New Ubuntu-Firefox - maybe safer but not 100%

Magnus Therning magnus at therning.org
Fri May 13 07:39:15 UTC 2005


On Fri, May 13, 2005 at 08:05:28AM +0200, Gábor Iglói wrote:
>Hi!
>
>I've updated my Firefox today, I think that this was a security update
>(because the 1.0.4 came out yesterday). As the usual Ubuntu way I
>suppose there wasn't a version switch from 1.0.2->1.0.4 only the new
>security patches were applied.
>
>But unforunately Mozilla won't let me to thier Themes and Extensions
>web pages with my new Ubuntu Firefox 1.0.2 till I don't upgrade to
>1.0.4. So it seems that the security patches won't be enough this time
>- we should change to the v1.0.4 or at least do something to fool
>Mozilla to allow us to get our extensions and themes.

I can only agree with this. It doesn't seem to be possible to access any
pages on update.mozilla.org with version 1.0.2 of FireFox.

Since there seems to be a lot of small issues with updates to FireFox
would it be an idea to exempt FireFox from the
only-security-updates-after-release rule?

I doubt it'd be possible to convince the Mozilla people to make their
checks a bit more granular, instead of checking that "mozilla-version >=
1.0.4" they should check "has-patch-for-vulnerability-X and
has-patch-for-vulnerbility-Y". It wouldn't really be in their interest
though, I think.

I know this is just a one-time thing, but since downloading and running
extensions is a hard problem to solve from a security point of view I am
afraid this won't be the last time we see the Mozilla Foundation doing
something like this.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://magnus.therning.org/

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

The seven worst words in cyberspace are "You just don't get it, do you?"
     -- Bob Metcalfe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050513/73662442/attachment.pgp>


More information about the ubuntu-users mailing list