But, looking at the release notes for 38.7.1, it says; "Disabled Graphite font shaping library". Given all the warnings I've seen concerning graphite, this sounds security related, although not an FF flaw per se.
Also, "Loading from history can show the wrong url in the location bar (Bug 1256194)" sounds like it could have security implications (if you copy and paste from the URL. Paul Kosinski On Fri, 01 Apr 2016 12:00:01 +0000 [email protected] wrote: > Message: 8 > Date: Fri, 01 Apr 2016 07:23:05 +0200 > From: Sebastian Metzger <[email protected]> > To: [email protected] > Message-ID: > <56fe05b9.a89cc20a.857f6.ffff9963smtpin_added_miss...@mx.google.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hello Paul, > > I think there are no security updates in 38.7.1, therefore there is > no entry. Compare > https://www.mozilla.org/en-US/firefox/38.7.1/releasenotes/ with > https://www.mozilla.org/en-US/firefox/38.7.0/releasenotes/ > > In 38.7.0 you see the link to "Various security fixes". In 38.7.1 is > no security fix included. > > But you're right the security fixes for 45.0 are missing in the esr > list. But not only 45.0, also 38.0 and 31.0, ... are missing. > > If you go to https://www.mozilla.org/en-US/firefox/45.0/releasenotes/ > and click on security fixes you come to > https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45 > instead of > https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ > > It seems that you can find the first ESR security fixes in this list. > > Best regards > > Sebastian Metzger _______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
