http://portaudit.FreeBSD.org/49e8f2e...0843d3802.html says the following firefox versions are affected:
Quote:
firefox <3.*,1
firefox >3.*,1 <3.0.13,1
firefox >3.5.*,1 <3.5.2,1
linux-firefox <3.*,1
linux-firefox >3.*,1 <3.0.13,1
linux-firefox >3.5.*,1 <3.5.2,1
linux-firefox-devel <3.5.2
|
I looked at the firefox website, and as far as I could see I could not find anything about firefox 2. It would seem firefox 2 is EOL and a fix might never be released.
If you want to use the firefox browser, then there are two options:
1) Use firefox 3.0 or 3.5 (www/firefox3, www/firefox35)
2) Ignore the security problem and install firefox anyway by defining the DISABLE_VULNERABILITIES variable. Be sure to read and
understand the issue and the impact it may have, if you do not, I would highly recommend using option 1.
Quote:
Yes I did update my ports tree.but to no effect,but what did work was to add xulrunner to USE_GECKO+= in Epiphany makefile.
Not sure if that is the right way to go but Epiphany updated no problem.
Assuming that is the right way to go,is there a code that would cover all ports that depend on Firefox2 and its vulnerabilities rather than change each makefile for the relevant port.
|
Hm, it does look like ports still want www/firefox instead of www/firefox30 or www/firefox35.
You can set WITH_GECKO in /etc/make.conf to specify a system-wide preference.
Acceptable values are:
firefox nvu seamonkey thunderbird xulrunner flock mozilla libxul
All of them are ports which live in www/.