bug-gnuzilla
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Icecat 45.2 urgently needed

From: Mart Rootamm
Subject: Re: [Bug-gnuzilla] Icecat 45.2 urgently needed
Date: Fri, 10 Jun 2016 18:28:01 +0300
The problem with Firefox 44 and greater is, that Mozilla removed the cookie prompt from core Firefox, namely the "Ask me every time" option for "Keep [cookies] until:". This affects all browsers that use the Gecko rendering engine, including Seamonkey.

The relevant bugs are here:
* https://bugzilla.mozilla.org/show_bug.cgi?id=606655 — comments against removal start after Comment #44. Eventually, comments were restricted, and discussion moved to the firefox-dev mailing list here:

https://mail.mozilla.org/pipermail/firefox-dev/2016-February/thread.html#3890

Another thread in February 2016:
https://mail.mozilla.org/pipermail/firefox-dev/2016-February/thread.html#3952

Relevant threads for March 2016:
https://mail.mozilla.org/pipermail/firefox-dev/2016-March/thread.html#4004
https://mail.mozilla.org/pipermail/firefox-dev/2016-March/thread.html#4003

* https://bugzilla.mozilla.org/show_bug.cgi?id=1249151 — bug to reintroduce cookie prompts;
* https://bugzilla.mozilla.org/show_bug.cgi?id=1235199 — for SeaMonkey, but contains a patch that 'reverts the parts from [bug] 606655 for [Internet] suite.'

The cookie prompt has been a very important privacy feature in Firefox and derivatives, because it allows people to choose whether to accept cookies from a domain or not. People trained on this can also tell apart domains that are generally ok, and those that are not.

Upgrading to 45 and greater deletes all previously accrued cookie permissions, thus resulting in data loss and broken sites.

The only recourse has been to use Firefox 38.x ESR, because it has so far retained the cookie prompt functionality.

-Mart.


2016-06-10 16:24 GMT+03:00 Mark H Weaver <address@hidden>:
On June 7, Mozilla released a batch of security updates on their ESR 45
branch.  Upstream support for the ESR 38 has apparently been dropped.
Several of the fixed bugs are labelled "critical" by Mozilla, and some
are expected to allow arbitrary code execution by a remote attacker.

  https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.2

Therefore, GNU Icecat 38.x can no longer be used safely, and we are in
urgent need of Icecat 45.2.

      Mark

--
http://gnuzilla.gnu.org

reply via email to
[Prev in Thread] Current Thread [Next in Thread]