Package: firefox-esr Version: 128.7.0esr-1 Severity: serious Tags: upstream security Justification: Policy 2.1 X-Debbugs-Cc: a...@kernel.org, Debian Security Team <t...@security.debian.org>
Dear Maintainer, As you may know from recent news <https://lwn.net/Articles/1012430/>, Mozilla has gone evil. The new Terms of Use, from what I can see, are in violation of the DFSG points 5 and 6: 5) No discrimination against persons or groups Rationale: The terms of use grant Mozilla the right to terminate anyone's access: Mozilla can suspend or end anyone’s access to Firefox at any time for any reason <https://www.mozilla.org/en-US/about/legal/terms/firefox/#mozilla-can-update-or-terminate-this-agreement> 6) No discrimination against fields of endeavor Rationale: The terms of use don't allow you to use Firefox to break the law. While this seems a reasonable term, it wouldn't be so reasonable for a disident in an oppressive country. you agree that you will not use Firefox to [...] violate any applicable laws or regulations. <https://www.mozilla.org/en-US/about/legal/terms/firefox/#you-are-responsible-for-the-consequences-of-your-use-of-firefox> While not exactly this case, see also: <https://wiki.debian.org/DissidentTest>. Apart from these violations of the DFSG, Firefox has now permission to leak user data to Mozilla, and who knows who else they decide to sell it later. This is a security bug. You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to [...] <https://www.mozilla.org/en-US/about/legal/terms/firefox/#you-give-mozilla-certain-rights-and-permissions> * What led up to the situation? Mozilla's greedyness? Please consider packaging a fork of Firefox that doesn't have these violations of Debian's Policy and the security and privacy bugs. Have a lovely day! Alex -- Package-specific info: -- Addons package information -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.12.16-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox-esr depends on: ii debianutils 5.21 ii fontconfig 2.15.0-2 ii libasound2t64 1.2.13-1+b1 ii libatk1.0-0t64 2.55.2-1 ii libc6 2.40-7 ii libcairo-gobject2 1.18.2-2 ii libcairo2 1.18.2-2 ii libdbus-1-3 1.16.0-1 ii libevent-2.1-7t64 2.1.12-stable-10+b1 ii libffi8 3.4.7-1 ii libfontconfig1 2.15.0-2 ii libfreetype6 2.13.3+dfsg-1 ii libgcc-s1 14.2.0-17 ii libgdk-pixbuf-2.0-0 2.42.12+dfsg-2 ii libglib2.0-0t64 2.83.4-1 ii libgtk-3-0t64 3.24.48-4 ii libnspr4 2:4.36-1 ii libnss3 2:3.108-1 ii libpango-1.0-0 1.56.1-1 ii libstdc++6 14.2.0-17 ii libvpx9 1.15.0-2 ii libx11-6 2:1.8.10-2 ii libx11-xcb1 2:1.8.10-2 ii libxcb-shm0 1.17.0-2+b1 ii libxcb1 1.17.0-2+b1 ii libxcomposite1 1:0.4.6-1 ii libxdamage1 1:1.1.6-1+b2 ii libxext6 2:1.3.4-1+b3 ii libxfixes3 1:6.0.0-2+b4 ii libxrandr2 2:1.5.4-1+b3 ii procps 2:4.0.4-7 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages firefox-esr recommends: ii libavcodec61 7:7.1-4 Versions of packages firefox-esr suggests: ii fonts-lmodern 2.005-1 ii fonts-stix [otf-stix] 1.1.1-5 ii libcanberra0 0.30-17+b1 ii libgssapi-krb5-2 1.21.3-4 ii pulseaudio 17.0+dfsg1-2 -- no debconf information
