Effective February 22, 2024, Google Groups will no longer support new Usenet content. Posting and subscribing will be disallowed, and new content from Usenet peers will not appear. Viewing and searching of historical data will still be supported as it is done today.
Dismiss

Firefox' new ESR

3 views
Skip to first unread message

Ivan Shmakov

unread,
Oct 28, 2018, 4:07:51 AM10/28/18
to
>>>>> Moritz Muehlenhoff <j...@debian.org> writes:

> Debian Security Advisory DSA-4324-1

[...]

> CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392
> CVE-2018-12393 CVE-2018-12395 CVE-2018-12396
> CVE-2018-12397

> Multiple security issues have been found in the Mozilla Firefox web
> browser, which could result in the execution of arbitrary code,
> privilege escalation or information disclosure.

> For the stable distribution (stretch), these problems have been fixed
> in version 60.3.0esr-1~deb9u1.

[...]

... Or we can get a detailed look at [1].

I can't say I'm surprised that adopting a new, memory-safe
language as the basis for Firefox haven't instantly resulted
in a bug-free ESR; IME, any new technology takes some time
stumbling around before its claimed benefits can truly show.

What I'm concerned, however, is that the adoption of a
XUL-incompatible Firefox version by Debian stable left its users
without Debian packaged, XUL-only versions of NoScript and uBlock.

Frankly, at this point, I'm inclined to trust an unsupported ESR
plus NoScript /more/ than a supported ESR without one.

(Not to mention that I find Firefox UI without CTR barely usable.)

[1] http://security-tracker.debian.org/firefox-esr
[2] http://addons.mozilla.org/firefox/addon/classicthemerestorer/

--
FSF associate member #7257 np. Face Another Day -- Jogeir Liljedahl
Reply all
Reply to author
Forward
0 new messages