Category Archives: Mozilla

Firefox 62.0.2: one security fix

The latest Firefox includes fixes for a handful of bugs, including one security vulnerability: CVE-2018-12385 (Crash in TransportSecurityInfo due to cached data).

If your installation of Firefox is configured to update itself, it will probably get around to doing that in the next few days, if it hasn’t already. You can expedite the process by starting the browser and navigating to Help > About Firefox in its ‘hamburger’ menu at the top right of the browser window.

The release notes for Firefox 62.0.2 provide additional details.

Firefox 62.0: nine security updates

Despite the major version increment, Firefox 62.0 doesn’t really have any new features worth mentioning. However, it’s an important update, because it addresses at least nine security vulnerabilities that range from Low to Critical in severity.

One change in Firefox 62.0 is worth pointing out: the Description field for bookmarks has been removed. Any Description information you previously added to your bookmarks can still be exported from Firefox. From the release notes: “Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.”

You can usually encourage Firefox to update itself by navigating its ‘hamburger’ menu to Help > About Firefox.

Firefox 61.0 – security and performance improvements

The latest Firefox release features faster page load times and tab switching, improvements to search provider setup, an improved dark theme, better bookmark syncing, and at least eighteen security fixes.

Settings related to the home page and ‘new tab’ page are now in their own section on Firefox’s Options pages. You can access the new section directly using this URL: about:preferences#home.

The Firefox 61.0 release notes provide additional details.

On most computers, Firefox will update itself. You can encourage it by visiting the About page: click the hamburger button, then select Help > About Firefox.

Firefox 60.0.2

When first published on June 6, the release notes for Firefox 60.0.2 didn’t mention anything about security, but they’ve since been updated to include a reference to a single vulnerability that is fixed in the new version.

The vulnerability fixed in Firefox 60.0.2 is flagged as having both Critical and High impact by Mozilla, and since there are as yet no details in the official vulnerability database for CVE-2018-6126, it’s difficult to know which is correct.

Regardless, if you use Firefox, you should update it as soon as possible. Depending on how it’s configured, Firefox will usually at least let you know that a new version is available within a few hours after it’s published. If not, you can usually trigger an update by clicking the ‘hamburger’ menu icon at the top right, then selecting Help > About.

Firefox 60

Mozilla is making things easier for IT folks with Firefox 60. A new policy engine allows Firefox to be deployed with custom configurations appropriate for business and education environments. This seems likely to increase Firefox’s presense on enterprise desktops.

The New Tab (aka Firefox Home) page gets a bit of an overhaul in Firefox 60, with a responsive layout that should work better with wide screens, saved Pocket pages in the Highlights section, and more reordering options.

The Cookies and Site Data section of Firefox’s Preferences page is now a lot easier to understand: the amount of disk space involved is shown, as are the implications of each option.

Twenty-six security vulnerabilities are fixed in Firefox 60.

Firefox 59 released

Firefox 59 features performance and user interface improvements, as well as numerous other minor changes. At least eighteen security issues are fixed in the new version.

Particularly welcome are new Privacy and Security settings (Menu > Options > Privacy & Security) that will stop websites from asking to send notifications.

Note: Windows 7 users may have trouble using certain Windows accessibility features, such as the on-screen keyboard, when Firefox 59 is installed. Mozilla is working on a fix for this issue.

Update: Firefox 59.0.1 is also now available. It fixes a single security bug.

Firefox 58.0

Earlier this week Mozilla released Firefox 58.0. The new version makes significant improvements its graphics engine and Javascript handling, which should translate into faster page rendering, especially on sites that use a lot of Javascript. Mozilla says we can expect further performance improvements in Firefox in the coming weeks.

At least thirty-two security vulnerabilities are addressed in Firefox 58.0. The release notes for Firefox 58.0 provide additional details.

Note that Firefox 58.0 user profiles are not compatible with earlier versions of Firefox, so if you don’t like 58.0 and decide to downgrade, you’ll have to create a new profile.

Firefox 57.0.4: security fixes for Spectre and Meltdown

The full scope of the recently-discovered Spectre and Meltdown vulnerabilities is still being determined. It may be that hardware or firmware changes will be necessary to truly remove the danger. However, it’s still possible that operating system and application updates can mitigate the risk sufficiently for most purposes.

Once Microsoft demonstrated that the new timing-based attacks could be used in JavaScript code on a malicious web page to read data from other web sites, the folks at Mozilla decided to make that more difficult to accomplish in Firefox. Since the vulnerabilities are timing-dependent, Mozilla reduced the accuracy of several time sources within Firefox that could be used in Spectre and Meltdown based exploits.

The result is Firefox 57.0.4, released on January 4. It’s difficult to know just how helpful these changes will be, but if you use Firefox, you should install this update.