-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 13 July 2004 01:56, Florian Weimer wrote: > * Kevin B. McCarty: > > On 07/10/2004 12:18 PM, Florian Weimer wrote: > >> 1.7 incorporates some other security fixes, apparently in the area > >> of cross-domain scripting vulnerabilities. So you probably should > >> upgrade anyway. > > > > Does anyone know if there is some reason these fixes haven't been > > backported to woody? > [snip] > This is quite complicated because Mozilla's upgrades are known to > break profiles,
Tell me about it. I was trying to upgrade users from phoenix to firefox; after the upgrade the users profiles were stuffed. I tried to work around it by customising the system-wide mozilla config so that the *default* settings for users firing up firefox for the first time would have the right proxy, homepage etc. I discovered that I had to unpack a .jar file, edit files inside it and then pack it up again; the 'config files' under /etc just arn't enough. > and Debian's mozilla has a few dependencies which you > have to backport, too (Galeon etc.). > > All in all, fixing Mozilla for woody isn't particularly rewarding. > Even SuSE doesn't dare to fix Mozilla security bugs, so it's not a > Debian-specific problem at all. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA8uv1mVx2hyhuTucRAvLUAKC22xcDiQFPMSaalkcmeU7RCgkoeACgodCE AJZlSL4oRWnPog3UwF0NQfQ= =ZHTM -----END PGP SIGNATURE-----
