Installed fine, runs fine, except for for the following, which may be particular to my situation:
My internet connection is through pay-per-use WiFi, so login is via https html. There are many redirects involved. 3.6.0 handled it without complaint. 3.6.2 won't make the final connection, and error console shows this:
loginportal8.wanderingwifi.com : potentially vulnerable to CVE-2009-3555
The error console from 3.6.0 doesn't have this info. And 3.6.2 marks it as info, not warning or error. Using lynx, I'm prompted three times:
Local Issuer Certificate Unavailable : continue? [y,n]
Selecting y logs on eventually.One time only
, 3.6.2's error console showed an error I can't quote exactly, but it was in the config file firefox.js, and had to do with posting text. I'm wondering if FF is supposed to be providing info and options to handle the vulnerability, but can't because of a script error.
In any case, I don't think it's fixable by the packager since official builds are being used. Just passing on the info for other users.
I always turn off the testing repo after installing from it, but if you think you may face this same issue, leave the testing repo on
. Leaving it on allows you to downgrade, then re-upgrade ff without the connection required to reload package info from the repo. Unless you've made certain alterations, the package remains in subdirectories of /home/ftp.
Thanks for your quick attention to this security update and for your good work in packaging, toothandnail. In playing with the issue, I've up/downgraded several times, all flawlessly.