What happened to hiring an architect?

Axel Grude axel.grude at gmail.com
Fri Dec 16 16:32:31 UTC 2016


> *Subject:*Re: What happened to hiring an architect?
> *From:*Disaster Master <disasterlistmanager at gmail.com>
> *To:*Tb-planning
> *Sent: *Friday, 16/12/2016 15:24:27 15:24 GMT ST +0000 [Week 50]
> On 12/15/2016 7:02 PM, R Kent James <kent at caspia.com> wrote:
>> Postbox's new release is on Gecko 7.0.1, which is now over 5 years old. I have not heard any great outcry about their security issues, and someone on this list (...cough..  BK...cough..ensa) keeps telling us what a great product that is, and how popular it is in Mozilla. So clearly forking Gecko is a CHOICE, and if people at Mozilla are using it then some people at Mozilla must not care that it is based on old Gecko, either.
>
> This supports my feeling that the security risks are actually much smaller for TB 
> than they would be for, for example, Pale Moon.

Postbox has no browser tabs. If Thunderbird was still based on that old Gecko version 
that would be a viable attack vector; just open a tab and do evil stuff from there. 
Especially easy as there isn't even a URL bar, so you cannot check certificates / 
identity.

Axel


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20161216/eb8b9d9e/attachment.html>


More information about the tb-planning mailing list