← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

Prior to the Firefox 3.6 transition
-----------------------------------
Firefox et al:
firefox (3.6) and xulrunner-1.9.2 share codebase
firefox-3.5 and xulrunner-1.9.1 share codebase
firefox-3.1 and xulrunner-1.9.1 share codebase (old)
firefox-3.0 and xulrunner-1.9 share codebase
firefox (2.0) and xulrunner 1.8.1 share codebase
firefox (1.5) and xulrunner 1.8.0 share codebase

seamonkey (1.0) and xulrunner 1.8.0 share codebase
seamonkey (1.1) and xulrunner 1.8.1 share codebase
seamonkey (2.0) and xulrunner 1.9.1 share codebase

mozilla-thunderbird (1.5) and xulrunner 1.8.0 share codebase
thunderbird (2.0) and xulrunner 1.8.1 share codebase
thunderbird (3.0) and xulrunner 1.9.1 share codebase
thunderbird (3.1) and xulrunner 1.9.2 share codebase

iceweasel = rebranded firefox
iceape = rebranded seamonkey
icedove = rebranded thunderbird


After the Firefox 3.6 Transition
--------------------------------

firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
xulrunner-1.9.2: added in all releases from Hardy and later


Semonkey Transition
-------------------
Seamonkey also transitioned from 1.1.x to 2.0.x in Ubuntu 10.04 LTS - 9.10.


Thunderbird Transition
----------------------
Thunderbird will be transitioning from 3.0 to 3.1 on Ubuntu 10.04 LTS.


CVE Triage
----------
CVEs in Firefox are tracked in the xulrunner source packages for builds that
use the system xulrunner, and firefox source packages for those that use a
static build. active/00boilerplate.firefox is used to capture the source
package relationships when triaging CVEs for firefox (ie, you only need to
specify 'firefox' as the source package).

The following sources are currently ignored:
firefox: (ignored EOL) Ubuntu 6.06 LTS (static build)
xulrunner (1.8.0): (ignored EOL) firefox (1.5) - Ubuntu 6.06 LTS (system xul)
xulrunner (1.8.1): (ignored EOL) firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system
  xul)
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content,
  except for firefox-3.5 on Ubuntu 9.04.

The following sources are currently tracked:
xulrunner-1.9.2: system xul for reverese dependencies that process web content.
  This is now abandoned by upstream. Supported Ubuntu 10.04 LTS reverse
  dependencies do not process arbitrary webcontent.
firefox: Ubuntu 8.04 LTS and higher (static build of 3.6.x or higher)

Additionally, the following share a common codebase and are affected by the
same CVE often enough that they warrant being part of the firefox boilerplate:
seamonkey
thunkerbird