We remove it from everything. You are correct in that it does get security updates often and keeping it is a PITA if you don't use it. SuSE is backporting security fixes to it so you can't go by the release numbers. You'll have to check the CVE vulnerabilities on the SuSE website.
But delete it if you can :) Marcy -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Srivastava, Sagar Sent: Wednesday, August 01, 2012 10:08 AM To: [email protected] Subject: [LINUX-390] Firefox v10 on SLES11SP2 installed in /usr/lib64? Good afternoon all, We run Nessus security scans on our zLINUX images - SLES11 SP1 and SP2. Our security team found that we have Firefox old version (MozillaFirefox-10.0.2-0.4.1) installed with critical security vulnerabilities. I didn't install Firefox but even on the minimum install, it gets installed in /usr/lib64/firefox/ as I understand. SLES11 SP1 has MozillaFirefox-10.0.2-0.4.1 (I can erase the package but don't know of the consequences yet) I do notice that it gets upgraded to just MozillaFirefox-10.0.6-0.4.1 in SLES11 SP2 update and latest patches but that's it. It is far from the recent version of Firefox v 14.0.1 and vulnerabilities will always be there on this thus even though we are aggressive on patch updates through our constantly syncing SMT servers. The question is: 1) Is Firefox integral is part of OS library ( i.e do they use the SSL trust cert repository etc for OS etc - my guess) ? 2) can we delete it safely ? 3) any other way to keep it MORE updated without breaking anything? Thanks. Sagar Srivastava ISO, Jersey City, NJ This email is intended for the recipient only. If you are not the intended recipient please disregard, and do not use the information for any purpose. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
