Category Archives: Mozilla

Firefox 57.0.4: security fixes for Spectre and Meltdown

The full scope of the recently-discovered Spectre and Meltdown vulnerabilities is still being determined. It may be that hardware or firmware changes will be necessary to truly remove the danger. However, it’s still possible that operating system and application updates can mitigate the risk sufficiently for most purposes.

Once Microsoft demonstrated that the new timing-based attacks could be used in JavaScript code on a malicious web page to read data from other web sites, the folks at Mozilla decided to make that more difficult to accomplish in Firefox. Since the vulnerabilities are timing-dependent, Mozilla reduced the accuracy of several time sources within Firefox that could be used in Spectre and Meltdown based exploits.

The result is Firefox 57.0.4, released on January 4. It’s difficult to know just how helpful these changes will be, but if you use Firefox, you should install this update.

Firefox 57.0.2

According to the release notes, Firefox 57.0.2 fixes two bugs, neither of which is related to security. And yet there’s also a security advisory for Firefox 57.0.2, which lists two vulnerabilities fixed in the new version.

In the past, Mozilla linked to relevant security advisories on Firefox release notes pages, so presumably someone simply forgot. Fixes for security bugs are a lot more important than fixes for obscure non-security-related bugs, so hopefully this isn’t the new normal for Firefox release notes.

Since this update includes security fixes, it’s a good idea to make sure your Firefox installation is up to date. You can do that by clicking its menu button at the top right (three horizontal lines, sometimes referred to as a ‘hamburger’ button), then choosing Help > About.

Firefox 57: faster and better

I’ve been using Firefox 57 for a few days now, since it was released on November 14. So far, I like what I see. Mozilla is hyping how much faster the browser is, and while it doesn’t feel a lot faster, it is indeed somewhat snappier. Given that Firefox had been getting noticeably sluggish in recent months, this is very welcome.

There are some major changes in Firefox 57: the user interface (UI) has had a major overhaul, using a new set of design guidelines called Photon. Most user interface elements will look familiar, but slightly different. Photon’s main objectives are to improve performance while making the interface consistent across various platforms. You’ll notice new icons throughout (including the main application icon), new positioning of interface elements, new animations, new appearance and behaviour for tabs, cleaned up menus, and new page loading animation.

The ‘new tab’ page has also been improved, and is more customizable. There are some new search engines to choose from, and Google is now the default for search. The on-page search feature now includes an option to highlight all matches on a page.

Numerous other changes in Firefox 57 were made to improve performance, including a new CSS engine called Stylo. CSS stands for Cascading Style Sheets, and it’s a set of standards used by web developers to define the style and layout of web sites. Stylo is faster than its predecessors because it uses available processing power more sensibly.

The upgrade process for Firefox 57 is no different than for earlier versions, and you don’t need to do anything special. As always, your existing Firefox profile (which contains your settings, bookmarks, login credentials, history, etc.) will be used by the new version. You may notice that your toolbar has been rearranged slightly, but that’s easy to fix using the Customize feature. You may also see blank spacer elements on either side of the address box, but these can be removed.

I noticed one possible problem: the contents of the address bar drop-down list occupy a narrow section in the middle of the list. The width of that section matches the width of the address box itself. This may have been done intentionally, but in my opinion it looks weird and severely limits the displayable length of addresses in the list.

With version 57, Firefox is no longer quite as sensitive about the use of Windows accessibility features. Previously, running the Windows On-Screen Keyboard would trigger Firefox to disable multi-process mode, resulting in reduced performance. That no longer happens in Firefox 57.

Firefox 57 also includes fixes for fifteen security vulnerabilities, so even if you’re not sure about the new user interface, you should really go and ahead and upgrade.

All in all, it’s good news for Firefox fans: Firefox 57 is faster, and has a cleaner, tighter, and more consistent user interface. I don’t see any reason to hold off on upgrading.

Firefox 57 may even be good enough to slow the recent wave of users, fed up with Firefox’s increasing bloat and decreasing performance, and feeling abandoned after Mozilla recently orphaned thousands of useful add-ons, who have been switching to Chrome and other browsers.

Firefox 56.0.1: 64 bits for the rest of us

On October 9, Mozilla released Firefox 56.0.1, which is notable in that it’s the first version that will automatically upgrade 32-bit Firefox to 64-bit Firefox. The 64-bit version has been available for a while, but Mozilla chose to hold off automatically upgrading 32-bit installs to 64-bit until now.

As usual, there was no announcement for Firefox 56.0.1 from Mozilla. Not even CERT helped here, since the new version doesn’t contain any security fixes. I learned about the new version when Firefox itself prompted me to upgrade on October 18, more than a week after the release.

On the positive side, the upgrade from 32- to 64-bit Firefox on my Windows 8.1 computer worked flawlessly. Somewhat oddly, the 64-bit version installed in the same directory as the 32-bit version: C:\Program Files (x86)\Mozilla Firefox. On 64-bit versions of Windows, 64-bit applications usually get installed in C:\Program Files. Regardless, I haven’t experienced any new problems or strange behaviour, and my old Firefox shortcuts still work. According to Mozilla, the 64-bit version of Firefox is demonstrably more stable and secure.

Firefox 56.0.1 includes a single bug fix, unrelated to security.

Firefox 56.0 released

It’s a major new version number, but there’s not much to get excited about in Firefox 56.0, unless the ability to take screenshots in your browser was on your wish list.

Also new in Firefox 56.0 is the Send Tabs feature, which allows you to send web page links to your other devices. Right click on any web page and select Send Page To Device to try it. I suppose it’s easier than sending yourself email.

Starting with version 56.0, Firefox’s web form autofill feature can fill in address fields. I didn’t even know this was missing in previous versions. In any case, this feature is currently only available for users in the USA; it will be made available in other countries in the coming weeks.

Firefox’s preferences (Options) pages have been reorganized and cleaned up significantly. There’s now a search box on the Options page, which should make finding that elusive setting a bit easier. The explanatory text associated with many options has been improved for clarity. The privacy options and data collection choices have been reworked so they are better aligned with the updated Privacy Notice and data collection strategy.

Finally, media on background tabs will no longer play automatically; it will only start playing once the associated tab is selected.

The release notes for Firefox 56.0 have additional details.

Firefox 55

Besides fixing twenty-nine security vulnerabilities, Firefox 55 adds support for the virtual reality technology WebVR, some new performance-related settings, and improvements to address bar functionality. The sidebar can now be on the right side of the browser, instead of only on the left. The Print Preview function now includes options for simplifying what’s printed. Starting Firefox with multiple tabs is now much faster. The Flash plugin is now ‘click to activate’ and only works with regular web and secure web URLs.

The default installation process has been modified, to simplify and ‘streamline’ installation for most users. Traditional, full installers are still available. The somewhat-less-likely-to-crash 64-bit version of Firefox is now installed by default on 64-bit systems with at least 2 GB of RAM.

Mozilla steadfastly refuses to mention version numbers in Firefox release announcements (including the one for Firefox 55), or to announce all new versions. Their rationale seems to be that the information exists somewhere, therefore they have done their job. Combined with the unpredictability of Firefox’s internal update mechanism, this is an ongoing frustration for some users (possibly only me).

On that subject, I’m still waiting for my installation of Firefox to notice that a new version is available. Firefox 55 includes changes to the browser’s built-in update process, but it’s not clear whether those changes will actually improve things. From the release notes: “Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.

Update 2017Aug13: According to denizens of Mozilla’s official #firefox IRC channel, the Firefox update servers have been disabled because of some problems with Firefox 55. Of course, Firefox will continue to tell you that “Firefox is up to date”, which can mean several different things. There’s no word on when the update servers will be back online, or what the problems are, but a search of the bug list for Firefox shows a likely candidate: Tabs are all restored as blank frequently after restart of [sic] applying Firefox 55 update. Apparently after upgrading to Firefox 55, some users are having problem restoring tabs, and in some cases, profile information is lost. Recommendation: don’t jump the gun and install Firefox 55 manually. Wait for the next version, which will likely be 55.0.1 or 55.0.2.

Update 2017Aug15: A new post on the Mozilla blog (64-bit Firefox is the new default on 64-bit Windows) confirms that 64-bit Firefox is now the default for 64-bit Windows systems, and that the 64-bit version is much more stable than its 32-bit equivalent. It goes on to say that to get the 64-bit version, you can either download and install it manually, or “You can wait. We intend to migrate the remaining 64-bit Windows users to a 64-bit version of Firefox with a future release.” No word on just how long we’ll have to wait.

Update 2017Aug17: Today, my install of Firefox started showing 55.0.2 as the latest version on its Help > About dialog. I went ahead and let it update itself, and now I’m running the 32 bit version of 55.0.2. According to the release notes, Firefox 55.0.1 fixes the bug in the tab restoration process that was introduced in 55.0. Firefox 55.0.2 fixes a problem with profiles that was introduced in 55.0.

Firefox 53.0.2

Mozilla released Firefox 53.0.2 on May 5. The new version includes three bug fixes, one of them for a security vulnerability.

As usual, Mozilla did a lousy job of announcing the new version: in fact, they didn’t bother at all, apparently preferring to leave that job to others like the far more dependable CERT.

If you use Firefox, and you’re not sure which version you’re running, open its menu (click the ‘three horizontal lines’ icon at the top right), then click the question mark icon, then About Firefox. If an update is available, this should trigger it.

Firefox 53.0: security updates and performance improvements

A major change to the internal workings of Firefox should result in faster web page rendering on most Windows computers. Unfortunately, that doesn’t include Windows XP: starting with version 53.0, Firefox no longer supports XP or Vista.

Firefox 53.0 also fixes at least twenty-nine security issues, so it’s a good idea to update it as soon as possible. Firefox can be rather sluggish about updating itself, but you can usually trigger an update by clicking the menu icon at the top right (three horizontal lines), then the little question mark icon, then About Firefox.

Also in the new release are some improvements to Firefox’s user interface, including two new ‘compact’ themes that free up some screen space. Site permission prompts are now somewhat easier to understand and more difficult to miss. Tab titles that are too long to fit in a tab now fade out at the end instead of being cut off and replaced by ellipses, which makes more of the truncated title visible.

Firefox 52.0.2

There’s another new Firefox release: 52.0.2. The new version fixes a few minor bugs, none related to security.

Firefox should update itself automatically to the new version, but there’s no particular urgency about this update, unless you’re affected by one of the bugs it fixes. See the release notes for details.

As usual, there was no announcement from Mozilla about Firefox 52.0.2. I learned about this one when Firefox offered to update itself.