Why we need Gecko updates

Magnus Melin mkmelin+mozilla at iki.fi
Wed Dec 9 19:38:13 UTC 2015


On 09.12.2015 13:02, Gervase Markham wrote:
> Re: Postbox:
> If they still use Gecko 9.0, I presume they have lots of security
> holes.
>
> If this is true, why not spend a bit of time proving your point by
> finding one? The MFSA list would be a good place to start.

Well one doesn't have to look pretty far on 
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
There have been quite many fixes for various buffer overflows etc, and 
most things related to images should easily affect us very much. That a 
vulnerability might require certain expertise to understand how to 
exploit is beside the point.

  -Magnus



More information about the tb-planning mailing list