On Thu, Apr 20, 2006 at 10:48:54AM -0700, Jean Tourrilhes wrote: > Package: mozilla-firefox > Version: 1.0.4-2sarge > Severity: critical > > Hi, > > I'm using the very latest version of Debian, which is 3.1r2 > (Sarge + all security updates). The IT people at work here are bugging > me because the version of firefox installed on my system contains > multiple vulnerabilities. > > http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox > > I don't always agree with our IT people, but it seems to my > that Firefox 1.0.8 fixes quite a lot of remote vulnerabilities. I > usually don't care about local exploit, and I usually don't care much > about the security of package I rarely use, as I'm the only user of > that box, but remote vulnerabilities in my browser scare me. It seems > to me that nowadays the browser is one of the main vector of attacks. > In other words, if there is only one package on that box that > should be up to date, that should be Firefox. > > I also wonder what will happen in the future. Firefox 1.0.X > seems to be discontinued by the Mozilla fundation. I hope it doesn't > mean that users of Stable will be left vulnerable. I hope you will > find a workable solution, such as putting Firefox 1.5 in stable. Another alternative is to update firefox and its dependencies to testing, by using apt-pinning. See, for example:
http://bugs.debian.org/261458 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]