module list hidden. There really is no point in keeping them global.
Ideally, this would be using the normal linker set logic, but that's a
more involved change.
Changelog:
Based on xulrunner 41.0
Security fixes:
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
It might still be possible that pkgsrc needs adjustments for gmp loading
if/when we adopt some gmp packages, but until then they serve no purpose
and in fact appear to be harmful. Fixes Firefox startup error message:
addons.manager ERROR Exception calling provider GMPProvider.startup
* Remove unused PLIST.enigmail.
Changelog:
System Requirements, Installation and Uninstallation
Before installing, make sure your computer meets the system
requirements. SeaMonkey 2.35 will no longer offer to migrate your
data from SeaMonkey 1.x or Mozilla 1.x at the first start after
installation (bug 689437). In order to upgrade from such an old
version, install the last SeaMonkey 2.0 release first, do the
one-time profile upgrade, uninstall SeaMonkey 2.0 and then install
your target release (e.g. this one).
You can find more details about installation, profile data and
uninstallation in our install and uninstall document.
Extensions (Add-ons) and Themes
Extensions installed under SeaMonkey 1.x are not migrated to
SeaMonkey 2, and may not be compatible for reinstalling in this
version due to major changes in our architecture. Please report
any issues to the maintainer of the extension. Extensions and Themes
for SeaMonkey 2.35 can be installed from the SeaMonkey Add-Ons
website or the "Get Add-Ons" section in the Add-ons Manager.
Extensions with binary components such as Lightning, Enigmail and
HTML Validator only work on certain platforms (e.g. Windows).
Furthermore they need to be adjusted for each new SeaMonkey release,
which also means that an old version of such an add-on can break
SeaMonkey if you disabled compatibility checking (which e.g. happens
when you install the Add-on Compatibility Reporter add-on).
For Lightning, please check the Stable Releases section on the
Calendar Versions page. Alternatively check the Lightning add-on
page (Development Channel at the bottom of the page).
For Enigmail, please refer to the Enigmail Nightly Builds page.
For HTML Validator you need to check whether the Firefox version
that appears on SeaMonkey's about: page is listed on the 0.9x
download page. Note that only Windows is supported at this
time.
SeaMonkey 2.29 dropped support for the legacy JavaScript Debugger
interface (JSD1). Hence add-ons that relied on it, like the JavaScript
Debugger (Venkman) that came bundled with SeaMonkey, or Firebug
1.x, have stopped working. While Venkman has been discontinued,
Firebug can simply be upgraded to a more recent version (2.x) which
supports the new JSD2 interface. If you are searching for a Venkman
replacement (especially for debugging SeaMonkey itself or add-ons),
have a look at the Tiny JavaScript Debugger add-on.
Known Issues
This list covers some of the known problems with SeaMonkey 2.35.
Please read this before reporting any new bugs.
The SSL 3.0 encryption protocol is disabled by default due to
security concerns (bug 1076983). Legacy websites may still rely
on it and will not work with the newer TLS 1.x protocols. SSL
3.0 support can be re-enabled in Preferences under Privacy &
Security, SSL.
Lightning does not work with SeaMonkey when icaljs is enabled,
which it is by default (bug 1081534). As a workaround, disable
icaljs by setting the calendar.icaljs pref to false in
about:config.
The Remember Passwords add-on breaks password handling. Please
disable or uninstall this add-on using the Add-ons Manager.
You cannot set up a new Sync account or pair a device anymore
(bug 998807). Workaround: Use an older version of SeaMonkey
for such tasks for now.
Data loss warning: If you use a profile with this or any later
version and then try to go back to SeaMonkey 2.0, SeaMonkey
will rename your history file to places.sqlite.corrupt and
create a new places.sqlite file, effectively resetting your
browsing history. This is because the internal format changed
and the upgrade process only works in one direction. Additionally,
running MailNews with local folders and POP3 mail filters may
produce summary files that are not correctly read by previous
versions of SeaMonkey. If you decide to go back to a previous
version of SeaMonkey, you should delete the .msf files for your
local folders and POP3 accounts or repair the folders using
the folder properties dialog in order to avoid potential data
loss.
After creating a news account through clicking a news URL, the
MailNews account wizard may be broken (the account type will
always be News). To work around the problem, set the
mail.server.serverX.valid pref (where X is the internal number
of the corresponding news account) to true in about:config, or
delete the invalid news account (bug 521861).
Web pages may appear differently in the MailNews feed reader
than in the browser (bug 662907). Workaround: Add a "noscript
{display:none}" rule to your userContent.css (note that the
Stylish add-on cannot be used here since it does not integrate
with the MailNews feed reader).
Select Element by Click doesn't flash the element in DOM
Inspector on Windows if hardware acceleration is enabled (bug
594299).
The option "When opening a bookmark group" / "Replace existing
tabs" under Preferences / Tabbed Browsing does not have an
effect anymore (bug 664101).
Lightning keyboard shortcuts for accessing the calendar tab
from within the MailNews window or from the main menu
(Ctrl+Shift+C/D) do not work. (bug 514512).
If you try to start SeaMonkey using a locked profile, it will
crash (see bug 573369).
Some synaptic touch pads are unable to vertical scroll (see
bug 622410).
Under certain conditions, scrolling and text input may be jerky
(see bug 711900).
Mac OS X and Windows: Citrix Receiver no longer works. As a
workaround, mark the plugin as Always Enable in the Add-ons
Manager (see bug 1025627).
Windows:
Norton/Symantec anti-virus scanners may report that some
parts of SeaMonkey (e.g. the file freebl3.dll) are suspicious.
If you downloaded SeaMonkey from one of the official download
sites, this is a false alarm. You might experience problems
with secure websites when this happens. To fix the issue,
instruct your anti-virus software to ignore these files
(and move them out of quarantine) and/or switch to another
anti-virus software and reinstall SeaMonkey.
Linux:
The cursor may change to "drag & drop" mode in the mail
window, causing a hang (bug 736811).
Mac:
When hardware acceleration is off, background colors in
the UI (toolbar, status bar etc.) might not update correctly
when you switch focus from/to a window. Users running Macs
with certain older hardware (e.g. Intel GMA 950) will
experience this even if they haven't turned off hardware
acceleration in Preferences (Appearance/Content) (bug
626096).
Troubleshooting
Some questions are asked more frequently than others. Have a
look at the SeaMonkey FAQ. Maybe your particular problem has
already been solved.
Some anti-virus software keeps detectine installer so that its
contents can run and install SeaMonkey. That technology is
widely used and probably can be used to compress bad as well
as good software, but the 7-Zip code itself is perfectly safe.
Mozilla scans all our files routinely when putticanned by the
same mechanisms.
Poorly designed or incompatible extensions can cause problems
with SeaMonkey, including make it crash, slow down page display,
etc. If you encounter strange problems relating to parts of
SeaMonkey no longer working, the etc, you may be suffering
from Extension or Theme trouble. Restart SeaMonkey in Safe
Mode. On Windows, start using the "Safe Mode" shortcut created
in your Start menu or by running seamonkey.exe -safe-mode. On
Linux, start with ./seamonkey -safe-mode and on Mac OS X, run:
cd /Applications/SeaMonkey.app/Contents/MacOS/
./seamonkey-bin -safe-mode
When started in Safe Mode all extensions are disabled and the
Default theme is used. Disable the Extension/Theme that is
causing trouble and then start normally.
If you uninstall an extension that is installed with your user
profile (i.e. you installed it from a Web page) and then wish
to install it for all user profiles using the -install-global-extension
command line flag, you must restart SeaMonkey once to cleanse
the profile extensions datasource of traces of that extension
before installing with the switch. If you do not do this you
may end up with a jammed entry in the Extensions list and will
be unable to install the extension globally.
If you encounter strange problems relating to bookmarks,
downloads, window placement, toolbars, history, or other
settings, it is recommended that you try creating a new profile
and attempting to reproduce the problem before filing bugs.
Create a new profile by running SeaMonkey with the -P command
line argument, choose the "Manage Profiles" button and then
choose "Create Profile...". Migrate your settings files
(Bookmarks, Saved Passwords, etc) over one by one, checking
each time to see if the problems resurface. If you do find a
particular profile data file is causing a problem, file a bug
and attach the file.
* gnome option is broken. Disable it.
Changelog:
What's New in SeaMonkey 2.33
SeaMonkey 2.33 contains the following major changes relative to SeaMonkey 2.32.1:
SeaMonkey-specific changes
Security notification bars now feature tracking controls.
The tracking/privacy preferences pane has been updated.
Mozilla platform changes
The Flash protected-mode sandbox has been disabled on Windows in order to evaluate the stability impact of protected mode.
Insecure RC4 ciphers are no longer accepted whenever possible.
Certificates with 1024-bit RSA keys have been phased out.
A subset of the Media Source Extensions (MSE) API has been implemented in order to allow native HTML5 playback on YouTube. Full support is on the way.
The performance of the new ES6 generator functions has been improved.
Also see Firefox 36 for Developers.
Fixed several stability issues.
Bugs fixed in this release
SeaMonkey bugs
Thunderbird bugs (including both shared MailNews- and Thunderbird-only bugs)
Relevant security fixes are listed on Security Advisories for SeaMonkey.
* Security advisories are not available yet.
Changelog:
What's New in SeaMonkey 2.32.1
Mostly regression fixes, including:
MailNews feeds not updating
Selected profile in Profile Manager not remembered
Opening a bookmark folder in tabs on Linux
Troubleshooting Information (about:support) with the Modern theme
What's New in SeaMonkey 2.32
SeaMonkey 2.32 contains the following major changes relative to SeaMonkey 2.31:
SeaMonkey-specific changes
The Spell Check dialog is now resizable.
Generational Garbage Collection has been enabled.
Mozilla platform changes
Improved handling of dynamic styling changes to increase responsiveness.
Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections).
Reduced resource usage for scaled images.
Also see Firefox 35 for Developers.
Fixed several stability issue
Fixed in SeaMonkey 2.32
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Changelog:
# What's New in SeaMonkey 2.31
SeaMonkey 2.31 contains the following major changes relative to SeaMonkey 2.30:
## SeaMonkey-specific changes
Text zoom is now available in Composer.
GStreamer and PulseAudio support has been re-enabled on Linux.
## Mozilla platform changes
Support for H264 (MP4) is now built in on Mac OS X Snow Leopard (10.6) and newer through native APIs.
HTTP/2 (draft14) and ALPN have been implemented.
Added ability to recover from a locked process in the "SeaMonkey is already running" dialog on Windows.
Added ECDH support for WebCrypto.
The console.table function has been added to the Error Console.
CSS transitions start correctly now when started at the same time as changes to display, position, overflow, and similar properties.
Also see Firefox 34 for Developers.
Fixed several stability issues.
# Security fixes
Fixed in SeaMonkey 2.31
2014-91 Privileged access to security wrapped protected objects
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Changelog:
SeaMonkey-specific changes
The delimiter for forwarded messages can now be configured.
An option to not strip signatures on reply has been added to prevent top signatures from deleting the body.
Add to Searchbar (search-engine autodiscovery) was implemented.
The location bar tooltip now shows the complete current URL in case it is displayed only partially.
See the changes page for a more complete overview.
Mozilla platform changes
The Gamepad API has been finalized and enabled (learn more).
navigator.plugins is no longer enumerable, for user privacy.
ECMAScript Internationalization API has been enabled.
'box-sizing' (dropping the -moz- prefix) has been implemented.
SharedWorker is now enabled by default.
CSS3 variables have been implemented.
Console object is now available in Web Workers.
Promises have been enabled by default.
<input type="number"> has been implemented and enabled.
<input type="color"> has been implemented and enabled.
Fixed several stability issues.
Fixed in SeaMonkey 2.26.1
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Fixed in SeaMonkey 2.26
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
