>> On Apr 24, 2016 20:32, "ToddAndMargo" <[log in to unmask]
>> <mailto:[log in to unmask]>> wrote:
>>
>>     Hi All,
>>
>>     Seems like SL7 is not keeping up with Firefox and Thunderbird
>>     updates anymore.  EL Linux is suppose to keep up with security updates
>>     but Red Hat obviously picks and chooses: Firefox and Thunderbird
>>     are typically left unpatched.
>>
>>     Is there some repo out there for Firefox and Thunderbird to
>>     fills the gap?  Or, should I go back to using the binaries
>>     from releases.mozilla.org <http://releases.mozilla.org>?
>>
>>     Many thanks,
>>     -T

On 04/24/2016 07:13 PM, Stephen John Smoogen wrote:
> Why do you think they are unpatched? The Firefox and Thunderbird are
> based off the upstream extended release cycle versions and not the
> latest type. So the security fixes which are in ESR are there but new
> features are not. If you need new features then you will need to work
> from the upstream tar balls

Hi Steven,

That is just wishful thinking.  As vulnerabilities are discovered
they are not added to the ESR, or if the are, we don't see them.
Have you seen a single update come through to the current ESR?
It is set and forget.  EL picks and chooses what they will keep
up to date.  Firefox and Thunderbird ain't one of them.

Do you know of a repo that does keep Firefox and Thunderbird
up to date?  Or am I stuck with the binaries?

-T