Category Archives: Firefox

Firefox 60.0.2

When first published on June 6, the release notes for Firefox 60.0.2 didn’t mention anything about security, but they’ve since been updated to include a reference to a single vulnerability that is fixed in the new version.

The vulnerability fixed in Firefox 60.0.2 is flagged as having both Critical and High impact by Mozilla, and since there are as yet no details in the official vulnerability database for CVE-2018-6126, it’s difficult to know which is correct.

Regardless, if you use Firefox, you should update it as soon as possible. Depending on how it’s configured, Firefox will usually at least let you know that a new version is available within a few hours after it’s published. If not, you can usually trigger an update by clicking the ‘hamburger’ menu icon at the top right, then selecting Help > About.

Firefox 60

Mozilla is making things easier for IT folks with Firefox 60. A new policy engine allows Firefox to be deployed with custom configurations appropriate for business and education environments. This seems likely to increase Firefox’s presense on enterprise desktops.

The New Tab (aka Firefox Home) page gets a bit of an overhaul in Firefox 60, with a responsive layout that should work better with wide screens, saved Pocket pages in the Highlights section, and more reordering options.

The Cookies and Site Data section of Firefox’s Preferences page is now a lot easier to understand: the amount of disk space involved is shown, as are the implications of each option.

Twenty-six security vulnerabilities are fixed in Firefox 60.

Java 8 Update 171 (8u171)

The only major browser that still officially supports Java is Internet Explorer, although there are workarounds for some of the other browsers. For example, you can switch to Firefox ESR (Extended Support Release), but even that support is likely to disappear before long. Google Chrome, and other browsers that use the same engine, can only be made to show Java content by installing an extension that runs Internet Explorer in a tab.

Java’s impact on security is diminishing, but it’s still being used on older systems where upgrading to newer O/S versions is not possible. There are still a lot of Windows XP systems out there, and most of them are either running older versions of Internet Explorer or Firefox ESR.

If you’re still using Java, you should install the latest version, Java 8 Update 171 (8u171), as soon as possible. The easiest way to check which version you’re running and install any available updates is to visit Oracle’s ‘Verify Java’ page. You’ll need to do that with a Java-enabled browser. Another option is to visit the third-party Java Tester site. Again, this site won’t work unless Java is enabled.

Java 8 Update 171 includes fixes for fourteen security vulnerabilities. Other changes are documented in the Java 8 release notes and the Java 8u171 bug fixes page.

Firefox 59 released

Firefox 59 features performance and user interface improvements, as well as numerous other minor changes. At least eighteen security issues are fixed in the new version.

Particularly welcome are new Privacy and Security settings (Menu > Options > Privacy & Security) that will stop websites from asking to send notifications.

Note: Windows 7 users may have trouble using certain Windows accessibility features, such as the on-screen keyboard, when Firefox 59 is installed. Mozilla is working on a fix for this issue.

Update: Firefox 59.0.1 is also now available. It fixes a single security bug.

Firefox 58.0

Earlier this week Mozilla released Firefox 58.0. The new version makes significant improvements its graphics engine and Javascript handling, which should translate into faster page rendering, especially on sites that use a lot of Javascript. Mozilla says we can expect further performance improvements in Firefox in the coming weeks.

At least thirty-two security vulnerabilities are addressed in Firefox 58.0. The release notes for Firefox 58.0 provide additional details.

Note that Firefox 58.0 user profiles are not compatible with earlier versions of Firefox, so if you don’t like 58.0 and decide to downgrade, you’ll have to create a new profile.

Firefox 57.0.4: security fixes for Spectre and Meltdown

The full scope of the recently-discovered Spectre and Meltdown vulnerabilities is still being determined. It may be that hardware or firmware changes will be necessary to truly remove the danger. However, it’s still possible that operating system and application updates can mitigate the risk sufficiently for most purposes.

Once Microsoft demonstrated that the new timing-based attacks could be used in JavaScript code on a malicious web page to read data from other web sites, the folks at Mozilla decided to make that more difficult to accomplish in Firefox. Since the vulnerabilities are timing-dependent, Mozilla reduced the accuracy of several time sources within Firefox that could be used in Spectre and Meltdown based exploits.

The result is Firefox 57.0.4, released on January 4. It’s difficult to know just how helpful these changes will be, but if you use Firefox, you should install this update.

Firefox 57.0.2

According to the release notes, Firefox 57.0.2 fixes two bugs, neither of which is related to security. And yet there’s also a security advisory for Firefox 57.0.2, which lists two vulnerabilities fixed in the new version.

In the past, Mozilla linked to relevant security advisories on Firefox release notes pages, so presumably someone simply forgot. Fixes for security bugs are a lot more important than fixes for obscure non-security-related bugs, so hopefully this isn’t the new normal for Firefox release notes.

Since this update includes security fixes, it’s a good idea to make sure your Firefox installation is up to date. You can do that by clicking its menu button at the top right (three horizontal lines, sometimes referred to as a ‘hamburger’ button), then choosing Help > About.

Firefox 57.0.1: a few bug fixes

It’s been two weeks since the release of Firefox 57, the first version of a new generation for the browser dubbed Quantum, and it’s clearly faster, cleaner, and lighter than its predecessors.

Firefox 57.0.1, released on November 29, addresses a few minor problems in 57.0. The release notes mention security fixes, but the linked Security Advisories page shows fixes that were already in Firefox 57.0. So there’s no particular urgency about this update, unless you’re affected by one of the issues the new version fixes.