Opened 22 months ago
Closed 22 months ago
#16708 closed enhancement (fixed)
firefox-102.0esr
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The first of the new esr series is now available.
Change History (5)
comment:1 by , 22 months ago
comment:2 by , 22 months ago
The profile business is slightly more complicated - on a different system I ran 'firefox --version' on an (older) desktop and that too was enough to cause problems with the profile.
comment:3 by , 22 months ago
Release notes now available.
Security advisories: for 91.11.0 https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/ and for 102.0 https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/.
The following high severity CVEs apply to both: CVE-2022-34468, CVE-2022-34470, CVE-2022-34479, CVE-2022-34484 as do the following which mozlla rate as moderate (might be medium, might be high): CVE-2022-2200, CVE-2022-34481, CVE-2022-34472. 91.11.0 also fixes CVE-2022-31744 which again they rate as moderate. 102.0 fixes several other CVEs (compared to 101.0) including further memory corruption issues in CVE-2022-3485 which for some reason they have rated as moderate instead of their normal high.
Specific release notes for 102esr are at https://support.mozilla.org/en-US/kb/firefox-enterprise-102-release-notes.
For the short term, it is possible to update to 91.11.0 using previous dependencies (rather than updating cbindgen,icu and rust from versions which were adequate for previous 91 versions). If doing that, the patch for gcc-12 is not needed.
The profile, and therefore your saved bookmarks and logins, will be updated automatically.
However, if you share /home across multiple LFS instances (in my case, some past releases) and then go to a not-updated system before killing firefox (so that the desktop will restore it), even on a system with multiple profiles the "launcher" to select the profile is enough to trash the updated profile. Specifically, a popup warns "Using an older version of Firefox can corrupt bookmarks and browsing history already saved to an existing Firefox profile. To protect your information, create a new profile for this installation of Firefox."
At that point I quit and rebooted to the updated system. But there the launcher gave me a slightly different message saying I had already booted an earlier version of firefox and need to create a new profile.
I restored all of ~/.mozilla from a backup a few hours before the update, profile on this system has again been updated automatically for 102.0esr and retains my settings.
Unrelated to this, a reminder that rust >= 1.59.0 is now required.