Closed Bug 295893 Opened 20 years ago Closed 20 years ago

Suggestion for Security Patch Level version be mainained in Firefox, to avoid problems like the 1.0.4 update on Ubuntu Linux

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: tlepes, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050526 Firefox/1.0.4 (Ubuntu package 1.0.4)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050526 Firefox/1.0.4 (Ubuntu package 1.0.4)

As you may know, when Ubuntu applied the security updates from 1.0.4 to their
production release of Firefox 1.0.2, there were problems accessing the firefox
extensions pages.  This was done as a kludge to prevent non-upgraded versions of
Firefox from getting in.

Simplest way to avoid issues with users would have been to put a button at the
end of the warning that would allow users to continue on anyway.  But as
suggested in Ubuntu's Bugzilla #10681
(https://bugzilla.ubuntu.com/show_bug.cgi?id=10681), maybe Firefox could start
keeping an internal security patchlevel version number that could be used for
such cases.

Ubuntu has good reasons for doing security-only updates to the released software
packages on Hoary (Ubuntu 5.0.4).  Having a separate security patch level
version string could make this all make more sense.  It would be more manageable
all around.  I am still a little confused perhaps, but I believe that Ubuntu's
Firefox "1.0.4" is actually 1.0.2 with security updates backported from Mozilla
Firefox 1.0.3 and 1.0.4.  With a patch level, the "About" page could say
something like "Ubuntu build Firefox version 1.0.2, Security Patch Level 1.0.4".

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Wontfix.  We don't need yet another version to track.  And that's not a viable
solution for the problem anyway, since user agent is sent, but arbitrary other
properties aren't.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
I want to note: 1.0.4 == 1.0.2 plus security updates. why doesn't ubuntu just
ship that?
You need to log in before you can comment on or make changes to this bug.