Closed
Bug 775634
Opened 12 years ago
Closed 12 years ago
SUMO should not report the latest ESR version as insecure
Categories
(support.mozilla.org :: General, defect, P1)
support.mozilla.org
General
Tracking
(firefox-esr10+)
RESOLVED
WONTFIX
| Tracking | Status | |
|---|---|---|
| firefox-esr10 | + | --- |
People
(Reporter: akeybl, Unassigned)
Details
STR: 1) Download the 10.0.6esr from https://www.mozilla.org/en-US/firefox/organizations/all.html 2) Run Firefox 10.0.6 3) Click the Help > Firefox Help menu item Got: > Warning: You're using an insecure version of Firefox. To keep your computer and > personal information safe, please update to the latest version of Firefox. Expected: No warning
|
Reporter | |
Comment 1•12 years ago
|
||
James - are you the right person to look into this?
Assignee: nobody → james
|
||
Comment 2•12 years ago
|
||
Nope, but I've CCed some SUMO devs and added it to the current sprint.
Assignee: james → nobody
Target Milestone: --- → 2012.14
|
||
Comment 4•12 years ago
|
||
This warning is coming from kb content: https://support.mozilla.org/en-US/kb/home-page-top I'm passing this off to Verdi since he did the last set of changes to that article that (I think) is causing the problem.
Assignee: willkg → mverdi
|
||
Comment 5•12 years ago
|
||
We don't have a way to distinguish the ESR version of Fx 10 from the insecure version of Fx 10, so we should show a warning. I'll work on the wording of it.
|
||
Comment 6•12 years ago
|
||
Since this is a content and not a code issue, I am resolving as INVALID.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Target Milestone: 2012.14 → ---
|
|
Reporter | |
Comment 7•12 years ago
|
||
(In reply to Ricky Rosario [:rrosario, :r1cky] from comment #6) > Since this is a content and not a code issue, I am resolving as INVALID. Isn't the fact that we can't distinguish between mainline and ESR versions (comment 5) a code issue? Apologies for re-opening if not, but I don't want to lose visibility here.
Assignee: mverdi → willkg
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: SUMO is reporting the 10.0.6esr as insecure → SUMO should not report the latest ESR version as insecure
|
|
Reporter | |
Updated•12 years ago
|
tracking-firefox-esr10:
--- → ?
|
|
||
Comment 8•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #7) > Isn't the fact that we can't distinguish between mainline and ESR versions > (comment 5) a code issue? That would be an issue in Firefox if anything. Is there anything in the user agent string or in window.navigator that can help us distinguish?
|
||
Comment 9•12 years ago
|
||
(In reply to Ricky Rosario [:rrosario, :r1cky] from comment #8) > Is there anything in the user agent string or in window.navigator that can help > us distinguish? Firefox 10 has 3 possible UA: ...Firefox/10.0.0 or ...Firefox/10.0.1 or Firefox/10.0.2. Firefox 10 ESR based on security fixes of Firefox 11 has the following UA, ...Firefox/10.0.3, Firefox 12, ...Firefox/10.0.4, Firefox 13, ...Firefox/10.0.5, and Firefox 14, ...Firefox/10.0.6. So there are no rules as Firefox 17.0.1 can be ESR or not.
|
|
Reporter | |
Updated•12 years ago
|
|
|
Reporter | |
Comment 10•12 years ago
|
||
I think we just need to accept 2 major/minor version combinations as secure, latest mainline (14.0.1 right now) and latest ESR (10.0.6 right now).
|
|
||
Comment 11•12 years ago
|
||
The Wiki in SUMO doesn't use the UA string but fx10, fx11, fx12, fx13, fx14 tags, so there's currently no way to differentiate Fx 10.0.2 from Fx 10.0.6. If this behavior is changed by creating fx10esr, fx17esr, or fxesr, there's no automatic way to do that. It needs to be set manually every six weeks like the default version.
|
||
Comment 12•12 years ago
|
||
What's left to do here?
|
|
||
Updated•12 years ago
|
Flags: needinfo?(willkg)
|
|
||
Comment 13•12 years ago
|
||
I have no idea what's left to do here or why it's assigned to me. Ricky: Any ideas?
Flags: needinfo?(willkg)
|
|
||
Comment 14•12 years ago
|
||
I am pretty sure we aren't showing these warning anymore. Verdi?
Assignee: willkg → nobody
|
||
Updated•12 years ago
|
Flags: needinfo?(mverdi)
|
|
||
Comment 15•12 years ago
|
||
This isn't being shown on desktop since we haven't implemented a notice feature in our new design yet. It is being shown on the mobile version of sumo which is about to change. But the underlying issue has not been solved. We should warn users when they have an insecure version of fx but sumo has no ability to show a message to 10.0 users and not to 10.0.6 users. I will remove the mobile message and that will satisfy this bug. We should investigate a good way to alert users in the future.
Flags: needinfo?(mverdi)
|
|
||
Comment 16•12 years ago
|
||
Maybe I'm mistaken, but I thought we stopped reporting the minor version in the UA string, so that 10.0 and 10.0.6 UAs would look exactly the same. Can anyone confirm?
|
|
||
Comment 17•12 years ago
|
||
(In reply to Kadir Topal [:atopal] from comment #16) > Maybe I'm mistaken, but I thought we stopped reporting the minor version in > the UA string, so that 10.0 and 10.0.6 UAs would look exactly the same. Can > anyone confirm? That is correct. We have no way to tell them apart anyway.
|
|
||
Comment 18•12 years ago
|
||
Okay, then I'll just go ahead and close this bug, assuming it's better to prompt people to upgrade from ESR than not letting people know that their browser is outdated.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•