On Fri, 20 Jan 2006 11:19:59 +0000, Paul Howarth wrote: > Beartooth wrote: >> On Thu, 19 Jan 2006 18:37:44 +0000, Paul Howarth wrote: >> >> >>>Beartooth wrote: >> >> Gee, and I'd've sworn I saw some ballyhoo weeks and weeks ago to the >> effect that 1.5 was a big security fix. Worse, I *thought* what I read >> said it wasn't for once just another MS problem, but something *in* >> Firefox. Maybe I better go on avoiding it a while yet. What I have is >> 1.0.7. Thanks! [....] > If there is a real security issue with firefox 1.0.x (I don't know if > there is or not), I'd expect an FC4 update that either: > > (a) updated to a later version that fixed the problem, or (b) included a > backported fix in the existing version > > The choice between the two largely depends on what the impact of a > significant version upgrade would be on users/other applications that > depend on the package. If there are significant plugin incompatibilities > between firefox 1.0.x and 1.5.x then I'd expect the second option to be > chosen if possible. I've since gotten a CERT alert, available at http://www.us-cert.gov/cas/techalerts/TA04-261A.html and it still reads, to me, as if the problem is in (mozilla and) firefox, *not* in M$. Am I missing something, or is this infelicitous wording in the alert, or what? yum update firefox still doesn't get 1.5 -- i.e., 1.5 seems not to be on the repos .... -- Beartooth Oldfart, Neo-Redneck, Linux Convert FC4; Pine 4.64, Pan 0.14.2.91; Privoxy 3.0.3; Dillo 0.8.5, Opera 8.51, Firefox 1.0.7, Epiphany 1.6.5 Remember I have little idea what I am talking about.
