Tuesday, March 07, 2017

Mozilla Firefox Version 52.0 Released with Security Updates


FirefoxMozilla sent Firefox Version 52.0 to the release channel today.  The update includes six (6) Critical, four (4) High, eleven (11) Moderate updates and six (6) low security updates.  Firefox ESR was updated to version 45.8.0.

Note in particular the removal of support for Netscape Plugin API (NPAPI) plugins other than Flash.  Silverlight, Java, Acrobat and the like are no longer supported.  See Why do Java, Silverlight, Adobe Acrobat and other plugins no longer work? for Mozilla's explanation.

Additionally, Firefox users on Windows XP (EoL, End of Life, April 8, 2014) and Windows Vista (EoL April 11, 2017) have been migrated to the extended support release (ESR) version of Firefox. 

The next scheduled release is April 18,  2017 (5 week cycle with release for critical fixes as needed).

Security Fixes:

Critical

High

Moderate

Low

New

Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
  • Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
  • Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
  • Enabled multi-process Firefox for Windows users with touch screens
  • Enhanced Sync to allow users to send and open tabs from one device to another.

Fixed

  • Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
    • have chained dead keys
    • input two or more characters with a non-printable key or a dead key sequence
    • input a character even when a dead key sequence failed to compose a character

Changed

  • Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
  • Display (but allow users to override) an “Untrusted Connection” error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla’s CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team’s plans to deprecate SHA-1
  • Improved experience for downloads:
    • Notification in the toolbar when a download fails
    • Quick access to five most recent downloads rather than three
    • Larger buttons for canceling and restarting downloads
  • Removed Battery Status API to reduce fingerprinting of users by trackers
  • When not using Direct2D on Windows, Skia is used for content rendering
  • Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox. 
Update:

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    No comments: