Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances

spam_from_debian_bugs_2017 at chezphil.org spam_from_debian_bugs_2017 at chezphil.org
Sun Nov 19 17:25:07 UTC 2017


Source: firefox-esr
Version: 52.5.0esr-1~deb9u1
Severity: normal

Dear Maintainer,

If firefox is upgraded to a new version, running instances of 
the old version are not stopped and continue to function.

Consider, for example, an unattended-upgrades process that 
installs security updates automatically.  Users may continue 
to run instances of old insecure versions for long periods 
with no indication that an upgrade has been installed.  
Generally, Debian will restart long-running system processes 
(i.e. daemons) in this sort of situation but not user processes.  
This is a particular issue for firefox because of its security 
characteristics.

It's not obvious how to fix this; simply killing instances of the 
old version would be unfriendly to users who may lose work; 
a message from apt might be emailed to root but will not reach 
the actual users.   Any thoughts?

Thanks, Phil.


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: arm64 (aarch64)



More information about the pkg-mozilla-maintainers mailing list