Jolla's browser is Firefox 38, really?

asked 2017-06-16 13:36:13 +0200

Raymond gravatar image

Is there any plan to update Jolla's browser because it is completely outdated and unsupported by Firefox?

The browser is really a modified version of Firefox 38 released on May 12, 2015. The current version is Firefox 54 (16 versions ahead).

It is important to UPDATE it for security reasons.

edit retag flag offensive close delete

Comments

4

I checked the release notes and did not find security issues being fixed in the browser since Os version 2.0. Question arises how often is the browser being patched for security issues? I don't mind it being old because it is much faster than later versions, if it the security patches are backported

alloj ( 2017-06-16 14:14:32 +0200 )edit
10

Technically it's Gecko 38 (the browser engine) with a Sailfish interface, not Firefox 38 (the browser).

nthn ( 2017-06-16 14:55:20 +0200 )edit
1

it would be quite easy to take security patches from still maintained firefoxOS (gecko 37 based). 16 versions is wrong because you have to count ESR versions only: 45esr and 52esr

lpr ( 2017-06-16 16:46:28 +0200 )edit

Yeah. It would be great to have a more modern version for SFOS (or official firefox) but jolla are small, Mozilla doesn't care, and the community hasn't stepped in to contribute to it.

ApB ( 2017-06-16 16:55:14 +0200 )edit

Well, the ESR versions have point releases which should include the security patches corresponding to the simultaneous normal channel release. So the security patches in Fx39 will be in 38.1esr (and 31.8)
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox39
Not all security patches will apply to gecko, and not all those will apply to SFOS. And those that apply may not be realistically exploitable on Jolla.
I suppose there are also security vulnerabilities in embedlite and the SFOS browser code, though I don't know if anyone is looking for them ;)

DaveRo ( 2017-06-16 18:30:33 +0200 )edit