Anyway, the reason I want to do this, is so I can wright a script to see what version of Firefox is running. This is because I do a lot of server hardening and to fix certain CVE hits you need to upgrade to a certain version of Firefox.
For example to fix CVE-2013-0787 you need to have Firefox updated to one of the versions below.
Firefox 19.0.2 or later
Firefox ESR 17.0.4 or later
I'm sure you can now see my issue.
I don't see any reason why you need to specifically detect the string "ESR" in the version. There is no 17.0.4 non-ESR version. What that CVE identifier means is that the Firefox version must be a version 17 release with minor.point release version of at least 0.4. Or, the version must be 19.0.2 or greater, which includes 20.x.y, 21.x.y, etc. Note that this means that there is no version 18.x.y which satisfies this condition.
If you wanted to check this programatically, the following pseudo code would do it:
Code:
major, minor, micro = split(firefox version string)
# All releases of version 20 or newer are safe
if major > 19
return safe
# In the 19 branch, only .0.2 and newer are safe
if major == 19
if minor > 0
return safe
if minor == 0
if micro >= 2
return safe
# There are no patched versions in the 18 branch.
# In the 17 branch, only .0.4 and newer are safe
if major == 17
if minor > 0
return safe
if minor == 0
if micro >= 4
return safe
# Everything else is vulnerable
return vulnerable
---------- Post updated at 11:49 AM ---------- Previous update was at 11:36 AM ----------
alister,
Thank you for looking at this. The links provided are helpful. It looks like later point versions of Firefox are ESR. I guess that will have to do.
I have a unique situation, I have a RHEL OS but also a file path that has a OS image (it is not the image running on the machine) if I run fire fox -version it will give me the version of the actively installed FF however I need to know if the version of FF sitting in the non active path is the... (4 Replies)
Guys,
How to find OS version and firmware version in LINUX?
Like in AIX.
uname -a will show me the version 5.3, 6.1,7.1.
lsmcode -c will show me - system firmware image as SF240_417.
What are the similar commands in Linux.
I checked uname -a and cat /etc/release.
uname... (1 Reply)
Would like to confirm the ff. I got confused actually with the version I needed to download that will work on glassfish 3.0.1
a. Debian Squeeze (HP DL360). Need to use java version6
On Debian, I did apt-get install sun-java6-jdk. So when I check it's
java version "1.6.0_22"
Java(TM) SE... (1 Reply)
i have a program writing in PRO C which currently running in unix version 8 tie with oracle 8i, but in the future company gonna migrate this OS to version 9.
Anything i have to prepare for my PRO C program to run in unix version 9? or anything would that impact my program couldn't run well?
what... (2 Replies)
Hi,
How to write a script for finding out firefox version in our linux machine?
Could you please share the same? I am using Red Hat Linux machine.
Thanks,
Kammy (2 Replies)
