Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Firefox' new ESR

Skip to first unread message

Ivan Shmakov

Oct 28, 2018, 4:07:51 AM10/28/18
>>>>> Moritz Muehlenhoff <> writes:

> Debian Security Advisory DSA-4324-1


> CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392
> CVE-2018-12393 CVE-2018-12395 CVE-2018-12396
> CVE-2018-12397

> Multiple security issues have been found in the Mozilla Firefox web
> browser, which could result in the execution of arbitrary code,
> privilege escalation or information disclosure.

> For the stable distribution (stretch), these problems have been fixed
> in version 60.3.0esr-1~deb9u1.


... Or we can get a detailed look at [1].

I can't say I'm surprised that adopting a new, memory-safe
language as the basis for Firefox haven't instantly resulted
in a bug-free ESR; IME, any new technology takes some time
stumbling around before its claimed benefits can truly show.

What I'm concerned, however, is that the adoption of a
XUL-incompatible Firefox version by Debian stable left its users
without Debian packaged, XUL-only versions of NoScript and uBlock.

Frankly, at this point, I'm inclined to trust an unsupported ESR
plus NoScript /more/ than a supported ESR without one.

(Not to mention that I find Firefox UI without CTR barely usable.)


FSF associate member #7257 np. Face Another Day -- Jogeir Liljedahl
0 new messages