SeaMonkey’s Development Team announced today that Version 1.1.10 is available for download. What’s new in this version? Take a look at all bugs fixed:
- MFSA 2008-33 Crash and remote code execution in block reflow
- MFSA 2008-32 Remote site run as local file via Windows URL shortcut
- MFSA 2008-31 Peer-trusted certs can use alt names to spoof
- MFSA 2008-30 File location URL in directory listings not escaped properly
- MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
- MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
- MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
- MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
- MFSA 2008-24 Chrome script loading from fastload file
- MFSA 2008-23 Signed JAR tampering
- MFSA 2008-22 XSS through JavaScript same-origin violation
- MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
- MFSA 2008-20 Crash in JavaScript garbage collector
It’s been a while since I last heard from SeaMonkey. I thought it had gone the way of the Dodo. Anyway, if this application suite is your cup of tea, you can go ahead and download this latest release by clicking here.
With these fixes, SeaMonkey stays at the same level of security as its sibling Mozilla Firefox 2, which is issuing updates for the same problems this week as well.
The SeaMonkey team urges users of older SeaMonkey versions, including the SeaMonkey 1.0.x series, which no longer receives security updates, to upgrade. Additionally, the team continues to strongly urge people still using the old Mozilla Suite or Netscape 4, 6 or 7 to upgrade to the new SeaMonkey 1.1.10 version. All of these older software packages suffer from a large and steadily increasing number of security vulnerabilities because they are no longer being maintained.
SeaMonkey 1.1.10 is a modern, drop-in replacement, providing the same familiar suite functionality with additional features and fully up to date security. Sayonara!
