firefox-esr-78: mark as vulnerable

This is a browser, the 78 ESR series is end of life, so we can expect this browser to be a security vulnerability any day. Recommend everyone to move to ESR 91.
2021-11-02 23:40:02 +01:00 · 2021-11-02 23:40:02 +01:00 · 2d89624983
parent 3dc6784ba4
commit 2d89624983
1 changed files with 3 additions and 0 deletions
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@ -73,6 +73,9 @@ rec {
      badPlatforms = lib.platforms.darwin;
      broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
                                             # not in `badPlatforms` because cross-compilation on 64-bit machine might work.
+      knownVulnerabilities = [
+        "Firefox ESR 78 has reached its end of life. Migrate to Firefox ESR 91 (`firefox-esr` or `firefox-esr-91`)."
+      ];
      license = lib.licenses.mpl20;
    };
    tests = [ nixosTests.firefox-esr-78 ];