On Fri, 2 Jul 2010, Przemysław Pawełczyk wrote:

> On Fri, 02 Jul 2010 08:52:39 -0500
> Troy Dawson <[log in to unmask]> wrote:
>
> (...)
>>> After running then closing FF 4.0beta, and starting 3.6.4 (SL 5.5.
>>> current), the FF checks for expansions (correct) but it detects too
>>> that I'm using unsafe version and suggests to install 3.6.6.
>>>
>>> How it is with the versionning in SL?
>>>
>>
>> It isn't really the versioning, it is the configurations.
>> By default, the firefox that comes from SL (or RHEL) does not check
>> to see if it is the latest firefox.
>
> Thank you, I nearly forgot about this option but my question went a
> little deeper. Is the SL FF 3.6-8 the same as general FF 3.6.4 or 3.6.6
> (newest)?
>
> "About" FF says: Red Hat/3.6-8.el5 Firefox/3.6.4
> so - is the version safe (the -8 suffix) or should I (we) ask for
> 3.6.6 SL package (3.6-9.el5....?) as Mozilla (parent company) presses
> for the changes in FF use due to safety issues?

The Mozilla Firefox security page
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
suggests that there is no security advantage in going from
firefox 3.6.4 to firefox 3.6.6
(although there could theoretically be fixes in 3.6.6 that Mozilla
are not ready to publicise).

I suspect that the update page just says to use the latest version
because it notice that you don't have it.
I would not assume from that page that you are without some
available security fixes.

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna