View Single Post
  #4   (View Single Post)  
Old 18th August 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

http://portaudit.FreeBSD.org/49e8f2e...0843d3802.html says the following firefox versions are affected:
Quote:
firefox <3.*,1
firefox >3.*,1 <3.0.13,1
firefox >3.5.*,1 <3.5.2,1
linux-firefox <3.*,1
linux-firefox >3.*,1 <3.0.13,1
linux-firefox >3.5.*,1 <3.5.2,1
linux-firefox-devel <3.5.2
I looked at the firefox website, and as far as I could see I could not find anything about firefox 2. It would seem firefox 2 is EOL and a fix might never be released.

If you want to use the firefox browser, then there are two options:
1) Use firefox 3.0 or 3.5 (www/firefox3, www/firefox35)
2) Ignore the security problem and install firefox anyway by defining the DISABLE_VULNERABILITIES variable. Be sure to read and understand the issue and the impact it may have, if you do not, I would highly recommend using option 1.

Quote:
Yes I did update my ports tree.but to no effect,but what did work was to add xulrunner to USE_GECKO+= in Epiphany makefile.
Not sure if that is the right way to go but Epiphany updated no problem.
Assuming that is the right way to go,is there a code that would cover all ports that depend on Firefox2 and its vulnerabilities rather than change each makefile for the relevant port.
Hm, it does look like ports still want www/firefox instead of www/firefox30 or www/firefox35.
You can set WITH_GECKO in /etc/make.conf to specify a system-wide preference.
Acceptable values are:
firefox nvu seamonkey thunderbird xulrunner flock mozilla libxul

All of them are ports which live in www/.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote