[SECURITY] Firefox out-of-date

English Network/Internet
#1

Hi All,

I’m giving Tumbleweed a try, and I noticed something odd. The latest Firefox for Tumbleweed is Firefox 42.0, while the latest Firefox for OpenSUSE Leap 42.1 is 43. Many security issues were fixed in Firefox 43. As a rolling release, shouldn’t Tumbleweed release be newer, or at least the same?

https://software.opensuse.org/package/MozillaFirefox

Either way, the latest upstream Firefox is 43.0.2, which, according to the changelog, contains a security fix.

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43.0.2

As a new OpenSUSE user, this has me very concerned. Are the security patches backported?

#2

Hi
Since it’s Tumbleweed it does cycle before a new iso is released with all the updates.

That being said it also takes time for updates to be completed by the maintainer (who I’m sure would appreciate help?), submission, moving from the development repository to factory and then passing openQA, legal etc.

If you keep an eye on the following for the update;
https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox