*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Seth Arnold (seth-arnold):

On home user machines running Ubuntu the Firefox snap security updates
are being delayed by 2 weeks due to the way snap updates currently work
(after sig). This is not acceptable security-wise.

The alternative is not acceptable from the user-experience point of
view. Ask Ubuntu recommends manually killing firefox and running snap
refresh from in order to get what is (generally) the latest point
release: https://askubuntu.com/questions/1412140/how-to-solve-pending-

The experience in 20.04 (where the Firefox snap would crash upon the
background snap update) is preferable to the current status from the
security point of view.

Best Regards,
Ciprian Enache

How snap updates work:
1. If Firefox is running the user is notified that "Pending update of "firefox" 
snap. Close the app to avoid disruptions. (13 days left)"
2. If the user closes Firefox and reopens it 5-10 minutes later, or even 1-2 
hours later, the Firefox snap will not be updated since the snap updates only 
happen at 2-4 times per day at specific times.

** Affects: snapd
     Importance: Undecided
         Status: New

** Tags: bad-user-experience security works-on-any-other-os
Firefox security updates delayed on Ubuntu 21.10/22.04 by 2 weeks
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

ubuntu-bugs mailing list

Reply via email to