cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
intoSEC
New member
Status: New idea

Currently it's possible to easily find what security issues have been fixed in a new version of certain software.
But as a security advisor to my organization I'd like to be able to say "look, we're using version x, but the newest version, x + 5, has fixed these issues".

So I'd like to see a page that shows all fixes since a specific version.

For example, if we're using FF ESR 91.5, I enter this version on the website and I'm shown that the current version is ESR 91.12 and what which fixes have been introduced since 91.5. This way I can tell the those who are response to update because a critical bug has been fixed which does impact us.

How is this different from the current advisories?
For example, take https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/, this page shows security fixes since the previous versions, not the version we're using.

2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

LinuxEnjoy
Strollin' around

@intoSEC  I see how this is useful in your case.

Yet I don't think this warrants the time/effort for the devs.

What you can do is write a script yourself. The CVE's are all online on the Mozilla Page. Easy to grab and parse.

Should you consider doing this, consider making it Libre/Free as well. Maybe put it on GitHub,...