Mark Rae illuminated alt.os.linux.ubuntu by typing:
> Hi,
>
> Ubuntu newbie here...
>
> I'm running Ubuntu (not Kubuntu) 7.04 which I downloaded from here:
> http://www.ubuntu.com/getubuntu/download - Ubuntu 7.04 Desktop, standard
> personal computer, then chose the nearest location...
>
> So I've got FireFox for Web browsing and Nautilus for file management.
>
> The version of FireFox currently installed is 2.0.0.6 - however, I notice
> that 2.0.0.7 is available.
>
> But when I run the Update manager, it tells me that my system is up to date.
>
> Obviously, I can go to the Mozilla site and download FireFox 2.0.0.7 and
> install it separately, but is that the correct approach...? Doing that
> appears to install a completely separate copy of FireFox, just as if I'd
> downloaded and installed Opera or SeaMonkey or whatever...
>
> Is there a way to tell Ubuntu to update its "built-in" (or whatever the
> correct term is) installation of FireFox?
>
> Any assistance gratefully received.
>
> Mark

Hi Mark,

What I would suggest is leaving it at the current Ubuntu version
number.
Once the Ubuntu team have fully checked the code and specifically supported
it, then it will appear. The Ubuntu software repositories are superb,
and I would strongly recommend not attempting to install outside of
the repository system unless it's absolutely necessary.

What do you get with the new Firefox? I don't think you get very much
more to be honest, so the benefit of putting the time and effort in of
getting the latest version is either minimal or none-existant.
Especially considering that it's likely to appear before long.

--
Moog

"Some mornings it just doesn't seem worth it to gnaw through the
leather straps."

> What do you get with the new Firefox? I don't think you get very much
> more to be honest, so the benefit of putting the time and effort in of
> getting the latest version is either minimal or none-existant.
> Especially considering that it's likely to appear before long.

From a Windows point of view, i've noticed what I think might be a fix
to the problem where an app could launch various things - as i've
started to see an "error" message saying things like Mailwasher can't
launch the browser, even though the link opens fine (I think it's just
interpreting the "input" to the browser differently)

Moog wrote:
> What do you get with the new Firefox? I don't think you get very much
> more to be honest

Ya, except for a fix to this critical vulnerability:

Fixed in Firefox 2.0.0.7
MFSA 2007-28 Code execution via QuickTime Media-link files
(Critical: Vulnerability can be used to run attacker code and install
software,
requiring no user interaction beyond normal browsing.)

--
As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours;
and this we should do freely and generously.
--Benjamin Franklin

"johnny bobby bee" wrote in message
news:Nb2Li.95921$Pd4.38508@edtnps82...

> Moog wrote:
>> What do you get with the new Firefox? I don't think you get very much
>> more to be honest
>
> Ya, except for a fix to this critical vulnerability:
>
> Fixed in Firefox 2.0.0.7
> MFSA 2007-28 Code execution via QuickTime Media-link files
> (Critical: Vulnerability can be used to run attacker code and install
> software,
> requiring no user interaction beyond normal browsing.)

Thanks to everyone who replied.

So what's the "accepted wisdom", then...?

Should I just wait for Ubuntu to update FireFox itself as and when it thinks
it needs to, or should I try to patch it myself somehow...?

Mark Rae wrote:
> Hi,
>
> Ubuntu newbie here...
>
> I'm running Ubuntu (not Kubuntu) 7.04 which I downloaded from here:
> http://www.ubuntu.com/getubuntu/download - Ubuntu 7.04 Desktop, standard
> personal computer, then chose the nearest location...
>
> So I've got FireFox for Web browsing and Nautilus for file management.
>
> The version of FireFox currently installed is 2.0.0.6 - however, I
> notice that 2.0.0.7 is available.
>
> But when I run the Update manager, it tells me that my system is up to
> date.
>
> Obviously, I can go to the Mozilla site and download FireFox 2.0.0.7 and
> install it separately, but is that the correct approach...? Doing that
> appears to install a completely separate copy of FireFox, just as if I'd
> downloaded and installed Opera or SeaMonkey or whatever...
>
> Is there a way to tell Ubuntu to update its "built-in" (or whatever the
> correct term is) installation of FireFox?
>
> Any assistance gratefully received.
>
> Mark
google ubuntuzilla if you want to keep FF and TB up-to-date

On Fri, 28 Sep 2007 08:11:28 +0000, Mark Rae wrote:

> "johnny bobby bee" wrote in message
> news:Nb2Li.95921$Pd4.38508@edtnps82...
>
>> Moog wrote:
>>> What do you get with the new Firefox? I don't think you get very much
>>> more to be honest
>>
>> Ya, except for a fix to this critical vulnerability:
>>
>> Fixed in Firefox 2.0.0.7
>> MFSA 2007-28 Code execution via QuickTime Media-link files
>> (Critical: Vulnerability can be used to run attacker code and install
>> software,
>> requiring no user interaction beyond normal browsing.)
>
> Thanks to everyone who replied.
>
> So what's the "accepted wisdom", then...?
>
> Should I just wait for Ubuntu to update FireFox itself as and when it thinks
> it needs to, or should I try to patch it myself somehow...?

Accepted wisdom for a package-dependency-managed distro like Ubuntu is to
trust the maintainers and wait for their updates (or possibly backports)
to come through. That way you don't eventually end up with an
unmanageable system, or one where updates break other stuff. (Same
applies for Fedora, Mandriva, OpenSuse, and others.)

If you want to manage things yourself and always have the very latest
(assuming that you can keep track of everything :-) then you should
consider using Slackware and doing everything by hand, or switch to Debian
Sid and learn to use Aptitude with a lot of judgement and a certain amount
of pinning.

johnny bobby bee illuminated alt.os.linux.ubuntu by typing:
> Moog wrote:
>> What do you get with the new Firefox? I don't think you get very much
>> more to be honest
>
> Ya, except for a fix to this critical vulnerability:
>
> Fixed in Firefox 2.0.0.7
> MFSA 2007-28 Code execution via QuickTime Media-link files
> (Critical: Vulnerability can be used to run attacker code and install
> software,
> requiring no user interaction beyond normal browsing.)

Hmmmm...

Well, critical vulnerability's are a problem. But....I cannot remember
the last time I viewed a quicktime media-link.

Not a showstopper here.

--
Moog

"Some mornings it just doesn't seem worth it to gnaw through the
leather straps."

On Fri, 28 Sep 2007 08:11:28 GMT, Mark Rae wrote:

> Should I just wait for Ubuntu to update FireFox itself as and when
> it thinks it needs to, or should I try to patch it myself
> somehow...?

If in doubt, and you can't find a solid reason no to, sit on your
hands.

--
Chris Game

Mark Rae wrote:
> So what's the "accepted wisdom", then...?
>
> Should I just wait for Ubuntu to update FireFox itself as and when it thinks
> it needs to, or should I try to patch it myself somehow...?

This vulnerability is very unlikely to affect Linux, so, stay put; wait
for the developers. If it were serious, it'd be patched by now. But you
can use both if you want, just download it from mozilla.com. It's simple
to install and update. Just remember when you get automatic updates from
Ubuntu, it won't include your (second version) firefox.

--
As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours;
and this we should do freely and generously.
--Benjamin Franklin

Moog wrote:
> Well, critical vulnerability's are a problem. But....I cannot remember
> the last time I viewed a quicktime media-link.

Any small XML file that contains the URL of a movie (.mov) could be a
quicktime media-link. Any trailer on apple.com, any .mov file.

> Not a showstopper here.

Nor here; just pointing out the critical patch missing in Ubuntu. Highly
unlikely this would effect (infect) Linux, anyway.

--
As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours;
and this we should do freely and generously.
--Benjamin Franklin

Mark Rae wrote:
> "johnny bobby bee" wrote in message
> news:Nb2Li.95921$Pd4.38508@edtnps82...
>
>> Moog wrote:
>>> What do you get with the new Firefox? I don't think you get very much
>>> more to be honest
>>
>> Ya, except for a fix to this critical vulnerability:
>>
>> Fixed in Firefox 2.0.0.7
>> MFSA 2007-28 Code execution via QuickTime Media-link files
>> (Critical: Vulnerability can be used to run attacker code and install
>> software,
>> requiring no user interaction beyond normal browsing.)
>
> Thanks to everyone who replied.
>
> So what's the "accepted wisdom", then...?
>
> Should I just wait for Ubuntu to update FireFox itself as and when it
> thinks it needs to, or should I try to patch it myself somehow...?


I think that depends on what you think your capabilities are.
caver1

On Fri, 28 Sep 2007 10:09:40 +0100, Chris Game wrote:

> On Fri, 28 Sep 2007 08:11:28 GMT, Mark Rae wrote:
>
>> Should I just wait for Ubuntu to update FireFox itself as and when
>> it thinks it needs to, or should I try to patch it myself
>> somehow...?
>
> If in doubt, and you can't find a solid reason not to, sit on your
> hands.

Of course, that's good advice in large swathes of life, well beyond just
updating your installation!

Moog wrote in news:5m3g43Fbka2oU2@mid.individual.net:

> What do you get with the new Firefox?

The only reason for 2.0.0.7 was a patch for people viewing videos over the
web using Apple Quicktime.

--
A: Because it disturbs the logical flow of the message.
Q: Why is top posting frowned upon?

"Mark South" wrote in message
news:46fcc30c$1_7@news.bluewin.ch...

> Accepted wisdom for a package-dependency-managed distro like Ubuntu is to
> trust the maintainers and wait for their updates (or possibly backports)
> to come through. That way you don't eventually end up with an
> unmanageable system, or one where updates break other stuff. (Same
> applies for Fedora, Mandriva, OpenSuse, and others.)

Understood. Thanks to everyone.

Mark Rae wrote:
> "johnny bobby bee" wrote in message
> news:Nb2Li.95921$Pd4.38508@edtnps82...
>
>> Moog wrote:
>>> What do you get with the new Firefox? I don't think you get very much
>>> more to be honest
>>
>> Ya, except for a fix to this critical vulnerability:
>>
>> Fixed in Firefox 2.0.0.7
>> MFSA 2007-28 Code execution via QuickTime Media-link files
>> (Critical: Vulnerability can be used to run attacker code and install
>> software,
>> requiring no user interaction beyond normal browsing.)
>
> Thanks to everyone who replied.
>
> So what's the "accepted wisdom", then...?
>
> Should I just wait for Ubuntu to update FireFox itself as and when it
> thinks it needs to, or should I try to patch it myself somehow...?


My wisdom is to stick with the Update Manager (Synaptic and its "KDE
equivalent" -- there goes the memory again ). This will provide
you with a stable system.

If you enjoy trying the latest and greatest cutting edge stuff, then do
whatever you desire. You may lose a lot, but you will at the same time
gain a lot of knowledge.


--
John

No Microsoft products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

Mark South wrote:
> On Fri, 28 Sep 2007 08:11:28 +0000, Mark Rae wrote:
>
>
>> "johnny bobby bee" wrote in message
>> news:Nb2Li.95921$Pd4.38508@edtnps82...
>>
>>
>>> Moog wrote:
>>>
>>>> What do you get with the new Firefox? I don't think you get very much
>>>> more to be honest
>>>>
>>> Ya, except for a fix to this critical vulnerability:
>>>
>>> Fixed in Firefox 2.0.0.7
>>> MFSA 2007-28 Code execution via QuickTime Media-link files
>>> (Critical: Vulnerability can be used to run attacker code and install
>>> software,
>>> requiring no user interaction beyond normal browsing.)
>>>
>> Thanks to everyone who replied.
>>
>> So what's the "accepted wisdom", then...?
>>
>> Should I just wait for Ubuntu to update FireFox itself as and when it thinks
>> it needs to, or should I try to patch it myself somehow...?
>>
>
> Accepted wisdom for a package-dependency-managed distro like Ubuntu is to
> trust the maintainers and wait for their updates (or possibly backports)
> to come through. That way you don't eventually end up with an
> unmanageable system, or one where updates break other stuff. (Same
> applies for Fedora, Mandriva, OpenSuse, and others.)
>
> If you want to manage things yourself and always have the very latest
> (assuming that you can keep track of everything :-) then you should
> consider using Slackware and doing everything by hand, or switch to Debian
> Sid and learn to use Aptitude with a lot of judgement and a certain amount
> of pinning.
>


I've learned that the latest and greatest usually brings on higher auto
and homeowners insurance premiums.

Additionally, everybody tries to steal from you, which includes the Tax Man.

Nobody is gonna try and steal my Pentium 200 with MMX Technology. ;-)


--
John

No Microsoft products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

Mark Rae illuminated alt.os.linux.ubuntu by typing:

> Should I just wait for Ubuntu to update FireFox itself as and when it thinks
> it needs to, or should I try to patch it myself somehow...?

A categorical *wait* from me.

--
Moog

"Some mornings it just doesn't seem worth it to gnaw through the
leather straps."

johnny bobby bee illuminated alt.os.linux.ubuntu by typing:
> Moog wrote:
>> Well, critical vulnerability's are a problem. But....I cannot remember
>> the last time I viewed a quicktime media-link.
>
> Any small XML file that contains the URL of a movie (.mov) could be a
> quicktime media-link. Any trailer on apple.com, any .mov file.

Quite. And like I said, I cannot remember the last time I viewed one.

>> Not a showstopper here.
>
> Nor here; just pointing out the critical patch missing in Ubuntu. Highly
> unlikely this would effect (infect) Linux, anyway.

That's quite correct.

--
Moog

"Some mornings it just doesn't seem worth it to gnaw through the
leather straps."

On Fri, 28 Sep 2007 21:20:58 +0000, John F. Morse wrote:

Hi John :-)

> Mark South wrote:
>> On Fri, 28 Sep 2007 08:11:28 +0000, Mark Rae wrote:
>>
>>
>>> "johnny bobby bee" wrote in message
>>> news:Nb2Li.95921$Pd4.38508@edtnps82...
>>>
>>>
>>>> Moog wrote:
>>>>
>>>>> What do you get with the new Firefox? I don't think you get very much
>>>>> more to be honest
>>>>>
>>>> Ya, except for a fix to this critical vulnerability:
>>>>
>>>> Fixed in Firefox 2.0.0.7
>>>> MFSA 2007-28 Code execution via QuickTime Media-link files
>>>> (Critical: Vulnerability can be used to run attacker code and install
>>>> software,
>>>> requiring no user interaction beyond normal browsing.)
>>>>
>>> Thanks to everyone who replied.
>>>
>>> So what's the "accepted wisdom", then...?
>>>
>>> Should I just wait for Ubuntu to update FireFox itself as and when it thinks
>>> it needs to, or should I try to patch it myself somehow...?
>>>
>> Accepted wisdom for a package-dependency-managed distro like Ubuntu is to
>> trust the maintainers and wait for their updates (or possibly backports)
>> to come through. That way you don't eventually end up with an
>> unmanageable system, or one where updates break other stuff. (Same
>> applies for Fedora, Mandriva, OpenSuse, and others.)
>>
>> If you want to manage things yourself and always have the very latest
>> (assuming that you can keep track of everything :-) then you should
>> consider using Slackware and doing everything by hand, or switch to Debian
>> Sid and learn to use Aptitude with a lot of judgement and a certain amount
>> of pinning.
>
> I've learned that the latest and greatest usually brings on higher auto
> and homeowners insurance premiums.

Indeed. My own personal mission-critical machines are running Debian Etch
and Ubuntu 6.06 LTS for this reason. Everything works and I have them set
up exactly as I need them.

While liking new toys as much as the next guy, I can't quite understand
the mentality of "I my existing system can no longer be considered
functional since the latest alpha of a new version was released".

> Additionally, everybody tries to steal from you, which includes the Tax
> Man.

Bad news: nothing stops the Tax Man from stealing from you.

(OT: see Randolph Stow's Captain Midnite for the simplest explanation of
taxes ever.)

> Nobody is gonna try and steal my Pentium 200 with MMX Technology. ;-)

I have done, and still sometimes do, productive work on machines for which
200 MHz is an impossible dream :-)