Prior to the Firefox 3.6 transition ----------------------------------- Firefox et al: firefox (3.6) and xulrunner-1.9.2 share codebase firefox-3.5 and xulrunner-1.9.1 share codebase firefox-3.1 and xulrunner-1.9.1 share codebase (old) firefox-3.0 and xulrunner-1.9 share codebase firefox (2.0) and xulrunner 1.8.1 share codebase firefox (1.5) and xulrunner 1.8.0 share codebase seamonkey (1.0) and xulrunner 1.8.0 share codebase seamonkey (1.1) and xulrunner 1.8.1 share codebase seamonkey (2.0) and xulrunner 1.9.1 share codebase mozilla-thunderbird (1.5) and xulrunner 1.8.0 share codebase thunderbird (2.0) and xulrunner 1.8.1 share codebase thunderbird (3.0) and xulrunner 1.9.1 share codebase thunderbird (3.1) and xulrunner 1.9.2 share codebase iceweasel = rebranded firefox iceape = rebranded seamonkey icedove = rebranded thunderbird After the Firefox 3.6 Transition -------------------------------- firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x) firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead) firefox-3.5: Ubuntu 9.10 (static build of 3.6.x) xulrunner-1.9.2: added in all releases from Hardy and later Semonkey Transition ------------------- Seamonkey also transitioned from 1.1.x to 2.0.x in Ubuntu 10.04 LTS - 9.10. Thunderbird Transition ---------------------- Thunderbird will be transitioning from 3.0 to 3.1 on Ubuntu 10.04 LTS. CVE Triage ---------- CVEs in Firefox are tracked in the xulrunner source packages for builds that use the system xulrunner, and firefox source packages for those that use a static build. active/00boilerplate.firefox is used to capture the source package relationships when triaging CVEs for firefox (ie, you only need to specify 'firefox' as the source package). The following sources are currently ignored: firefox: (ignored EOL) Ubuntu 6.06 LTS (static build) xulrunner (1.8.0): (ignored EOL) firefox (1.5) - Ubuntu 6.06 LTS (system xul) xulrunner (1.8.1): (ignored EOL) firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul) xulrunner-1.9: (ignored) reverse dependencies no longer process web content xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content, except for firefox-3.5 on Ubuntu 9.04. The following sources are currently tracked: xulrunner-1.9.2: system xul for reverese dependencies that process web content. This is now abandoned by upstream. Supported Ubuntu 10.04 LTS reverse dependencies do not process arbitrary webcontent. firefox: Ubuntu 8.04 LTS and higher (static build of 3.6.x or higher) Additionally, the following share a common codebase and are affected by the same CVE often enough that they warrant being part of the firefox boilerplate: seamonkey thunkerbird