It seams that Oracle is no longer updating Firefox. I can't find any packages to install packages that are not from china. So I will have to compile my own from source. The issue is I have never done this. Can someone point me in the right direction. Has anyone done this before? What do I need to compile Firefox?
I have been waiting for Oracle to update for over six mouths. The version from China says in it's notes it's from the Oracle desktop Beijing team. If that is so, can't Oracle just look at what there doing and do it again at a US site. That should take like a day. If one part of Oracle has done it already, just make sure there are no back doors and release it again.
We have Solaris 10 installed on our servers. So we would like to have the most up to date version of Firefox on our server for security reasons. We are not planning on updating to Solaris 11, on our production servers at this time. Due to training and time needed for testing. We are also seeing more Linux servers in our environment. If anything, it is more likely that we become an all Linux shop then move to Solaris 11. As the Linux server are coming back more secure after security scans then the Solaris 10 servers are.
Regarding the remark that RHEL is more secure as Solaris based on a security scan, be aware that most of the scanner in the market can report bad informations or incomplete state.
A typical example is SSH is reported as not secure for the simple reason that the scanner looks for openssh issues and we have SunSSH. The method that is issue in most of the cases is just to compare the version of SSH that the system reports with a security database. OpenSSH uses currently the version 6.4 and we have a version numbered 0.9x or 1.x. And finally the scanner reports that Solaris integrated SSH is not secure and this is completely wrong !
Other examples exist.
Mozilla hasn't been giving packages for Solaris in the past.Mozilla used to send you to the Open Solaris page. It is also nice that they give both tarball and packages. I will look at them and see if they can be used at our site. If they can I will come back and mark your answer as the correct one.
I'm well aware of false positives. They happen in all operating systems. Where I work we do scans and remediation on all the issues. When you do a new install of Solaris and then on Linux server such as RHEL, we don't need to as much to get the Linux server to fully secured, as we do with Solaris. For example Firefox comes back as Firefox 3 or Firefox 10 while RHEl will come back as Firefox 24 or higher. Now I'm a Solaris fan and it saddens me that Solaris seems to be dieing out, I terms of security.
This is not comparable. We cannot compare a software that have an initial version in 2005 (Solaris 10) and the other in 2010 (RHEL 6). Solaris 11 is more appropriate as we have only 1 year difference.
If we look on the latest versions, Solaris 11.1 and RHEL 6.4, both versions provide FF 17. I checked several sources in Internet and the only methods to obtain the version 24 or higher are to use an external source as the OS maintainer.
And about the "secure by install", Solaris 11 is much better as Solaris 10. We don't need to run JASS for the most recent version.
Your right that we can't compare Solaris 10 to RHEL6, but we compare Solaris 10 to RHEL 5. RHEL5 comes out cleaner then Solaris 10 in our security scans. The main issue is because Oracle is not updating there builds or DVD/CD install media. So there is a lot of old software that is not being replaced with newer versions. We are most likely going to move all our Solaris 10 servers to Linux servers.
I looked at the link you gave me. It looks like the install files are not from Mozilla. They are from Sun Freeware, which got them from some developers in China. This being said I don't know if my company will let me install Firefox form a off shore site. If Oracle was supporting these files then that would be another story.