Security Update: firefox, thunderbird
Few days ago, a new security vulnerability was posted in Tor's mailing list and it contains a PoC which affects Firefox and Thunderbird and it's currently being used to exploit TorBrowser users. Mozilla quickly being notified and they released an update to their products followed by others. After analyzing it, turns out it's a SVG Animation remote code execution. It targets for Windows users, but the underlying bug is also available on other platforms as well.
Slackware include the latest Firefox and Thunderbird products in their latest update. Stable release still receive an ESR version, which is still at 45.x branch. TorBrowser is also using ESR as their baseline. They also release a new version: 6.0.7.
Another update was a request by me to include a patch to fix a problem i found while testing MATE 1.17. During creating the tarball by using make distcheck, it failed to build properly. One of MATE's developer (monsta) pointed to a bug report in LP and there was a patch to fix this issue, but somehow upstream no longer update the repository and the development seems to be stalled. Last commit was in January 2016. I send a request to Patrick and he agreed to include it on stable and current.
Slackware include the latest Firefox and Thunderbird products in their latest update. Stable release still receive an ESR version, which is still at 45.x branch. TorBrowser is also using ESR as their baseline. They also release a new version: 6.0.7.
Another update was a request by me to include a patch to fix a problem i found while testing MATE 1.17. During creating the tarball by using make distcheck, it failed to build properly. One of MATE's developer (monsta) pointed to a bug report in LP and there was a patch to fix this issue, but somehow upstream no longer update the repository and the development seems to be stalled. Last commit was in January 2016. I send a request to Patrick and he agreed to include it on stable and current.
Security Update: firefox, thunderbird
Reviewed by 0x000216
on
Thursday, December 01, 2016
Rating: 5