According to the release notes, Firefox 47.0.1 was released on June 28. I only found out about it yesterday (half a month later), when I happened to run the FileHippo Update Checker.
After seeing the new Firefox version reported by FileHippo, I looked at Firefox’s ‘About Firefox’ dialog, and it offered to upgrade to version 47.0.1. I went ahead, and I’m now running 47.0.1.
Why is Mozilla no longer announcing new versions of Firefox? If their goal is to make updates invisible to users, why didn’t my version of Firefox update to the new version automatically?
For what it’s worth, Firefox 47.0.1 appears to fix one obscure crashing problem.
The announcement for Firefox 47.0 highlights a few changes: synchronized tabs (between Firefox instances), improved video playback, and some security and performance improvements for Android users.
According to the release notes, Firefox 47.0 takes a few more steps in the process of moving away from Flash and toward HTML5 for video, and removes support for some older technologies related to plugins. The click-to-activate plugin whitelist, a security feature that was introduced in 2013, has been removed.
Most importantly, Firefox 47.0 fixes at least thirteen security issues. So don’t delay, update Firefox as soon as you can.
Check your Firefox version and trigger an update by navigating to its About page:
Click the ‘hamburger’ (three horizontal bars) menu button at the top right.
Click the question mark at the bottom of the menu.
I’m beginning to detect a weird kind of consistency to the way Mozilla assigns version numbers to Firefox.
If Mozilla staffers don’t want to formally announce a new version, they give it a minor revision number, like 46.0.1, which was released on Tuesday. If, on the other hand, Mozilla decides to announce a new version of Firefox, they give it a major revision number, like last week’s Firefox 46.0.
This sounds silly, but it seems to fit what we know. For example, despite the major difference in revision numbers between 46.0 and 46.0.1, both versions consist of a few bug fixes.
The release notes for Firefox 46.0.1 list six changes, all bug fixes for minor issues that aren’t particularly interesting. None of the fixes seem related to security.
It’s a major new revision for Firefox, so there are lots of cool new features and enhancements to discuss, so Mozilla actually announced the release on their main blog. Typical of Mozilla announcements, the version is never mentioned.
At least the announcement lists the changes: “improved look and feel for Linux users, a minor security improvement and additional updates for all Firefox users.” Not much there. Turning to the release notes, it looks like the minor security improvement is related to Javascript. Other changes include ten security fixes, and fixes for a few other bugs.
Since several security vulnerabilities are addressed in 46.0, anyone using Firefox should install the new version as soon as possible.
A couple of days ago Mozilla snuck another Firefox release past me. This one I discovered when Firefox itself prompted me to upgrade. According to the release notes, version 45.0.2 consists of a few minor bug fixes, none of which are related to security. There was no announcement for this release.
Security researchers recently discovered that Firefox add-ons can use functions and data from other add-ons. This allows malicious persons to create seemingly-innocuous add-ons that look for and use vulnerable versions of popular add-ons like NoScript and Firebug.
For this type of exploit to work, a user would need to a) leave a vulnerable add-on unpatched; and b) install the malicious add-on. Which means that we have yet another reason to make sure that Firefox add-ons are kept up to date. Thankfully, the extremely useful NoScript add-on receives updates automatically, and frequently.
This also serves as a reminder to be careful when installing any add-on, no matter how innocuous it seems.
Mozilla is currently revamping the add-on framework in Firefox. The new system will improve security, preventing add-ons from accessing each others’ functions and data.
There was another stealth Firefox release earlier this week. Luckily, none of the changes in version 45.0.1 seem to be related to security. According to the release notes, a few minor bugs were fixed.
The good people at CERT once again alerted me to a new version of Firefox, 45.0. Apparently Mozilla still can’t manage to announce new versions consistently.
According to the official release notes for Firefox 45.0, the new version includes minor improvements to syncing, searching, and HTML5 support. It also fixes several bugs, including at least twenty-two related to security vulnerabilities. On my main computer, Firefox’s About screen already offers to install the new version, but if yours doesn’t, you should grab it from the main Firefox download page ASAP.
Two stealth releases this week for Firefox. Version 44.0.1 was released on February 8 to fix a handful of minor bugs. Version 44.0.2 was released yesterday to fix a startup hanging problem and to address one security issue.
Most installations of Firefox will offer to update themselves automatically, but since 44.0.2 includes a security fix, you should check your version and trigger an update if you’re still running an older version.
If you’re wondering where Mozilla hid the ‘About’ box:
Click the ‘hamburger’ button (three stacked horizontal lines) at the top right.
Click the question mark button at the bottom of the menu.
Oracle is finally throwing in the towel for Java browser plugins. A never-ending source of security problems, the Java plugin will be phased out in the near future. Browser software developers like Mozilla and Google made this move inevitable when they started removing plugin functionality in recent months.
This will cause headaches for organizations that use a lot of browser-based Java. They’ll be faced with a decision. Many will presumably stall for time, and continue to use existing Java applets in increasingly-outdated browsers. Others may decide to switch to another platform entirely, which is likely to be very costly. The best alternative is to – where possible – change browser-based Java applets to use the Java Web Start technology. According to a white paper from Oracle (PDF): “The conversion of an applet to a Java Web Start application provides the ability to launch and update the resulting application without relying on a web browser… Desktop shortcuts can also launch the application, providing the user with the same experience as that of a native application.”
Regular users will only notice the loss of the Java browser plugin if they happen to use one or more Java applets. Site operators have been aware that this change is coming for a while, and have been scaling back their use of Java applets, but they may still be found on some banking and financial sites, web site builders, and so on. One Java applet-based service that I find extremely useful is Berkley’s ICSI Netalyzer, which analyzes your network connection and reports on any issues it finds. I’m hoping that Netalyzer’s developers will convert it to use Java Web Start, or do something else to keep the service online.
boot13