firefox and seamonkey don't always use nswrapper

Sat Aug 2 23:09:07 UTC 2008

On 08/02/2008 05:09 AM, Joep L. Blom wrote:
> HI,
> I just started using ubuntu (after 6 years of Fedora) so I'm still not 
> familiar with the peculiarities of Ubuntu, so I have many questions. The 
> first I have applies to the upgrade policy. I have a problem with 
> nspluginwrapper.
> On the (nspluginwrapper)-site it says the version 1.0.0 is available but 
> Ubuntu only has 0.9.91.6. As my firefox (2.0.1) - and seamonkey (1.1.9) 
>   - both act with certain sites as if the wrapper isn't loaded and I 
> have read on the site of nspluginwrapper that the new version should 
> resolve certain problems I wonder what the reason for the ubuntu 
> packagers is not to upgrade.
> I don't want to compile it myself as I'm unfamiliar with the .deb 
> related package database and I don't know how a selfcompiled program is 
> - or can be - stored in that database.
> Sorry for the rather long question, hope somebody can help me out.
> Thanks in advance,
> Joep
> 

>From your other post I see that you are using 64bit; can you please try
the flashplugin-nonfree module? It uses nspluginwrapper to install flash
on your system. To install; from a terminal:

sudo apt-get install flashplugin-nonfree

Or use System|Administration|Synaptics Package Manager and search for
flash.

Regarding your SeaMonkey, you should upgrade to 1.1.11 as it resolves
several security issues that were in 1.1.9. The Ubuntu 1.1.9 Hardy
version has been *not* updated to include the 1.1.11 security patches:
https://launchpad.net/ubuntu/+source/seamonkey

Ubuntu's 1.1.9 only fixes up to MFSA 2008-19 and *does not* fix:
<http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.11>
Fixed in SeaMonkey 1.1.11
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
Fixed in SeaMonkey 1.1.10
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory
being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in
mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector

I highly recommend that if you run SM, you download and install it
directly from Mozilla:
http://www.seamonkey-project.org/