Hi,
I use multiple linux distros, and I recently made the plunge to install CentOS. I must say that I'm really impressed with the speed and low resource usage that CentOS provides.
It's actually really hard not to like CentOS, after all it has rock-solid proven stability from RHEL.
One thing however is kind of bugging me. I use my browser quite a bit, and I notice that my Firefox version on CentOS is ESR 67.7.0 which was released on May 21, 2019.
What's concerning me is the amount of CVE's that have recently been patched by Mozilla, and that the latest ESR version is now 60.7.2.
Security vulnerabilities fixed in Firefox ESR 60.7.1 (Version 60.7.1, first offered to ESR channel users on June 18, 2019)
Security vulnerabilities fixed in Firefox ESR 60.7.2 (Version 60.7.2, first offered to ESR channel users on June 20, 2019)
Obviously I understand how Extended Support Releases work. But shouldn't you be patching incrementally to help protect CentOS users from potentially serious CVE browser exploits.
It's kind of made me to not want to use CentOS until my browser has been patched. Because even I know about the current Common Vulnerabilities and Exposures that are also publicly known, and that they are surely being exploited out in the wild.
Do you have any plans to address/patch this issue anytime soon?
As It's almost July, and I think that this is a pretty serious security concern.
Regards.
CentOS & Firefox Security
CentOS & Firefox Security
Last edited by wref on 2019/07/01 00:27:40, edited 5 times in total.
Re: CentOS & Firefox Security
60.7.2 wasn't released for RHEL until the 25th and was pushed for CentOS 6 on the 26th. Last I saw was that the CentOS 7 version was still in testing, not sure where it got to.
https://access.redhat.com/errata/RHSA-2019:1603
https://access.redhat.com/errata/RHSA-2019:1603
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CentOS & Firefox Security
Firstly, many thanks for the swift reply.
Secondly, It would appear that this update patch is already in the pipeline, and that's fantastic news.
Thank you.
Secondly, It would appear that this update patch is already in the pipeline, and that's fantastic news.
Thank you.
Re: CentOS & Firefox Security
I chased the CentOS 7 updates and they've just been pushed to the mirror network now. It'll take a while to replicate to the rest of the mirror network but should be there soon. Use yum clean all to force yum to re-fetch metadata about available updates or it'll cache for up to 6 hours (default value).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CentOS & Firefox Security
Brilliant...I've now got that Firefox update patch.
Great quick support here at CentOS, and thank you very much once again.
Great quick support here at CentOS, and thank you very much once again.