Good afternoon all,
We run Nessus security scans on our zLINUX images - SLES11 SP1 and SP2. Our security team found that we have Firefox old version (MozillaFirefox-10.0.2-0.4.1) installed with critical security vulnerabilities. I didn't install Firefox but even on the minimum install, it gets installed in /usr/lib64/firefox/ as I understand. SLES11 SP1 has MozillaFirefox-10.0.2-0.4.1 (I can erase the package but don't know of the consequences yet) I do notice that it gets upgraded to just MozillaFirefox-10.0.6-0.4.1 in SLES11 SP2 update and latest patches but that's it. It is far from the recent version of Firefox v 14.0.1 and vulnerabilities will always be there on this thus even though we are aggressive on patch updates through our constantly syncing SMT servers. The question is: 1) Is Firefox integral is part of OS library ( i.e do they use the SSL trust cert repository etc for OS etc - my guess) ? 2) can we delete it safely ? 3) any other way to keep it MORE updated without breaking anything? Thanks. Sagar Srivastava ISO, Jersey City, NJ This email is intended for the recipient only. If you are not the intended recipient please disregard, and do not use the information for any purpose. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
