Mozilla released Firefox 53.0.2 on May 5. The new version includes three bug fixes, one of them for a security vulnerability.
As usual, Mozilla did a lousy job of announcing the new version: in fact, they didn’t bother at all, apparently preferring to leave that job to others like the far more dependable CERT.
If you use Firefox, and you’re not sure which version you’re running, open its menu (click the ‘three horizontal lines’ icon at the top right), then click the question mark icon, then
About Firefox. If an update is available, this should trigger it.
A major change to the internal workings of Firefox should result in faster web page rendering on most Windows computers. Unfortunately, that doesn’t include Windows XP: starting with version 53.0, Firefox no longer supports XP or Vista.
Firefox 53.0 also fixes at least twenty-nine security issues, so it’s a good idea to update it as soon as possible. Firefox can be rather sluggish about updating itself, but you can usually trigger an update by clicking the menu icon at the top right (three horizontal lines), then the little question mark icon, then
Also in the new release are some improvements to Firefox’s user interface, including two new ‘compact’ themes that free up some screen space. Site permission prompts are now somewhat easier to understand and more difficult to miss. Tab titles that are too long to fit in a tab now fade out at the end instead of being cut off and replaced by ellipses, which makes more of the truncated title visible.
There’s another new Firefox release: 52.0.2. The new version fixes a few minor bugs, none related to security.
Firefox should update itself automatically to the new version, but there’s no particular urgency about this update, unless you’re affected by one of the bugs it fixes. See the release notes for details.
As usual, there was no announcement from Mozilla about Firefox 52.0.2. I learned about this one when Firefox offered to update itself.
A single security fix is apparently the sole reason Mozilla released Firefox 52.0.1 on March 17. There was no announcement from Mozilla, but as usual, CERT picked up the slack with their own announcement. The release notes for 52.0.1 point to a related security advisory.
Firefox will offer to update itself over the next few days, but you can usually trigger an update by navigating to its About dialog (hamburger menu icon > question mark icon > About Firefox).
At this point it seems clear that Mozilla has instructed its content writers to never mention version numbers in Firefox release announcements. The reason remains a mystery. Take yesterday’s announcement, for example. It begins “Today’s release of Firefox” – which makes it sound like Firefox is a new product.
Anyway… the mystery Firefox release yesterday was in fact version 52, which fixes at least twenty-eight security vulnerabilities. The new version also adds support for WebAssembly, which can dramatically improve the performance of web-based applications. Support for those annoying WiFi ‘captive portal’ hotspot login pages is improved in Firefox 52, and there are further improvements to the warnings you’ll see when you’re presented with a login form on an unencrypted connection.
Firefox 52 also removes almost all remaining support for the NPAPI plugin technology, with the lone exception being Flash, which means Silverlight, Java, Acrobat and other plugins that depend on NPAPI will no longer work. Support for the NPAPI version of Flash will apparently be removed in the next major Firefox release.
There were a couple of problems with Firefox 51 that prompted Mozilla to push out another new version yesterday. Firefox 51.0.1 resolves the two problems, one of which was related to the new multiprocess features.
Firefox itself seems to take a few days to notice new versions. Click the ‘hamburger’ menu button at the top right, then click the question mark icon, then click ‘About Firefox’ to see the version you’re running. In my experience, Firefox will usually say ‘Firefox is up to date’ until a couple of days after a new release becomes available. This is potentially confusing, but Mozilla doesn’t seem to understand that.
If you don’t want to wait for Firefox to notice the new version, you’ll have to download it directly from Mozilla.
The latest version of Firefox addresses at least twenty-four security vulnerabilities and changes the way non-encrypted sites appear in the address bar.
As usual, there’s nothing like a proper announcement for Firefox 51. What we get from Mozilla instead is a blog post that discusses some new features in Firefox, and mentions the new version number almost accidentally in the third paragraph. Once again, CERT does a better job of announcing the new version than Mozilla.
Starting with version 51, Firefox will flag sites that are not secured with HTTPS if they prompt for user passwords. Secure sites will show a green lock at the left end of the address bar as before, but sites that are not secure will show a grey lock with a red line through it. Previously, non-encrypted sites showed no lock icon at all. The idea is to draw the user’s attention to the fact that they are browsing without the security of encryption, which is risky when sensitive information (passwords, credit card numbers) is entered by the user.
The latest version of Firefox fixes at least thirteen security vulnerabilities. The release notes for Firefox 50.1 don’t provide much detail, but the related security vulnerabilities page at least lists the issues.
It almost goes without saying that there was no proper announcement from Mozilla for this new version, despite the fact that it includes fixes for critical security issues.
If you’re a Firefox user, you might want to think about using a different browser for the next day or so. Researchers have discovered a critical vulnerability that has yet to be patched. Mozilla is working on a fix but there’s no word on when it will be available.
Ars Technica has more.
Update 2016Nov30: Mozilla just released Firefox 50.0.2, which includes a fix for this vulnerability. Mozilla posted about this as well.
There’s a critical security vulnerability in Firefox 49 and 50, and Mozilla just released Firefox 50.0.1 to address it. Which is great, except for one thing: the total lack of anything resembling an announcement.
Yes, Firefox can be configured to update itself or alert you when an update is available, but that setting can also be disabled completely. Worse, it can take days for Firefox’s internal update checker to detect that there’s a new version.
I discovered the new version by way of a post on the US-CERT site.