Please remove all insecure versions of Firefox

[gordon64]

Hi

Although I made similar requests in the past, its time to repeat my request in a open forum.

I have booted into x86 and can search for firefox and get these hits
firefox-latest, firefox-official, firefox

Under the guise of aus9, I have no plans of updating firefox.

The reason is simple, coreplayer2 has a script with firefox-latest which allows members to always get the latest firefox.

It is my duty to report that there are security issues for members using firefox.tcz and it should not be available to entice innocent members into using it, by keeping it in the repo.

Evidence is
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

count how many critical or high issues are there if interested.

thanks in advance.

Similar security concerns can be discussed for icecat
icecat is a mozilla family browser so next link applies
https://www.mozilla.org/en-US/security/advisories/

and seamonkey another mozilla family browser
https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey/

[nitram]

Your fortune cookie would read, "you are good and honourable person, have another cookie"

Lots of vulnerabililities. Don't mind using outdated versions of a lot of software, prefer it actually, but an outdated browser is looking for problems. Guilty as charged for using your old Firefox extension (version 21?) on a fresh install to get things going, then repack an updated version. As you say, not necessary since coreplayer2's script is readily available.

[thane]

Yes, I use coreplayer2's script extension (firefox-latest.tcz) all the time and it works great. I'm a bit baffled about why Firefox needs so many updates but it's no problem keeping up.

[nitram]

Hi
Although I made similar requests in the past, its time to repeat my request in a open forum...
It is my duty to report that there are security issues for members using firefox.tcz and it should not be available to entice innocent members into using it, by keeping it in the repo.

Hi gordon64, wonderful creator of VLC2 with youtube support 

Your old firefox is still in the repo, did you get any response from developers?

*****

Edit: My bad, thought this was a PM...but since it's posted. Reason for asking, would there be a benefit to removing all old versions of Firefox from the repository and updating to Firefox ESR?

Then instead of the x86 repo having:
- firefox-latest
- firefox-official: v33
- firefox: v21

...it would just have:
- firefox-latest: coreplayer2 script, whatever version desired, especially latest
- firefoxESR: v38.3, infrequent updates, good for new users, those unfamiliar with scripts, want quick install

Won't proceed without the blessings of developers, gordon64 and coreplayer2. Please let me know either way via forum or PM. I keep Firefox38ESR updated regularly so it would be minimal effort to re-submit. Thanks.

[Rich]

Hi nitram
I think gordon64 may have left us. The status under his name shows as Guest suggesting he may have deleted
his account.

[curaga]

As the extension author, aus9/gordon64 can certainly ask for his extension(s) to be deleted - I've removed firefox.tcz from x86 and x86_64. I wouldn't remove others' without their request, so coreplayer2's firefox-official.tcz will stay for now.

Any new ones, such as firefoxESR, are of course welcome.

[Misalf]

I support gordon64's request.
If there is no firefox.tcz in the repo, coreplayer2's firefox-latest script could create firefox.tcz, which can then be run via OnDemand.

Oh, gone it is. Thanks curaga.

--

Bye gordon64!

[nitram]

Thanks for the information RIch. Happy trails gordon64, wish you hadn't left. Thanks curaga, still waiting to hear from coreplayer2 - got your ears on?

[coreplayer2]

Thanks for the information RIch. Happy trails gordon64, wish you hadn't left. Thanks curaga, still waiting to hear from coreplayer2 - got your ears on?

Yes :p

please see here
http://forum.tinycorelinux.net/index.php/topic,17879.msg116014.html#msg116014

As discussed, I think
a current Firefox-ESR version can be maintained in all repo's (I can get this out immediately to replace the current firefox-official.tcz).
Whilst the firefox-getLatest extension updates, upgrades or clean installs the latest form Mozilla. locally created extensions may replace a previously installed esr or personal version.

I think that's a fair solution..?

[nitram]

As discussed, I think
a current Firefox-ESR version can be maintained in all repo's (I can get this out immediately to replace the current firefox-official.tcz).
Whilst the firefox-getLatest extension updates, upgrades or clean installs the latest form Mozilla. locally created extensions may replace a previously installed esr or personal versions

I think that's a fair solution..?

Sounds great, firefox-getLatest me thinks is a good name, will be good to be rid of firefox-official since it's now *officially* outdated, firefoxESR.tcz or similar good. Should clean up the repository nicely, keep a more secure Firefox available and make it easier for new users to figure out what's what. Let me know if you get fatigued updating the ESR releases and i would happily continue submitting firefoxESR updates for x86. Thanks for your hard work, take care.