[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libreplanet-discuss] Fwd: Re: [Bug-gnuzilla] Unpatched security flaws i

From: David Hedlund
Subject: [libreplanet-discuss] Fwd: Re: [Bug-gnuzilla] Unpatched security flaws in IceCat
Date: Sun, 27 Sep 2015 07:25:49 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0

-------- Forwarded Message --------
Return-Path: <address@hidden>
Delivered-To: address@hidden
Received: from ( []) by (Postfix) with ESMTP id EE45B40D3C for <address@hidden>; Sat, 26 Sep 2015 15:20:26 +0200 (CEST)
Received: from ( []) by (Postfix) with ESMTP id EBB26178038 for <address@hidden>; Sat, 26 Sep 2015 15:20:26 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([IPv6:::ffff:]) by ( [::ffff:]) (amavisd-new, port 10024) with ESMTP id nEljMQ2oytF4 for <address@hidden>; Sat, 26 Sep 2015 15:20:25 +0200 (CEST)
Received: from ( [IPv6:2001:4830:134:3::11]) by (Postfix) with ESMTPS id 607E0178093 for <address@hidden>; Sat, 26 Sep 2015 15:20:22 +0200 (CEST)
Received: from localhost ([::1]:53804 by with esmtp (Exim 4.71) (envelope-from <address@hidden>) id 1ZfpOn-0007kN-9C for address@hidden; Sat, 26 Sep 2015 09:20:21 -0400
Received: from ([2001:4830:134:3::10]:44858) by with esmtp (Exim 4.71) (envelope-from <address@hidden>) id 1ZfpOj-0007kB-Ow for address@hidden; Sat, 26 Sep 2015 09:20:18 -0400
Received: from Debian-exim by with spam-scanned (Exim 4.71) (envelope-from <address@hidden>) id 1ZfpOe-0001Ni-T0 for address@hidden; Sat, 26 Sep 2015 09:20:17 -0400
Received: from ([]:44146) by with esmtp (Exim 4.71) (envelope-from <address@hidden>) id 1ZfpOe-0001NT-JK for address@hidden; Sat, 26 Sep 2015 09:20:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=dkim11; h=Mime-Version:Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID; bh=soVv7flbcbzcClF9iI3mXIJg4oiHEocjD1HuRcdUvNo=; b=jCeJx97pyXYRmwLvEERe4MJl7JzVfwItWsgXg4vyivO3UxUXwhuFNgikVd2/jTSe3E5YnhMImYCPX4unI8ojktRbid16A8tRshg4Kx2VDWzPbulcqVSBrZrWd8AzIcX19sMLzZAszvGxqL27T+AaT3WSjmVLSKhaBvlKSJ1R6No=;
Received: from [] (helo=arvanitis) by with esmtpsa (UNKNOWN:AES128-GCM-SHA256:128) (Exim 4.77) (envelope-from <address@hidden>) id 1ZfpOc-0006Ww-II for address@hidden; Sat, 26 Sep 2015 15:20:10 +0200
Message-ID: <address@hidden>
From: Dimitris Arvanitis <address@hidden>
To: address@hidden
Date: Sat, 26 Sep 2015 15:19:59 +0200
In-Reply-To: <address@hidden>
References: <address@hidden> <address@hidden> <address@hidden>
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Mail-From: address@hidden
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
X-detected-operating-system: by GNU/Linux 3.x
Subject: Re: [Bug-gnuzilla] Unpatched security flaws in IceCat
X-BeenThere: address@hidden
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "GNUzilla discussion and bug reports." <>
List-Unsubscribe: <>, <mailto:address@hidden>
List-Archive: <>
List-Post: <mailto:address@hidden>
List-Help: <mailto:address@hidden>
List-Subscribe: <>, <mailto:address@hidden>
Content-Type: multipart/mixed; boundary="===============0288240843757593734=="
Errors-To: address@hidden
Sender: address@hidden


First of all, let me state this e-mail is not intended to apportion
blame on anyone.

With Firefox ESR version 38.3 being released some days ago and IceCat
still basing on version 31.8 with only some patches backported, I think
there is urgent need for a statement clarifying the intention of IceCat.
On the website it is said that IceCat's main advantage is an ethical
one, in such that it is free. Written below this, some privacy enhancing
features are listed.

This is misleading and dangerous. One could think that using IceCat will
enhance your privacy. Having a version with well documented security
bugs for months now definitely is clearly proving the opposite. So as
first step it is necessary to make a clarifying statement on the website
that using IceCat exposes you to significant risk and it should not be
used on productive systems. Then it should be decided how IceCat can go
on in future, which is its purpose and how it can be achieved. But for
the time, in my opinion, the stated goal of IceCat is not in line with

Best regards,

Attachment: signature.asc
Description: PGP signature

Attachment: Attached Message Part
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]