Could anyone enlighten me about how Mozilla Firefox security updates are
implemented in OpenBSD?
I notice that the version of Firefox I am using in OBSD is 2.0.0.6
whereas the latest versions on Windows and Ubuntu are both 2.0.0.11, and
several security vulnerabilities are present in 2.0.0.6. In my version
of Debian (Etch) Iceweasel is at version 2.0.0.10 but I note from the
Mozilla site that the 2.0.0.11 update doesn't include any security fixes
whereas 2.0.0.10 does include security fixes.
Updates to Firefox are pretty regular things at present and if you are
running Windows they always seem to emphasise the need to update as soon
as a fix is announced, presumably meaning that vulnerabilities could
well be exploited quickly.
In Windows updates are downloaded from within the running program, in
Ubuntu via the usual software update process (binary updates - either
apt-get, aptitude or Synaptic). I presume the OBSD team are only
concerned with updates to the basic OS and package updates are handled
by the package developers.
I can find the source of 2.0.0.11 on Mozilla's site. Can I assume I must
use this and compile it myself? I have had a look at the ports source on
the UK mirror site and it is dated 1 Sept 07 so I presume this includes
only 2.0.0.6 and there is no port later than this. I am out on a limb
regarding implementing 2.0.0.11 in source form - what do other people do?
Russell
- Mozilla Firefox security updates Russell Gadd
-
