Source: firefox-esr Version: 52.5.0esr-1~deb9u1 Severity: normal Dear Maintainer,
If firefox is upgraded to a new version, running instances of the old version are not stopped and continue to function. Consider, for example, an unattended-upgrades process that installs security updates automatically. Users may continue to run instances of old insecure versions for long periods with no indication that an upgrade has been installed. Generally, Debian will restart long-running system processes (i.e. daemons) in this sort of situation but not user processes. This is a particular issue for firefox because of its security characteristics. It's not obvious how to fix this; simply killing instances of the old version would be unfriendly to users who may lose work; a message from apt might be emailed to root but will not reach the actual users. Any thoughts? Thanks, Phil. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: arm64 (aarch64)
