Gecko vs Goanna for Thunderbird Independence

Ben Bucksch ben.bucksch at
Thu Apr 13 22:11:11 UTC 2017

Jörg Knobloch wrote on 13.04.2017 23:26:
> On 13/04/2017 22:10, ace wrote:
>> Are there any devs left who could join us?
> I think they need all their manpower for Pale Moon.

They are speaking about security holes in their announcement, which is a 
responsible act for me. I did the same after I could not longer support 
Beonex Communicator, and it pained me, but it was necessary.

The fact that they mention security holes as reason for users to have to 
switch mail clients, tell me that they have the problem on the radar at 
least. This is good news. It means Pale Moon is at least trying to 
maintain the security.

But it's futile. Pale Moon will soon fold as well. They'll make it a 
little longer, but cannot continue indefinitely like that.

Coincidentally, I just did some research on that. In the last 8 years, 
there were no less than 250 known critical *1 security holes and 600 
memory corruption bugs that might be exploitable. One critical security 
is already a very serious risk.

The further you are from Gecko mozilla-central, the harder it gets to 
backport them.

*1 A "critical" security hole means, by definition, that the bad guy can 
take over your computer from the Internet by sitting in his arm chair in 
Russia, or using a botnet or worm, and he can then do everything that 
you can do on your computer, including getting at all the data on your 
harddrive, reading your keypresses, and doing the same things that you do.

More information about the tb-planning mailing list