Latest firefox vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Wed Jun 7 21:11:08 UTC 2006
Martin Schulze wrote:
> Moritz Muehlenhoff wrote:
> > Martin Schulze wrote:
> > > Moritz Muehlenhoff wrote:
> > > > Michael Stone wrote:
> > > > > Has anyone started looking into the latest set of vulnerabilities (the
> > > > > firefox 1.5.0.4 set)?
> > > >
> > > > Is it actually sanely backportable to Sarge? I remember having read about
> > > > API incompatibilities for Firefox extensions.
> > > >
> > > > Support for 1.0.x has stopped with the last round of Firefox issues; they
> > > > don't provide fixed packages and they don't give us access to the Bugzilla
> > > > entries describing the problems to even research the status of 1.0.x.
> > > >
> > > > We will most definitely again reach the point, where the Woody packages
> > > > of Mozilla were/are; full of unfixable security problems.
> > >
> > > s/Woody/Sarge/?
> >
> > The Sarge Mozilla packages should still be okay (sans the current issues),
> > but Woody hasn't seen a Mozilla update for years, because it's impossible
> > to backport all this to Mozilla 1.0.
>
> Umh, then why will we reach this state *again*? We've already reached it.
> I just can't parse the above paragraph.
I'm not sure if we have already reached it, at least Alexander seems optimistic.
But I don't think Firefox and Mozilla will be supportable over the full Sarge
support time frame and we should brainstorm about the ramifications for Sarge (e.g.
publicly announcing the EOL of security support) and Etch (e.g. contacting
Mozilla Foundation about our concerns or adding a note to the release notes, that
security support is unpredictable and that alternatives exist (Konqueror has had
a better security track record and is professionally managed)).
Cheers,
Moritz
More information about the pkg-mozilla-maintainers
mailing list