Re: Thunderbird/Icedove security fixes since ESR 31.8.0

To: debian-security@lists.debian.org
Subject: Re: Thunderbird/Icedove security fixes since ESR 31.8.0
From: Weber <kweber33@gmx.de>
Date: Thu, 19 Nov 2015 16:29:32 +0100
Message-id: <[🔎] 564DEADC.80303@gmx.de>
In-reply-to: <[🔎] 564243C9.5080007@laposte.net>
References: <[🔎] 563A43D9.404@filorin.fr> <[🔎] 563F1B88.8020804@gmail.com> <[🔎] 564243C9.5080007@laposte.net>

Hi

i only can imagine,  that mozilla or developers are  under control
of "zero day" companies or other services .

if this is so, i hope to get soon a better browser
with less code and better security.

This bug desaster will never stop ! sec. holes are a feature not a
mistake" / bug.
I think in 70% of any software.(upgrade reasons etc...)

paris showed us again,  that backdoored software cannot save lifes!

But agents want the software to be buggy and full with backdoors !

This is nonsense !

2.

Another mistakes of mozilla since many years:

-They put more and more code in one tool,
better would be to split firefox in different "mods"

sec mod, dev mod, player mod, what else....
minimal mod,

-They change config parameters too fast in every new release.

- In some cases they dont explain functions the wiki.

- They use closed source in the upload binary

-They release new code too fast and with too less quality testing; the
community  could not do that good enough as we see in many cases.

-Firefox 1.0 was  a 1 or 2 MB big file  and it was good for surfing in
the web.
Not every Grandma needs a network analyser .
But Grandma doesnt want to get the bugs from this analyser or else
....PDF Viewer...

- I Never saw a slower PDF Viewer like the new from mozilla.
Yes,  i know before that there will come bugs soon.And they came

But Mozilla releases and releases and releases....Its frustrating !
What people work there?
Testers ? Hobby coder?

Its nonsense to integrate any and many viewers and special tools in the
browser.

Its better to check (all!) add-ons and let the users decide what they
need or not.

- "Amazing blog"   :

https://blog.mozilla.org/security/author/dveditzmozillacom/article

https://blog.mozilla.org/security/category/press/

Wow!

so much information!?????

2.1

For debian it would be better NOT to follow any
new code from mozilla   anymore.
And to fix ONE Release for a long time.
Or to start  up a totally new browser system  for linux.

how to do this is if google is sponsor from debian and mozilla ?

STOP now the nearing end of free software!

regards

>> On 11/04/2015 07:43 PM, filorin wrote:
>>> Hi there,
>>>
>>> Since the last release of Thunderbird/Icedove, version 31.8.0, the 17th
>>> of July 2015, many security advisories have been published by Mozilla.
>>> So, why there isn't an update then ?
>>> Considering that some of them are considered as critical, what are the
>>> reason not to update the package ? Do these advisories only concern
>>> security leaks due to the added functionnalities of TB 38.0 ?
>>>
>>> Regards,
>>
>

Reply to:

References:
- Thunderbird/Icedove security fixes since ESR 31.8.0
  - From: filorin <contact@filorin.fr>
- Re: Thunderbird/Icedove security fixes since ESR 31.8.0
  - From: "Pavlos K. Ponos" <pavlos.ponos@gmail.com>
- Re: Thunderbird/Icedove security fixes since ESR 31.8.0
  - From: Guillaume Bernard <contact.guib@laposte.net>

Prev by Date: Re: Bug#803204: libiksemel: utterly insecure GNUTLS settings
Next by Date: icedove: no ESR update?
Previous by thread: Re: Thunderbird/Icedove security fixes since ESR 31.8.0
Next by thread: RE: [SECURITY] [DSA 3386-2] unzip regression update
Index(es):
- Date
- Thread