Seth writes, "running a known-insecure webbrowser is probably a bad idea."
Agreed. Except I would say "definitely". It's important that Ubuntu gets some sort of a fix soon. I've already seen a person asking on a forum how to downgrade and being told to install a third party package by hand. This is no better, and possibly worse from a security perspective. Seth also writes, "None of the upgrade tools are in a position to check architecture features before installing a package. There may not be a happy solution here." Again, I agree, the solutions I'm coming up with are not particularly happy. However, a solution is needed. In the short term, switching to ESR (as mentioned above) would let Firefox work on all supported architectures and have security updates. For the long term, well, I don't want to clutter up this bug — which is about an urgent problem needing an immediate solution — so I've filed Bug 1698501. I'll continue my response there. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1697800 Title: [regression] firefox dies with SIGILL on machines without SSE2 Status in firefox package in Ubuntu: New Bug description: I'm running Ubuntu 16.04 on an old laptop. Firefox used to work on fine until I did an 'apt upgrade'. Worked: 50.1.0+build2-0ubuntu0.16.04.1 Fails: 53.0.3+build1-0ubuntu0.16.04.2 The bug was a little tricky to track down since AppArmor was killing firefox. I believe the AppArmor error is irrelevant for this bug report, but I mention it for completeness (and so other people can google for this problem): "/usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied" I disabled AppArmor (aa-disable '/usr/lib/firefox/firefox{,*[^s][^h]}') and now Firefox dies like so: ExceptionHandler::GenerateDump cloned child 14258 ExceptionHandler::SendContinueSignalToChild sent continue signal to child ExceptionHandler::WaitForContinueSignal waiting for continue signal... Failed to open curl lib from binary, use libcurl.so instead Using gdb to figure it out, I see that the process is getting SIGILL (Illegal Instruction). To figure out exactly which instruction is the problem, I ran gdb as follows: $ gdb /usr/lib/firefox/firefox GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1 [...] Reading symbols from /usr/lib/firefox/firefox...(no debugging symbols found)...done. (gdb) set disassemble-next-line on (gdb) run Starting program: /usr/lib/firefox/firefox [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". [New Thread 0xb15c4b40 (LWP 14296)] [Thread 0xb15c4b40 (LWP 14296) exited] warning: Corrupted shared library list: 0xb794cc00 != 0xb794b800 [...] Thread 1 "firefox" received signal SIGILL, Illegal instruction. 0x4b9f826c in ?? () => 0x4b9f826c: f2 0f 11 74 24 30 movsd %xmm6,0x30(%esp) MOVSD is an SSE2 instruction, which my machine does not support. $ grep flags /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pse36 mmx fxsr sse I had been under the impression that firefox is supposed to only use SSE2 if it is available. Is that not correct? It certainly used to work. Perhaps there is something wrong in how Ubuntu is building the binary. [Side note: There are actually two "movsd" instructions for the Intel x86 architecture. The original one (Move String, opcode A5) is supported by everything back to the 80386, but this one (Move Scalar, opcode F2 0F 11) requires SSE2. Maybe that is the source of the confusion.] Thank you. $ lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 $ apt-cache policy firefox firefox: Installed: 53.0.3+build1-0ubuntu0.16.04.2 Candidate: 53.0.3+build1-0ubuntu0.16.04.2 Version table: *** 53.0.3+build1-0ubuntu0.16.04.2 500 500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages 100 /var/lib/dpkg/status 45.0.2+build1-0ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1697800/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
