Category Archives: Firefox

Firefox 64.0 fixes eleven security bugs

The latest Firefox fixes a handful of bugs, eleven of them security vulnerabilities, ranging in impact from low to critical.

New in Firefox 64.0 is the ability to select and manipulate multiple tabs. Hold the Ctrl or Shift key while clicking to select several tabs, then right-click one of the tabs to see some new actions in the context menu. Unfortunately, there’s no visual indication of which tabs have been selected, making this otherwise helpful feature somewhat awkward to use. You can at least see how many tabs you have selected in the context menu, in the Send n Tabs To Device entry.

Firefox’s Task Manager, which you can show by navigating to about:performance, now shows the amount of power being used by each tab and Add-On. This should be very handy for mobile device users.

Starting with Firefox 64.0, TLS certificates issued by Symantec are no longer trusted. You’ll only notice this if you visit a web site that still uses a certificate from Symantec.

The special page about:crashes is improved in Firefox 64.0: it’s now clear when a crash is being submitted to Mozilla, and that removing crashes locally does not remove them from the Mozilla crash stats page.

The release notes for Firefox 64.0 have more details.

Firefox 63.0

Released last week, Firefox 63.0 provides fixes for at least fourteen security issues.

Firefox 63 also includes performance improvements, content blocking functionality, some user interface improvements, and a few other bug fixes.

In keeping with the trend towards wresting control of updates away from users, the option to Never check for updates was removed from the Preferences page (about:preferences). Sigh.

Firefox can be updated by navigating its ‘hamburger’ menu (button at top right) to Help > About Firefox.

Firefox 62.0.3: two critical security fixes

Yesterday, Mozilla released Firefox 62.0.3, which includes fixes for two critical security vulnerabilities in previous versions of the popular web browser.

The two vulnerabilities addressed in Firefox 62.0.3 are described in some detail on the associated security advisory page.

Depending on how your Firefox is configured, it may display a small update dialog, or it may simply update itself. To control what happens with new versions, navigate Firefox’s ‘hamburger’ menu (at the top right) to Options > General > Firefox Updates. While there, you can click the Check for updates button to trigger an update if one is available.

Firefox 62.0.2: one security fix

The latest Firefox includes fixes for a handful of bugs, including one security vulnerability: CVE-2018-12385 (Crash in TransportSecurityInfo due to cached data).

If your installation of Firefox is configured to update itself, it will probably get around to doing that in the next few days, if it hasn’t already. You can expedite the process by starting the browser and navigating to Help > About Firefox in its ‘hamburger’ menu at the top right of the browser window.

The release notes for Firefox 62.0.2 provide additional details.

Firefox 62.0: nine security updates

Despite the major version increment, Firefox 62.0 doesn’t really have any new features worth mentioning. However, it’s an important update, because it addresses at least nine security vulnerabilities that range from Low to Critical in severity.

One change in Firefox 62.0 is worth pointing out: the Description field for bookmarks has been removed. Any Description information you previously added to your bookmarks can still be exported from Firefox. From the release notes: “Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.”

You can usually encourage Firefox to update itself by navigating its ‘hamburger’ menu to Help > About Firefox.

Firefox 61.0 – security and performance improvements

The latest Firefox release features faster page load times and tab switching, improvements to search provider setup, an improved dark theme, better bookmark syncing, and at least eighteen security fixes.

Settings related to the home page and ‘new tab’ page are now in their own section on Firefox’s Options pages. You can access the new section directly using this URL: about:preferences#home.

The Firefox 61.0 release notes provide additional details.

On most computers, Firefox will update itself. You can encourage it by visiting the About page: click the hamburger button, then select Help > About Firefox.

Firefox 60.0.2

When first published on June 6, the release notes for Firefox 60.0.2 didn’t mention anything about security, but they’ve since been updated to include a reference to a single vulnerability that is fixed in the new version.

The vulnerability fixed in Firefox 60.0.2 is flagged as having both Critical and High impact by Mozilla, and since there are as yet no details in the official vulnerability database for CVE-2018-6126, it’s difficult to know which is correct.

Regardless, if you use Firefox, you should update it as soon as possible. Depending on how it’s configured, Firefox will usually at least let you know that a new version is available within a few hours after it’s published. If not, you can usually trigger an update by clicking the ‘hamburger’ menu icon at the top right, then selecting Help > About.

Firefox 60

Mozilla is making things easier for IT folks with Firefox 60. A new policy engine allows Firefox to be deployed with custom configurations appropriate for business and education environments. This seems likely to increase Firefox’s presense on enterprise desktops.

The New Tab (aka Firefox Home) page gets a bit of an overhaul in Firefox 60, with a responsive layout that should work better with wide screens, saved Pocket pages in the Highlights section, and more reordering options.

The Cookies and Site Data section of Firefox’s Preferences page is now a lot easier to understand: the amount of disk space involved is shown, as are the implications of each option.

Twenty-six security vulnerabilities are fixed in Firefox 60.

Java 8 Update 171 (8u171)

The only major browser that still officially supports Java is Internet Explorer, although there are workarounds for some of the other browsers. For example, you can switch to Firefox ESR (Extended Support Release), but even that support is likely to disappear before long. Google Chrome, and other browsers that use the same engine, can only be made to show Java content by installing an extension that runs Internet Explorer in a tab.

Java’s impact on security is diminishing, but it’s still being used on older systems where upgrading to newer O/S versions is not possible. There are still a lot of Windows XP systems out there, and most of them are either running older versions of Internet Explorer or Firefox ESR.

If you’re still using Java, you should install the latest version, Java 8 Update 171 (8u171), as soon as possible. The easiest way to check which version you’re running and install any available updates is to visit Oracle’s ‘Verify Java’ page. You’ll need to do that with a Java-enabled browser. Another option is to visit the third-party Java Tester site. Again, this site won’t work unless Java is enabled.

Java 8 Update 171 includes fixes for fourteen security vulnerabilities. Other changes are documented in the Java 8 release notes and the Java 8u171 bug fixes page.