Keep track of security updates to parts of Tor Browser

Tor Browser is actually a bundle containing a bunch of software pieces like Firefox, Tor, NoScript, OpenSSL. For some of those pieces (like Firefox, Tor, NoScript) there is a way to keep track of security issues and their fixes, be it due to code inspection and notification or, kind of, due to automatic updates as in the NoScript case. But that does not hold for every piece of the bundle.

We should do two things to have at least a better overview about potential security issues we want to fix:

a) We need to come up with all of the bundle parts we think we should track for security issues.

b) We need to actually track those pieces.

Mozilla had a third-party library alert tjr worked on a while back, which we might be able to look at for help.