> Subject: Security ERRATA Moderate: firefox on SL7.x x86_64
>> This update upgrades Firefox to version 60.2.1 ESR.
>>...
>>  Mozilla: Setting a master password post-Firefox 58 does not delete
>>unencrypted previously stored passwords (CVE-2018-12383)

On 10/01/2018 11:01 AM, Keith Lofstrom wrote:
> This "security fix" wiped out ALL my 130+ saved logins.

On Mon, Oct 01, 2018 at 11:05:05AM -0500, O'Neal, Miles wrote:
> I switched to Chrome a while back.  ...

I'm running ancient 32 bit SL6.10 on the laptops, which
will get upgraded to SL 7.3 Real Soon Now.  Then I will
upgrade myself to Chromium, preferred over Chrome because
complete source is available.
 
Meanwhile, I restored 60.2.0.esr firefox from a September
25 backup to a test laptop, and the .mozilla user files.
It's a bit annoying that I must do both.  DELETING user
files with an update?  That's barbaric.  Nyet Kulturni.

I added "firefox" to the /etc/sysconfig/yum-autoupdate
exclusions list.  We'll see how that goes.

I would be hosed without backups.  I thought I needed
backups for security and for my bonehead mistakes, not
for protection from mozilla bonehead programmer mistakes.

Ah well.  Linus Torvalds recently promised to be nicer to
Linux developers in the future.  If that works out, I'll
try to be nicer as well.  If not, I still have backups.
Sit here, behind this rear tire ... :-)

Keith

-- 
Keith Lofstrom          [log in to unmask]