*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
On home user machines running Ubuntu the Firefox snap security updates are being delayed by 2 weeks due to the way snap updates currently work (after sig). This is not acceptable security-wise. The alternative is not acceptable from the user-experience point of view. Ask Ubuntu recommends manually killing firefox and running snap refresh from in order to get what is (generally) the latest point release: https://askubuntu.com/questions/1412140/how-to-solve-pending- update-of-firefox-snap-close-the-app-to-avoid-disruptio The experience in 20.04 (where the Firefox snap would crash upon the background snap update) is preferable to the current status from the security point of view. Best Regards, Ciprian Enache How snap updates work: 1. If Firefox is running the user is notified that "Pending update of "firefox" snap. Close the app to avoid disruptions. (13 days left)" 2. If the user closes Firefox and reopens it 5-10 minutes later, or even 1-2 hours later, the Firefox snap will not be updated since the snap updates only happen at 2-4 times per day at specific times. ** Affects: snapd Importance: Undecided Status: New ** Tags: bad-user-experience security works-on-any-other-os -- Firefox security updates delayed on Ubuntu 21.10/22.04 by 2 weeks https://bugs.launchpad.net/bugs/1998177 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
