On 2016-04-12 at 09:09, Harris Paltrowitz wrote: > Hey all, > > Recently when I started using Debian I noticed that the version of > Iceweasel that Jessie comes with is 38.7.1, whereas the latest > Firefox is 45. I also noticed that when I visit www.citibank.com > using Iceweasel 38.7.1 the Citibank website tells me that my browser > is out of date and not supported, and that "for a better online > banking experience" I should update my browser. However, this > appears to be just a warning as the site appears to allow me to log > in to my account, although I haven't tried this yet as I'm still > trying to determine whether Iceweasel 38.7.1 is secure enough for > online banking... or whether I'm just being too paranoid! > > The Firefox website says that Firefox 38.7.1 is an ESR release (in > fact it was evidently just released on 3/16/16); I therefore assume > that security updates will be continuously provided for it until it > reaches end of life, after which I would move to the next browser > version that Debian officially supports. > > Is it therefore safe to assume that Iceweasel 38.7.1 will be > receiving all relevant/important security updates, which should > therefore make me feel comfortable using it for online banking?
Firefox 38 is an ESR release version of Firefox, which receives security-update releases (once every six weeks, plus emergency micro-version bumps when an urgent oh-shit-this-is-bad fix-it-now problem is discovered). 38.7.1 is the _last_ update to the ESR 38 line; unless something leads Mozilla to break from their longstanding established practice, there will be no more 38.x releases. ESR 45 has already been released, and in fact is up to (as of sometime today) 45.0.2 after two of those oh-shit-fix-it-now releases. For the last year or two, Debian has been tracking the ESR directly, so the next Iceweasel/Firefox package update(s) will involve transitioning from the 38ESR line to the 45ESR line. Exactly when those updates will hit I don't know; I don't monitor the correct forums to be in the loop on that planning. That said, I'm still using 38.7.1 myself, and until Firefox 46 is released (at the same time as Firefox ESR 45.1.0, six weeks after the release of 38.7.0 and 45) it should still be safe enough. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
