Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Question about provided Mozilla Foundation updates

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
jlbalvanz Question about provided Mozilla Foundation updates
Member 2nd May, 2012 23:52
Ranking: 3
Posts: 14
User Since: 19th May, 2011
System Score: N/A
Location: US
While working on approving packages today, we noticed that in some cases the CSI console was offering multiple update packages for the same program:

Firefox 3.0.x and 3.5.x had updates to 3.6.x and 12.x.
Firefox 3.6.x had updates to 3.6.28 and 12.x.
Firefox 10 and Thunderbird 10 had updates to 10.0.4esr, 11.x and 12.x

We also noticed that the set of machines CSI claimed needed the updates were different depending on which patched version was selected.

What is the logic behind the multiple patched versions, and can you give some guidance as to which or all of the patched versions we should select?

--
Jeff Balvanz -- Iowa State University Information Technology Services
Ames, IA, USA

This user no longer exists RE: Question about provided Mozilla Foundation updates
Member 3rd May, 2012 09:28
Last edited on 3rd May, 2012 09:29 Hi Jeff,

What you are notificing is the different between different brances of the same product.

For example, Firefox for a long time was divided between the "old stable" - 3.6.x - and the "running release" branch, which moved from 4.x - 10.x.

Now, however, 3.6.x is End-of-Life (EOL) and will no longer be offered to you. In exchange for 3.6.x, Mozilla are now offering the 10.x "ESR" release.

In order to accomodate those users who reached 10.x by following the rolling upgrades, and who would take objection to being "stuck" with an ESR (extended support release) version, our logic is as follows:

If you have 10.0.1, 10.0.2 or 10.0.3, you are upgraded to the latest version. This, ATM, is Firefox 12.x.

If, however, you have 10.0.4, we consider you to be running the ESR release, and will provide you with patches for ESR. The reason for this is that 10.0.4 is a version number specific to the ESR release, while 10.0.1-3 were initially part of the "rolling upgrades" branch.

We apologize for this confusion, but unfortunately there is little we can do as this is a deliberate policy from Mozilla.

The same situtation applies to Thunderbird and other Mozilla products.

I hope I have made myself clear, and otherwise you are of course free to return with more questions.

As for your question about which branch to choose, this is up to you. The ESR release is intended for organizations, or those who do not like sudden change in the browser, or do not need or want new features.

The rolling release branch is the "official" branch and new features will probably only make their way into this branch for quite some time.

Hope this helps.
Was this reply relevant?
+0
-0
jlbalvanz RE: Question about provided Mozilla Foundation updates
Member 3rd May, 2012 22:19
Score: 3
Posts: 14
User Since: 19th May 2011
System Score: N/A
Location: US
Thank you, that explained a lot. We've chosen to push the latest versions.

--
Jeff Balvanz -- Iowa State University Information Technology Services
Ames, IA, USA
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability