Category Archives: Firefox

Firefox 68.0.2

One security fix and a handful of other bug fixes were released in the form of Firefox 68.0.2 on August 14.

The lone security fix closes a hole in the way Firefox handles saved passwords. Before Firefox 68.0.2, it was possible to extract password information from the browser’s encrypted password database — even when it was protected by a master password — without entering the master password. That’s a rather large and (at least to anyone who uses Firefox’s password store with a master password) disturbing security hole.

As always, you can wait for Firefox to update itself, or expedite things by navigating the browser’s ‘hamburger’ menu to Help > About Firefox.

Firefox 68.0

There are at least twenty-one fixes for security issues in the latest Firefox, version 68.0. If Firefox is your browser of choice, and it prompts you to install this update, you should let it proceed. If Firefox’s automatic version checking is disabled, you can always wake it up by navigating the ‘hamburger’ menu to Help > About Mozilla Firefox.

Other changes in Firefox 68.0 include the spread of “Dark mode in reader view” into the surrounding browser interface. Blecch. Well, it’s not for me, anyway.

Extension management, via the about:addons page, is improved in the new Firefox. It’s now easier to report security and performance issues with extensions and themes. It’s also easier to get detailed information about extensions. And there’s a new section that provides extension recommendations.

The release notes page for Firefox 68.0 has more information.

Firefox 67.0.3 and 67.0.4

Over the last few days, two new versions of Firefox were released, each addressing a single security vulnerability.

Firefox 67.0.3 fixes a critical flaw in the way Javascript objects are handled that can allow exploitable crashes. Targeted attacks in the wild are actively abusing this flaw.

Firefox 67.0.4‘s fix is for an as yet unexploited flaw that could potentially result in executing arbitrary code on the user’s computer.

Both vulnerabilities were reported to Mozilla by non-Mozilla security researchers.

You can wait for Firefox to update itself, or nudge it along by visiting Help > About Mozilla Firefox in its menu, found by clicking the hamburger button (hamburger) button in the toolbar.

Firefox 67.0

Firefox 67.0, released on May 21, improves the browser’s privacy, security, accessibility, performance, and compatibility. There are also twenty-one security fixes in the new version.

You can find all the details on the release notes page, and a related Mozilla blog post.

A couple of the changes are worth highlighting:

  • Firefox can now be configured to block known cryptominers and fingerprinters using Content Blocking preferences.
  • Accessibility improvements: there’s now full keyboard access to toolbar areas, including add-ons, downloads, Page actions, etc.

You can check your current version and trigger an update check by navigating Firefox’s ‘hamburger’ menu to Help > About Firefox.

Firefox 66.0.4 fixes major add-on problem

On May 3, Firefox users all over the world noticed that the browser’s add-ons suddenly stopped working and disappeared from the toolbar. This caused major consternation, as you might imagine. Mozilla has previously made changes to Firefox which disabled some add-ons, so there was initially some concern that this was intentional. However, it turns out that someone at Mozilla failed to renew a critical security certificate, which then expired on May 3rd.

Mozilla added certificate checking to Firefox’s add-ons (extensions, themes, search engines, language packs) some time ago to weed out malicious add-ons and prevent them from being used. When the main certificate expired, Firefox suddenly identified all add-ons as invalid, and disabled them.

Many people use Firefox without add-ons, and those people were unaffected by this problem. Some people, including myself, use add-ons to provide functionality without which Firefox is almost unusable. For example, I use uBlock Origin to prevent Javascript from running on all web pages by default, and Dark Reader to make dark-themed web pages readable.

Once people started noticing the problem, they naturally tried to find workarounds, some of which did more harm than good. Mozilla scrambled to solve the problem, and on May 4 pushed out an official, temporary workaround using a little-known Firefox feature called Studies. Once installed, this fix did re-enable add-ons for many users, but didn’t help if the Studies feature was disabled, and was only effective for desktop versions of the browser.

On May 5 a new version of Firefox was released by Mozilla. Firefox 66.0.4 includes a single change that fixes the certificate expiry problem. There are a few caveats: some add-ons may need to be re-enabled manually. Certain add-ons will remain disabled. Other add-ons may need to be reconfigured.

This was a major (and embarassing) blunder, but Mozilla handled it reasonably well, although the information they published was occasionally somewhat misleading. There’s a useful record of what happened on this Mozilla blog post.

Update 2019May10: Yesterday, Mozilla published a followup/apology post.

Firefox 66.0 and 66.0.1

The latest major release of Firefox is version 66, which was announced on March 19th. The new version includes some welcome improvements and twenty-one security fixes.

What’s new in Firefox 66?

  • Audio is now prevented from playing by default. You can override this behaviour with a global setting, or add specific web sites to an exclusion list.
  • When you have a lot of tabs open, Firefox now shows a down-arrow button at the end of the tab bar. Clicking this button shows a list of all open tabs, and provides a special search function, allowing you to search your open tabs.
  • Scroll Anchoring tries to keep your content in place even as advertising and other images try to push what you’re reading off the page.
  • Extensions get a slight speed boost.
  • It’s now a bit easier to configure keyboard shortcuts for extensions.
  • HTTPS certificate error pages are easier to understand.
  • Additional performance and stability improvements, especially during page loading.
  • AV1 video support was added to the 32-bit version of Firefox.

Firefox 66.0.1 addresses two security issues in earlier versions, and was released on March 22nd.

You can check which version you’re running by clicking Firefox’s ‘hamburger’ menu, and navigating to Help > About Firefox. If you’re not yet up to date, you should see an Update button that allows you to install the latest version.

Firefox 65.0: security improvements and bug fixes

The latest Firefox version, released by Mozilla on January 29, is 65.0. The new version includes fixes for seven security vulnerabilities, as well as some security-related improvements and new features.

Firefox 65 makes it even easier to detect and control the tracking a web site is doing. At the far left end of the address bar, click the small ‘i’ with a circle around it. This will show the site information window. The new Content Blocking section in this window allows you to see the cookies and trackers being used by a site. There’s also a shortcut to the Content Blocking settings, where you can set global preferences for blocking: Strict, Standard, or Custom.

Firefox 65.0 adds support for a video compression technology called AV1, which is expected to provide improvements in video streaming performance for 64-bit Firefox users.

Depending on how you’ve configured Firefox’s update settings, it may prompt you to install the new version. If it doesn’t, try navigating Firefox’s menu (that ‘hamburger’ icon) to Help > About Firefox. You’ll be able to see the current version and update it from there if a new version is available.

Firefox 64.0 fixes eleven security bugs

The latest Firefox fixes a handful of bugs, eleven of them security vulnerabilities, ranging in impact from low to critical.

New in Firefox 64.0 is the ability to select and manipulate multiple tabs. Hold the Ctrl or Shift key while clicking to select several tabs, then right-click one of the tabs to see some new actions in the context menu. Unfortunately, there’s no visual indication of which tabs have been selected, making this otherwise helpful feature somewhat awkward to use. You can at least see how many tabs you have selected in the context menu, in the Send n Tabs To Device entry.

Firefox’s Task Manager, which you can show by navigating to about:performance, now shows the amount of power being used by each tab and Add-On. This should be very handy for mobile device users.

Starting with Firefox 64.0, TLS certificates issued by Symantec are no longer trusted. You’ll only notice this if you visit a web site that still uses a certificate from Symantec.

The special page about:crashes is improved in Firefox 64.0: it’s now clear when a crash is being submitted to Mozilla, and that removing crashes locally does not remove them from the Mozilla crash stats page.

The release notes for Firefox 64.0 have more details.

Firefox 63.0

Released last week, Firefox 63.0 provides fixes for at least fourteen security issues.

Firefox 63 also includes performance improvements, content blocking functionality, some user interface improvements, and a few other bug fixes.

In keeping with the trend towards wresting control of updates away from users, the option to Never check for updates was removed from the Preferences page (about:preferences). Sigh.

Firefox can be updated by navigating its ‘hamburger’ menu (button at top right) to Help > About Firefox.