This repository has been archived by the owner on May 8, 2019. It is now read-only.
Internal browser on Linux (XULRunner) has many known security issues #7
Comments
|
Suggested resolutions:
¹ I don't know any such RSS reader. Other affected applications which cannot be suggested:
These applications are not as powerful as RSSOwl, but they are at least safe to use:
² Note that WebKitGtk+ 2 has no support for custom proxy configuration yet. This is because the symbol webkit_web_context_set_proxy_uri is not available through API yet. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
On Linux (and maybe on Mac OS X) RSSOwl is using XULRunner 1.9.2.
There are many (probably several hundreds) of known security bugs in XULRunner, which includes most security bugs of firefox since XULRunner 1.9.2 has seen its last release. To get a vague image of the number of bugs, have a look at the CVE database and compare it to the release date of XULRunner 1.9.2 3.6.26, January 31st, 2012. Running XULRunner is not supported by Mozilla any more (Source 1, Source 2). This issue can only be fixed by updating to latest versions of SWT (4.6+) and thus Eclipse platform 4.6+ immediately, because only those are using WebKitGtk+ version 2 with which still gets security bug fixes.
Updating to just using WebKitGtk+ 1.x with SWT 4.x won't fix this issue, since WebKitGtk+ is also old and contains hundreds of known security bugs too and will never be fixed completely because of maintenance burden. WebKitGtk+ 2 support on SWT / Eclipse platform 4.6 works, but it is far from being perfect. Release 4.7 of SWT / Eclipse platform should fix the remaining issues
This issue does not affect Windows builds (I think so at least) since they use the Internet Explorer web rendering engine by default. There might be a similiar issue on Windows too.
The text was updated successfully, but these errors were encountered: