From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-173762-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 25FC6138E3E
	for <garchives@archives.gentoo.org>; Sun, 16 Oct 2016 09:06:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6BC6CE0B7D;
	Sun, 16 Oct 2016 09:06:45 +0000 (UTC)
Received: from mail-io0-f178.google.com (mail-io0-f178.google.com [209.85.223.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2D85FE0B6D
	for <gentoo-user@lists.gentoo.org>; Sun, 16 Oct 2016 09:06:44 +0000 (UTC)
Received: by mail-io0-f178.google.com with SMTP id r30so161313269ioi.1
        for <gentoo-user@lists.gentoo.org>; Sun, 16 Oct 2016 02:06:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=shumkar-ru.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=y6BkeQ9qqyDl93f2cHalfnQApFeMQ7OPymJJAGjsuKg=;
        b=H4COJBvXibZEflfvTnsbuC6jWDIyRUqohySMNqJ9B020dzDSLrVnu0graN7uOkHtfn
         Kv4100+LXUYV1NORz0rEFlOqwGSnfdwATfnXkT5CtAclbQmBiwd+OIn7bRIUHBOudPxJ
         x04m4942Vg+oDyE9mrSoozEtfAjtZSzAddCw1gt238AREqkzQ1VH/X095p++E7enYJUo
         q7Xk0UmsCfKxudUrNJThSd969atYbIm6kJzkf+rjVnzbjcIwpO2dKyn4EPoVE5y4rwzO
         36et7NJCvl64lay5rnuENL/bgIcQrxKFHmqYCW25ig1r70eMIAOWXN9ie336AqnL/Sly
         WMsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=y6BkeQ9qqyDl93f2cHalfnQApFeMQ7OPymJJAGjsuKg=;
        b=iZY/mSbQYPCd2p3c4aTzeW+dbUUZLm20WNDYNZVtAvOGh1WSPEVFRVA139jcVY3lGO
         6zmM7Ychm7Unyr1h/6Nmsr1KtCBrD8lwSse3M9EPX99w+4lmG5kmQQXL8gdU9bwDvBdA
         tnEFhqVHbr/g80Xv6bsfvf1NmHlGCqzrF8lXwMaX34njwIpUj/Xl8kgq0KQdrh3Bu0Ou
         uNnoAQoh4MvulGCxnErtonXLc2KcCZjYgamoVvTUGcbOJsGBV5ASczFIAchl2f9oemWD
         v15rHHkpW4O/q9MApF6NESX1jTJztpkVzMQF5CQf6NyIKou0STrMuZRlHQMorP4YNEje
         DSng==
X-Gm-Message-State: AA6/9RmSXmSHxvvB0KGsMsoT/BaYkUDvSf5oXr7lU0xhpMkngg6nW84kvJlZu/piEQWyPiPR8dB+0XXjZZSmuA==
X-Received: by 10.107.53.14 with SMTP id c14mr20910677ioa.144.1476608803891;
 Sun, 16 Oct 2016 02:06:43 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.36.223.68 with HTTP; Sun, 16 Oct 2016 02:06:43 -0700 (PDT)
X-Originating-IP: [176.58.97.122]
In-Reply-To: <20161015234131.GF12322@g0n.xdwgrp>
References: <20161014175927.8360.2C6B93AA@matica.foolinux.mooo.com>
 <CAGWFrgth0xs6PtRY3FzRX-S40GZSHTKi-EUiKb_ieAYqHR=6dg@mail.gmail.com> <20161015234131.GF12322@g0n.xdwgrp>
From: Alexey Mishustin <shumkar@shumkar.ru>
Date: Sun, 16 Oct 2016 12:06:43 +0300
Message-ID: <CAGWFrgvXd8qosr-1uPNQ8r9V5aDbKgcDFCX7LQyU63f78wmw1w@mail.gmail.com>
Subject: Re: [gentoo-user] Old Firefox ebuild?
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 19e6b8fb-b49f-4bbb-97c5-786e4c650e35
X-Archives-Hash: 9a63e8a51551df7960617b784fe04834

2016-10-16 2:41 GMT+03:00 Miroslav Rovis <miro.rovis@croatiafidelis.hr>:
> On 161014-21:39+0300, Alexey Mishustin wrote:
>> Hello.
>>
>> 2016-10-14 21:02 GMT+03:00 Ian Zimmerman <itz@primate.net>:
>> > Does anyone have a copy of the firefox 38.x ebuild around?
>>
>> Attached.
>>
>> > The latest update wiped it out, and now if I take the plunge to the
>> > current versions (i.e. at least 45.x) and I find then insufferable,
>>
>> Agree!
>>
> I may agree too, if some facts fall into place. Read on.
>
> I was wondering how safe is running Firefox 38.x at this day and age?
>
> If you look up:
> http://arstechnica.com/security/2016/09/mozilla-checks-if-firefox-is-affected-by-same-malware-vulnerability-as-tor/
> ( continued and improved from:
> https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.ctpp9u5fl )
> and especially the Jacob Appelbaum's:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
> So if you recall (some of the readers must have read those) the issues
> there, and how badly Firefox was exposed and pretty often, then my query
> is how do you assess how secure Firefox 38.x that you install might be?
>
> Regards!

Yeah, it's an usual dilemma: old version is vulnerable, new version sucks.

>From my point of view, if there's a MITM, then Firefox is not the only problem.

Besides ruining the cookies management (should one install an addon
now? like Cookies Manager+?), new versions of Firefox succeeded to
hang all the OS, when I was working with Google maps (never been with
older versions).

-- 
Regards,
Alex