Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Explanation for Mozilla Firefox & Thunderbird 10.x/11.x update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
M.Rehman Explanation for Mozilla Firefox & Thunderbird 10.x/11.x update
Secunia Official 22nd Mar, 2012 09:06
Ranking: 25
Posts: 41
User Since: 12th May, 2011
System Score: N/A
Location: Copenhagen, DK
By default, Secunia strives to automatically update applications to the next available patched version within the same major version and not a following major version.

However, as Firefox 10.0.3ESR according to Mozilla[1] only includes fixes for "security bugs qualified as 'Critical' and 'High' [...] where feasible" and not all security fixes, Secunia's PSI will now update to the next major release of Firefox (11.x) to ensure that all security fixes are applied.

It should be noted that users running 10.0.3ESR will not automatically be updated to the next major release (11.x), but will have to do so manually.

Also note, the abovementioned also applies to Thunderbird.

[1]: https://wiki.mozilla.org/Enterprise/Firefox/Extend...


--
Kind regards,

Munib Rehman
Secunia Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal

Anthony Wells RE: Explanation for Mozilla Firefox & Thunderbird 10.x/11.x update
Expert Contributor 25th Mar, 2012 21:50
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Munib ,

One must therefore consider that anyone using the PSI's auto or manual updater would have got 10.0.3esr rather than 11.0 ; so :-

1)Will you post another thread asking all Mozilla useds to check their version and if they themselves did not select the ESR version , then suggest that they should update to 11.0. ; after all the ESR platform is likely to be progressively more "vulnerable" in the hands of an individual as time goes on ??

2)Will you detect the 10.x ESR and the Release Channel 11.0 etc . as separate platforms/versions in the continuation ??

3)How do you propose dealing wth this problem (in advance) when the ESR jumps up to the Release channel and immediately splits again later in the year , around version 17.0 of the Release Channel ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
J.Vemmer RE: Explanation for Mozilla Firefox & Thunderbird 10.x/11.x update
Secunia Official 26th Mar, 2012 09:58
Score: 5
Posts: 20
User Since: 5th Oct 2011
System Score: N/A
Location: Copenhagen, DK
Hi,

We have corrected our rules to take the new "branching" from Mozilla into account, and there should no longer be any issues with users incorrectly being updated to 10.0.3ESR, while running the major releases. On that note, users currently running 10.0.3ESR will not be updated to 11.x, and will instead only receive updates that are specific for the 10.0.3ESR branch.
This does indeed mean that users who have been unfortunate enough to be caught by this, will have to decide if they wish to stay on 10.0.3ESR or manually upgrade to 11.x.

As for when Mozilla decides to release a new ESR major version, we have put measures in place to hopefully avoid this happening again, as it is atleast as frustrating to us, as it is to our users.

--
Kind regards,

Jais Vemmer
xSI Signatures Specialist

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer