilla.org/projects/security/known-vulnerabilities.html

after mozilla.org issued the 1.7.3 update, and none of those reports
said that 1.4.3 (as packaged with the gnome2.2 backport) was affected,
and no patches for 1.4 were available as a result.

I will send an email to security@mozilla.org to get clarification on
this issue.

Thank you,

Jamie Strandboge

-- 
Targeted Performance Partners, LLC
Web: http://www.tpptraining.com
E-mail: jamie@tpptraining.com
Tel: (585) 271-8370
Fax: (585) 271-8373