Originally Posted by BMT
Waterfox is maintained by one person, MrAlex. He only has so much spare time and does this as a hobby, not a job.
He's seen and acknowledged your points regarding security issues, but has already said it's unlikely that there will a Waterfox update until Firefox 34 has been released
In my opinion, that's fair enough - if you're going to spend your spare time doing something, you should probably make sure that it makes sense before you do it - and with the Firefox 33 branch MrAlex would have wasted a lot of his spare time if he tried to keep up with every update.
So yes, I'm sure he cares, but no, he does not have an infinite amount of spare time to dedicate to working on Waterfox.
If you have an issue with that, then I would advise you not to use Waterfox until whenever MrAlex releases version 34.
For the record, I've been using Waterfox for years and have never had any problems from potential security issues it may have had.
Originally Posted by WetLook
Maybe you could contact MrAlex and offer him some help!
As stated multiple time in these posts, he is mainly working on WF by himself.
Originally Posted by seti
MalcomX...Alex answered your question...I don't know if he could have been any clearer that with all the fixes that come out for Firefox between builds...Alex has decided for Waterfox to not jump and make a new build at the same pace as Firefox, so he opts to do Waterfox updates in a manner that several patches are done at once. In this instance...he will skip 33.x.x and do this with release 34. That is how it has been done for some time now as far as I know and in all this time there are very few that have had issue with this process. However, for those that can't wait or don't subscribe to Mr Alex's methods...they are free to take the source for Waterfox and go at it according to their own wishes. So feel free to go that route if Waterfox is in such a dire state in its current form that you cannot wait.
I also wanted to tip my hat to you Mr. Alex for doing such a great job at addressing so many question here on the forum. My gosh it is good to see your posts, but I feel for ya when they are a page long answering questions. However, that is the kind of person you are...helpful and devoted to Waterfox...which I know many people appreciate. Thanks for all the hard work.
when report security issue most update fix program he could warned users unsafe not let use but no
quote my tech friend
i find it rather funny when people go i have used an outdated version on XXXX product for year with no security issues, i
laugh because most of these attacks are unseen and unknown its not like an attacker wants to have big bright red warnings saying
hay i am stealing your personal data and your passwords, no they in most attacks just collect your data then store it for later, most of these
exploits are most likely to have been fixed in a newer version so when the arbitrary code is executed on an outdated browser with the current flaw
the attacker is able to steal or remote execute code on the users computer, now if they used the newer patched version when the arbitrary code is
executed the attack is null and void has no affect because the flaw was fixed.
think of your web browser as an anti-virus and the browser updates as virus definitions you don't visit websites and install software with outdated anti-virus
you could say i have been using a outdated anti-virus and never had and viruses or issues why should i update or care now, in the mean time a rat was installed
letting the attacker just take there time slowly collecting your data, you don't walk around a nuclear power station without a radiation tag or suit in the radiation areas just because
you can't see the radiation does not mean you have not been affected ?Warning: Spoiler! (Click to show)
most cases when using an outdated browser on the internet you have encounter one or more threats to your browser security and have lost personal
data as a result that would not have happened if running the newer version, when you look at the case studies you can see in most attacks they are automated
by scripts, bots and other means there sole purpose is to find a weak spot then exploit it, if its personal data its archived if its executed code remotely to download a
file that lays dormant until activated like a root kit you wont know as they don't want to you to know there stealing your data because you will change that information
before they can use it, when you get a letter from your financial institution saying your late on the house loan, car load and the boat loan but your thinking to your self
i don't have any of these loans right then right there you realize your computer was compromised by a Romanian hacker that stole your personal information which they
then used to create a fake identity for financial gain, most of these new age exploits are just for your personal data this information is gold and can be sole many times over
for the purpose of identity freud.
look malcom i have done my part i have emailed the developer about 11 major security issues with waterfox with the information how to produce the issues and potential fix them
i have done my part to help you out its up to the developer to fix these issues, personally i would stop using the browser as its clean the developer just mashes compiler command
together and hopes for the best with little to no regards to user safety which is outline in the emails sent clearly shown by the profile guided linking of the library's leaving undefined symbols
allowing an entry point created, i have shared these exploits to jorge and a few forum members for further analysis so they are public knowledge and if not fixed they will be exploited,
malcom in future if your not going to listen to my advisement then please don't ask for it.
he help fix waterfox i help fix but code broken outdate like browser
one for 32 https://waterfox.codeplex.com/SourceControl/latest#browser/config/version.txt
one for 15 http://sourceforge.net/p/waterfoxproj/code/ci/master/tree/browser/config/version.txt
not build missing files contaminated with old files
forgive english not good i try more better