Improve harmonization for incorporation of security updates to TBB releases
Even though TBB is generally quite fast when it comes to patching FF and NoScript, to whatever extent possible, it's still important for TBB 3.0beta1 to receive the latest NoScript and Firefox updates at the same time as stable and release candidate TBBs.
As of today, for example, *TBB 3.0beta-1 is using Firefox ESR 17.0.10esr since 11/6 *TBB 2.4.18-rc-1 is using Firefox 17.0.11esr since 11/19 *TBB 2.3.25-15 is using using Firefox 17.0.11esr since 11/19
Firefox ESR 24.1.1 has been available since 11/15
Yes, it's only been 2 days since the more popular releases were last patched, but some of vulnerabilities patched in Firefox ESR 24.1.1 (e.g. NSS) are of particular concern to TBB users.
Requiring volunteer TBB testers to deliberately use vulnerable versions of Firefox ESR not only puts them at risk individually, but could also potentially be used to de-anonymize users of stable TBBs if exploitable vulnerabilities can be used to fingerprint users, since vulnerable and patched FF ESRs can be distinguished from one another.
Rolling out security updates to modular pieces of TBB like FF ESR, NoScript, and tor itself seems appropriate to do immediately and simultaneously whenever possible.
I recognize it's never that easy in practice, but hopefully this is something that can be increasingly automated as part of the awesome automated, reproducible build work that the team has been doing.