MozillaZine

SM Security Concerns

Discussion of general topics about Seamonkey
Peter Creasey

User avatar
 
Posts: 509
Joined: October 26th, 2007, 2:32 pm
Location: Texas

Post Posted December 13th, 2018, 1:18 pm

I'm a longtime big fan and user of SeaMonkey.

Here is what someone wrote to me...

Pete, we've been over this before... SeaMonkey is a security risk. It gets security updates after vulnerabilities have been fixed in Firefox, and it doesn't make all the fixes to known issues that affect SeaMonkey and Firefox.


How would you respond to this?

Thanks.
. . . . . . . . . . Pete

therube

User avatar
 
Posts: 19428
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted December 13th, 2018, 6:00 pm

There is no such thing as security.
Security is relative.

Of late, for a long while now, including currently, SeaMonkey has been, is, late in getting security fixes.

Times past, there was actual community within Mozilla, with everyone connected to Mozilla.
Times past, there were actually more then (the current few) people working on SeaMonkey.
Times past, SeaMonkey releases including security fixes would be on par with FF.

That ship has sailed.

Mozilla answers to no one except for the almighty $$.

Mozilla has gutted everything - except that which it cares about (& that is hard to understand just what that is, because all they care about is $$).
SeaMonkey & any other project, including technologies, out their that is not... "Quantum" is up the creek. (At least some ships are still sailing.)

And then there is that little old thing called, Chrome.
Which now owns the browser & essentially the Internet.

(Now why does Mozilla exist?)

Anyhow, LONG LIVE SEAMONKEY :-).
I'll use it, until I can't.

WG9s has builds, 2.49.5, that may be slightly more current, security wise, or 2.53, that are more current (though probably not yet current enough).
(He also now has 32-bit Windows builds, which he hadn't before.)
https://www.wg9s.com/

Both his 2.49's & 2.53's should be good (stable) to use.
(Always backup first, in any case.)


Security is relative.
Common sense goes a long way.
Preventive measures go a long way (think NoScript, & uBlock Origin).
I would be more concerned about the site that I have given my information to giving that away (through outright stupidity [what are the chances] or getting hacked [what are the chances]) then my browser being exploited.

Security is relative.
Take a look at addons.mozilla.org.
IMO, that place is a landmine.
Read & weep, Blocked.
It's like with wild west - anything goes. Literally.

What good is a "secure" browser, when its (web)extension system is totally inept.

it doesn't make all the fixes to known issues that affect SeaMonkey

How does this person know what issues affect SeaMonkey?
As issues become aware, I'd think they'd be assessed & if they do affect SeaMonkey, they'd be backported (from FF).
That is (at least) the intention. (There are only so many, & they can only do so much...)
Though I've faith, it will be done, sufficiently, to keep us sufficiently safe.

:-)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Peter Creasey

User avatar
 
Posts: 509
Joined: October 26th, 2007, 2:32 pm
Location: Texas

Post Posted December 13th, 2018, 7:18 pm

t, thanks for the substantive response...albeit not exactly what I was expecting.

I'll keep watching this thread in case you or others have something to add.
. . . . . . . . . . Pete

frg
 
Posts: 704
Joined: December 15th, 2015, 1:20 pm

Post Posted December 14th, 2018, 6:39 am

> I'll keep watching this thread in case you or others have something to add.

Not much. 2.49.5 is at 60.2 level and almost current. 2.53 at 60.1 and in some cases even beyond current 60.4. It is not that Mozilla fixes all security issues in the used libraries if no one notices...

For defining current security. No browser is absolutely secure. If I were a bad guy I would check nightly patches and ignore the published ones. And if you are targeted by a really bad guy or organization no current browser will help.

That said. I personally don't care much as long as I use a script and ad blocker. There is still a risk of a site has been hacked but usually then not even a secure browser will help if it is a sophisticated hack. Also avoid Flash and binary plugins and check emails with attachments double. The biggest security risk usually sits between chair and keyboard. PEBKAC :)

Also said I dislike the current status and fixes should be ported as fast as possible but as long as there are not enough devs it is the way it is. But keep in mind that things like WASM, services workers and even webrender will open a new big can of worms and I am glad that SeaMonkey doesn't support this yet.

As always have a recent good backup and be suspicious of anything not looking normal.

FRG

Redbugdave
 
Posts: 75
Joined: January 31st, 2012, 8:29 am

Post Posted December 16th, 2018, 4:02 am

Never the less...Long Live Seamonkey. I have always been a Netscape subscriber.

Return to SeaMonkey General


Who is online

Users browsing this forum: No registered users and 2 guests