On 03/16/2012 04:29 AM, Yasha Karant wrote:
> <snip>
>
> Thus, back to my point, that may need to be addressed by either the SL 
> developers at Fermilab/CERN or, in principle, by TUV:  if one does not 
> use the Mozilla production release, but instead uses the SL RPM that 
> typically has a much lower Mozilla release number, are the security 
> issues identified by Mozilla, and posted to the URL I listed 
> http://www.mozilla.org/security/known-vulnerabilities/firefox.html
> and related Mozilla security URL lists for other Mozilla application, 
> actually addressed by the SL RPMs of the Mozilla suite?
>
> <snip>

The specfile within the RPM suggests that the code for 
Firefox/Thunderbird 10+ is being taken from Mozilla with almost zero 
modification.

7 patches applied by TUV, totaling 224 lines, patches were blindly 
counted with wc -l

changelog:
* Tue Mar 06 2012 Martin Stransky <[log in to unmask]> - 10.0.3-1
- Update to 10.0.3 ESR
* Thu Feb 09 2012 Jan Horak <[log in to unmask]> - 10.0.1-1
- Update to 10.0.1 ESR
* Tue Feb 07 2012 Martin Stransky <[log in to unmask]> - 10.0-3
- Update to 10.0 ESR
* Mon Jan 30 2012 Martin Stransky <[log in to unmask]> - 10.0-1
- Update to 10.0

-- 
Pat Riehecky
Scientific Linux Developer