[Micronet] BFSv9 browser

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] BFSv9 browser

Johnathon P. Kogelman
>From the BFSv9 FAQ:
6. Will BFSv9 work on multiple platforms/browsers?
The system test plan has identified specific testing efforts around the use of FireFox, Internet Explorer and Safari. Testing will be performed prior to go live and any issues will be communicated prior to July 1st.


I have not seen a finalized list of I.E. & FireFox versions that are supported, does anyone have this information handy?

Thank you,
Johnathon 
-- 

~~~~~~~~~~~~~~~~~~~~~~~
Johnathon P. Kogelman
Information Systems
College of Chemistry
[hidden email]
(510) 643-3533

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Greg Merritt *

On Jul 6, 2010, at 7:51 AM, Johnathon P. Kogelman wrote:

> I have not seen a finalized list of I.E. & FireFox versions that are  
> supported, does anyone have this information handy?


I do *not*... however, for the UPK (User Productivity Kit -- worst  
name & acronym ever) tutorials, our users have been instructed to  
downgrade from Firefox 3.6 to 3.5.9 -- apparently skipping 3.5.10 in  
the downgrade.

We've found that if there is a screen mid-lesson that appears to have  
no option for clicking through to the next step, the enter key can be  
used to advance the lesson.

-Greg

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

John Ives
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Setting aside any issues about open standards and the use of technology
that requires specific web browsers to work. I have a real problem with
the idea that we are recommending that people, particularly those
dealing with sensitive (even if not notice triggering) data, use a
browser that has multiple known security issues. Firefox 3.5.9 has 6
vulnerabilities that the Mozilla Foundation has rated as critical
meaning that they "can be used to run attacker code and install
software, requiring no user interaction beyond normal browsing."
(http://www.mozilla.org/security/known-vulnerabilities/firefox35.html)

I understand that testing against every common browser is difficult and
it may be necessary to recommend/require users to stay within a given
branch (3.5 for instance) as long as it is supported (unfortunately,
support for 3.5.X ends in August), but, as a campus, we must make a
better effort to not intentionally deploy vulnerabilities.

Yours,

John

On 7/6/2010 9:25 AM, Greg Merritt wrote:

>
> On Jul 6, 2010, at 7:51 AM, Johnathon P. Kogelman wrote:
>
>> I have not seen a finalized list of I.E. & FireFox versions that are  
>> supported, does anyone have this information handy?
>
>
> I do *not*... however, for the UPK (User Productivity Kit -- worst  
> name & acronym ever) tutorials, our users have been instructed to  
> downgrade from Firefox 3.6 to 3.5.9 -- apparently skipping 3.5.10 in  
> the downgrade.

- --
- -------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security     Cell (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMNLcDAAoJEJkidK6qbywsd+YIAJ+wfS4hmshgnamcyJ9yNqXS
7rxoZevhGPryyfJHs+szuq2E3yUg4Rx1cw0vkDlka4WFWLFv1Rsqa1Szb95PhzTt
j5WzjltoPpZ9MdxhKnk+2PpkR1V290OGG98IJxH+/if3STAUUQJhKXvd3viT2pso
UM/YPFZHD43gAtsWsGCQe3jDYeyBPxqai4IO1AvK4q2oxsLkcgbC1ici9t7uudn3
U6rxak04xPDzC/mt7O3MKrnsetNTJJjur/qtoLoz3RtVvtDCqggS5tiuPFexjI19
Uc/FTUZO9tM1nbrUwvl0+ldDpiLYzXSin+eVEs4HQ3uNTWClzAHXAPloTgEKbGk=
=oWD0
-----END PGP SIGNATURE-----

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Bill Clark
I know that some vendors (e.g. RedHat) will back-port security fixes to
older releases of open-source software.  Is there perhaps a way to get
older releases of Firefox that have had the relevant security patches
back-ported, but which are still compatible with the site in question?  I
have no idea what the situation might be with Windows/Mac releases (or if
there are any organizations that perform this kind of back-porting other
than RedHat) but I'm just throwing this out there as a possibility..

-Bill Clark

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Setting aside any issues about open standards and the use of technology
> that requires specific web browsers to work. I have a real problem with
> the idea that we are recommending that people, particularly those
> dealing with sensitive (even if not notice triggering) data, use a
> browser that has multiple known security issues. Firefox 3.5.9 has 6
> vulnerabilities that the Mozilla Foundation has rated as critical
> meaning that they "can be used to run attacker code and install
> software, requiring no user interaction beyond normal browsing."
> (http://www.mozilla.org/security/known-vulnerabilities/firefox35.html)
>
> I understand that testing against every common browser is difficult and
> it may be necessary to recommend/require users to stay within a given
> branch (3.5 for instance) as long as it is supported (unfortunately,
> support for 3.5.X ends in August), but, as a campus, we must make a
> better effort to not intentionally deploy vulnerabilities.
>
> Yours,
>
> John
>
> On 7/6/2010 9:25 AM, Greg Merritt wrote:
>>
>> On Jul 6, 2010, at 7:51 AM, Johnathon P. Kogelman wrote:
>>
>>> I have not seen a finalized list of I.E. & FireFox versions that are
>>> supported, does anyone have this information handy?
>>
>>
>> I do *not*... however, for the UPK (User Productivity Kit -- worst
>> name & acronym ever) tutorials, our users have been instructed to
>> downgrade from Firefox 3.6 to 3.5.9 -- apparently skipping 3.5.10 in
>> the downgrade.
>
> - --
> -
> -------------------------------------------------------------------------
> John Ives                                           Phone (510) 642-7773
> System & Network Security     Cell (510) 229-8676
> University of California, Berkeley
> -
> -------------------------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJMNLcDAAoJEJkidK6qbywsd+YIAJ+wfS4hmshgnamcyJ9yNqXS
> 7rxoZevhGPryyfJHs+szuq2E3yUg4Rx1cw0vkDlka4WFWLFv1Rsqa1Szb95PhzTt
> j5WzjltoPpZ9MdxhKnk+2PpkR1V290OGG98IJxH+/if3STAUUQJhKXvd3viT2pso
> UM/YPFZHD43gAtsWsGCQe3jDYeyBPxqai4IO1AvK4q2oxsLkcgbC1ici9t7uudn3
> U6rxak04xPDzC/mt7O3MKrnsetNTJJjur/qtoLoz3RtVvtDCqggS5tiuPFexjI19
> Uc/FTUZO9tM1nbrUwvl0+ldDpiLYzXSin+eVEs4HQ3uNTWClzAHXAPloTgEKbGk=
> =oWD0
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This
> means these messages can be viewed by (among others) your bosses,
> prospective employers, and people who have known you in the past.
>



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Kevin Sweeney-2
On 10:28 Wed 07 Jul     , Bill Clark wrote:

> I know that some vendors (e.g. RedHat) will back-port security fixes to
> older releases of open-source software.  Is there perhaps a way to get
> older releases of Firefox that have had the relevant security patches
> back-ported, but which are still compatible with the site in question?  I
> have no idea what the situation might be with Windows/Mac releases (or if
> there are any organizations that perform this kind of back-porting other
> than RedHat) but I'm just throwing this out there as a possibility..
>
> -Bill Clark
>
Actually, it seems that RedHat completely abandoned the 3.0.x and 3.5.x
branches of Firefox a couple weeks ago [1,2], likely because there are
nontrivial security flaws in those.

[1] https://rhn.redhat.com/errata/RHSA-2010-0501.html
[2] https://rhn.redhat.com/errata/RHSA-2010-0500.html

--
Kevin Sweeney
Senior Unix Systems Administrator
Network and Infrastructure Services, RSSP-IT
UC Berkeley

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

attachment0 (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Bill Clark
Well, then it would seem we're back to the question of why we'd use
software that required versions of browsers that are hopelessly
insecure... and for that, I have no answer. :)

-Bill Clark

> On 10:28 Wed 07 Jul     , Bill Clark wrote:
>> I know that some vendors (e.g. RedHat) will back-port security fixes to
>> older releases of open-source software.  Is there perhaps a way to get
>> older releases of Firefox that have had the relevant security patches
>> back-ported, but which are still compatible with the site in question?
>> I
>> have no idea what the situation might be with Windows/Mac releases (or
>> if
>> there are any organizations that perform this kind of back-porting other
>> than RedHat) but I'm just throwing this out there as a possibility..
>>
>> -Bill Clark
>>
>
> Actually, it seems that RedHat completely abandoned the 3.0.x and 3.5.x
> branches of Firefox a couple weeks ago [1,2], likely because there are
> nontrivial security flaws in those.
>
> [1] https://rhn.redhat.com/errata/RHSA-2010-0501.html
> [2] https://rhn.redhat.com/errata/RHSA-2010-0500.html
>
> --
> Kevin Sweeney
> Senior Unix Systems Administrator
> Network and Infrastructure Services, RSSP-IT
> UC Berkeley
>



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Johnathon P. Kogelman
Hi,

Thanks to the folks at the BFS helpdesk, I received this list of supported browsers. I hope the absence of FireFox 3.6 is simply a mistype from the Win XP/Vista/Server 2003 group, since 3.6 is supported on other OSs. This is a solid step forward for the Campus, now if only a few others applications cause up, we could avoid using insecure web browsers... :)


Platform

Recommended Browsers

Mac OS X 9

Firefox 3.0

Mac OS X 10.4

Firefox 3.0, 3.5, 3.6
Safari 2.0.4, 3.0, 4

Mac OS X 10.5, 10.6

Firefox 3.5
Safari 4

Windows XP, Vista, 2003

Internet Explorer 7, 8
Firefox 3.0, 3.5

Windows 2008

Internet Explorer 7
Firefox 3.0, 3.5, 3.6

Windows 7

Internet Explorer 7, 8
Firefox 3.5, 3.6



On 7/8/10 1:14 PM, Bill Clark wrote:
Well, then it would seem we're back to the question of why we'd use
software that required versions of browsers that are hopelessly
insecure... and for that, I have no answer. :)

-Bill Clark

  
On 10:28 Wed 07 Jul     , Bill Clark wrote:
    
I know that some vendors (e.g. RedHat) will back-port security fixes to
older releases of open-source software.  Is there perhaps a way to get
older releases of Firefox that have had the relevant security patches
back-ported, but which are still compatible with the site in question?
I
have no idea what the situation might be with Windows/Mac releases (or
if
there are any organizations that perform this kind of back-porting other
than RedHat) but I'm just throwing this out there as a possibility..

-Bill Clark

      
Actually, it seems that RedHat completely abandoned the 3.0.x and 3.5.x
branches of Firefox a couple weeks ago [1,2], likely because there are
nontrivial security flaws in those.

[1] https://rhn.redhat.com/errata/RHSA-2010-0501.html
[2] https://rhn.redhat.com/errata/RHSA-2010-0500.html

--
Kevin Sweeney
Senior Unix Systems Administrator
Network and Infrastructure Services, RSSP-IT
UC Berkeley

    


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

  

-- 

~~~~~~~~~~~~~~~~~~~~~~~
Johnathon P. Kogelman
Information Systems
College of Chemistry
[hidden email]
(510) 643-3533

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] BFSv9 browser

Aron Roberts
Re: [Micronet] BFSv9 browser
At 07:44 -0700 2010-07-09, Johnathon P. Kogelman wrote:
Thanks to the folks at the BFS helpdesk, I received this list of supported browsers. I hope the absence of FireFox 3.6 is simply a mistype from the Win XP/Vista/Server 2003 group

  ... and the Mac OS X 10.5, 10.6 group

since 3.6 is supported on other OSs.

Aron

--



Platform
Recommended Browsers
Mac OS X 9
Firefox 3.0
Mac OS X 10.4
Firefox 3.0, 3.5, 3.6
Safari 2.0.4, 3.0, 4
Mac OS X 10.5, 10.6
Firefox 3.5
Safari 4
Windows XP, Vista, 2003
Internet Explorer 7, 8
Firefox 3.0, 3.5
Windows 2008
Internet Explorer 7
Firefox 3.0, 3.5, 3.6
Windows 7
Internet Explorer 7, 8
Firefox 3.5, 3.6


On 7/8/10 1:14 PM, Bill Clark wrote:
Well, then it would seem we're back to the question of why we'd use
software that required versions of browsers that are hopelessly
insecure... and for that, I have no answer. :)

-Bill Clark

 

On 10:28 Wed 07 Jul     , Bill Clark wrote:
   

I know that some vendors (e.g. RedHat) will back-port security fixes to
older releases of open-source software.  Is there perhaps a way to get
older releases of Firefox that have had the relevant security patches
back-ported, but which are still compatible with the site in question?
I
have no idea what the situation might be with Windows/Mac releases (or
if
there are any organizations that perform this kind of back-porting other
than RedHat) but I'm just throwing this out there as a possibility..

-Bill Clark

     


Actually, it seems that RedHat completely abandoned the 3.0.x and 3.5.x
branches of Firefox a couple weeks ago [1,2], likely because there are
nontrivial security flaws in those.

[1]
https://rhn.redhat.com/errata/RHSA-2010-0501.html
[2]
https://rhn.redhat.com/errata/RHSA-2010-0500.html

--
Kevin Sweeney
Senior Unix Systems Administrator
Network and Infrastructure Services, RSSP-IT
UC Berkeley

   




 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 


--

~~~~~~~~~~~~~~~~~~~~~~~
Johnathon P. Kogelman
Information Systems
College of Chemistry
[hidden email]
(510) 643-3533

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.