Currently it's possible to easily find what security issues have been fixed in a new version of certain software. But as a security advisor to my organization I'd like to be able to say "look, we're using version x, but the newest version, x + 5, has fixed these issues".
So I'd like to see a page that shows all fixes since a specific version.
For example, if we're using FF ESR 91.5, I enter this version on the website and I'm shown that the current version is ESR 91.12 and what which fixes have been introduced since 91.5. This way I can tell the those who are response to update because a critical bug has been fixed which does impact us.
How is this different from the current advisories? For example, take https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/, this page shows security fixes since the previous versions, not the version we're using.
... View more