Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

Upgrade experience

[Artem+S.+Tashkinov]

• My bookmarks bar is invisible on start up and in every new private window. The only way to show it is to hide and then unhide it.
• The settings button (three horizontal bars) doesn't work. You click it - nothing happens
• Firefox doesn't restore saved windows/tabs from the previous session even though it's what my preferences say: Show my windows and tabs from last time.
• Firefox has reset my lightweight theme (luckily I have a backup).

The worst update ever. I'm horrified by the prospect of upcoming Firefox 57 which will kill at least the third of my XUL add-ons.

The previous ESR release is no longer supported. Fuck you Mozilla.

Re:Upgrade experience

The previous ESR release is no longer supported. Fuck you Mozilla.

False

Re:Upgrade experience

You probably had a broken profile already. I have none of these issues, I haven't experienced a single problem so far.

Re:Upgrade experience

[Artem+S.+Tashkinov]

You must have zero add-ons installed, IOW you could use any other web browser. That's the sole reason Firefox was created, right? To allow extreme customizability, no?

I have a shitton of addons installed because it's the only way to make Firefox behave like I want it to.

Re:Upgrade experience

As another AC pointed out, the previous ESR is still supported until mid-June (and you don't have to stop using it as soon as its support ends).

I hope you consider submitting those bugs to Bugzilla, because you seem to be quite good at identifying and articulating the problems you experience.

Re:Upgrade experience

[Artem+S.+Tashkinov]

Have you even followed your own link? Firefox 45 will see the last release in several weeks and after that it's 52 for the next 9 months or so.

45 ESR is basically dead and unsupported.

Re:Upgrade experience

[Artem+S.+Tashkinov]

Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".

Alas, that's what I'm going to do, because Firefox is still the best web browser out there. Too bad, it's headed in the direction of becoming a Chrome clone.

Re:Upgrade experience

[Tranzistors]

All that resetting is necessary to help to debug. If the bug is in add-ons, then it should be reported to the add-on developers. If it is really a fault of Mozilla, add-on developers should report it, since they will probably have a better insight of what exactly has gone wrong.

Similar with settings. If you have messed with about:config, it is nigh impossible for Mozilla to test all the permutations, or provide reasonable upgrade path to all of them.

In my workplace, we have similar issues, but we solve them by selling support. Since you get FF for free, it would be unreasonable to expect them to handle your specific configuration.

Re:Upgrade experience

[Artem+S.+Tashkinov]

For anyone who has the same problems (they are all caused by the same add-on): the culprit is

Status-4-Evar

Disable it and Firefox becomes functional, albeit without a status bar. I'm now trying to understand what status bar add ons still work with Firefox 52 (the status bar was removed aeons ago because Firefox developers believe no one needs it).

Re:Upgrade experience

[hairyfeet]

Switch to Pale Moon, it is what FF USED to be before they decided to become a shitty Chrome clone. Nearly all your extensions work (for the few that don't work with the latest they have a handy link to a known working version and you can always contact the devs of your favorite extensions like I did and ask them to add Pale Moon support), it handles like the old FF, they even have a Linux version so if you want the same browser on both Windows and Linux with your bookmarks synced between the two? Its not a problem.

I switched nearly 2 years ago and I can tell you its really good and unlike FF they actually LISTEN TO THE USERS and don't take a steaming dump on the UI every other release like FF does.

Re:Upgrade experience

That's the sole reason Firefox was created, right? To allow extreme customizability, no?

No. The original goal was to provide a lean, efficient web browser that gets the hell out of your way so you can work. Extreme customizability through a clumsy, bug-ridden add-on system is the new goal which, obviously, has completely replaced the original one.

Re:Upgrade experience

[Artem+S.+Tashkinov]

While we are at it, I've found it:

The Addon Bar (Restored) still works. Hopefully slashdotters will forgive me for 100+ messages in the comments section.

Re:Upgrade experience

[Waffle+Iron]

Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".

Let's say you bring your pickup truck to the Ford dealer for warranty repairs because you claim it "handles like crap".

If they tell you to first remove the after-market 6-inch lift kit and 35-inch off road-tires that you installed, would that be unreasonable?

Re:Upgrade experience

[Artem+S.+Tashkinov]

This add-on also breaks Firefox. So far there are no functional status bar addons for this version. :-(

Re:Upgrade experience

The original plugin structure was old-fashioned, insecure, and unstable. Firefox can't be a modern browser without leaving the old API behind. Sorry dude, progress is progress.

If your vast array of plugins are breaking Firefox, how is that Mozilla's fault? If you don't like the new versions, then use the old versions forever. Honestly you sound like an IE6 user who's upset that support is ending and they will have to make all their projects standards-compliant. boo-hoo

Re:Upgrade experience

[mujadaddy]

I switched nearly 2 years ago and I can tell you its really good

Quantify "really good" for compsci nerds.

How many security updates have Pale Moon Devs done since "2 years ago"? The internet seems to unfortunately be a moving target. You'd think they'd run out of bugs eventually =-)

I ask these questions as someone who has frozen at an earlier FF (51?) on my personal desktop, and doesn't bother with it at all for work development, and is saddened by it.

I just don't think the Pale Moon team has the manpower to keep up.

Re:Upgrade experience

You can try one of two things:

a) reset all settings, then try a fresh profile. This "fix" will last until the next time it happens.
b) use a different browser. This is a permanent fix. Unfortunately it comes with its own side effects, which is probably why so many people use multiple browsers.

Re:Upgrade experience

Let's say the 6" lift kit and 35" off-road tires are used by > 50% of Ford truck owners. Would it be reasonable to assume Ford has some interest in making it work well with that setup?

Re:Upgrade experience

The more accurate car analogy would be for you to remove the non-manufacturer provided tires you got from their approved retail partners, then delete your radio station presets and move your seats back to their initial positions, then replace the body with a new one.

I agree with the GP, if the problem is with the engine, fix the engine.

Re:Upgrade experience

Me either

Re:Upgrade experience

[trawg]

So I read your post in fear, backed up via MozBackup, and then upgraded to see what would happen.

Luckily I had none of the problems you did - except the font rendering has changed. This seems to be a global thing - tab titles look a little different (I think), but most notably almost every page I go to looks a little off - like the fonts aren't being smoothed properly, or something.

Super noticable on text heavy sites (like Gmail and Slashdot).

After the usual amount of fucking around trying to find what it was, I found some 'cleartype' settings (about:config, search for cleartype) that were non-default, so I just right-clicked them and reset them to default, and now it is back to normal. YMMV.

As is usual with every Firefox update, may the force be with you and your plugins at this stressful time.

Re:Upgrade experience

Progress is not progress when it's degradation.

Re:Upgrade experience

progress is progress.

It would be nice if we saw some actual progress, and not "progress" like Apple removing things for the sake of "courage" (and, of course, draconian control over users and their data, and increased revenues for new and expensive accessories). I'll bet that you think updates that slow a computer to the point that it has to be replaced are "progress," too, rather than planned and/or enforced obsolescence, particularly when you're given no choice in the updates. This isn't that, but it comes from exactly the same pot, except a crappier pot since this is the process of Firefox becoming yet another Chrome also-ran. They're turning in whatever advantages they had for basically nothing, and screwing over their remaining users while they're at it - users who often used Firefox because they had far more control over the browser.

There is a reason why the Wintel architecture ruled for so long and is so powerful now - backwards compatibility, which is what Mozilla is going well out of its way to destroy. The fact that corporations are trying to take control of computers back from the users and turn all software into something tethered into their control (via "support" if they can't slowly drag it into being Software As A Service, regardless of whether or not such a beast is actually needed) is hardly progress, unless you happen to be one of the rulers. Maybe you are, I don't know. But so far as I am concerned, and many others, Apple can keep its courage and expensive, courageous accessories. If I want to use Chrome, I'll use Chrome, not Firefox-skinned Chromium.

Re:Upgrade experience

[eam3]

I got lucky then. I updated to 52.0 and my bookmarks are fine (even in private mode), my add-ons are fine and it's working just like it was before. That's only on one computer though, have not tried it at home yet (Windows10/Linux Mint 18.1).

Re:Upgrade experience

It's not unreasonable at all, but then they should re-install said customizations so you can drive away the way you came in.

Re:Upgrade experience

[SeaFox]

Let's say the 6" lift kit and 35" off-road tires are used by > 50% of Ford truck owners. Would it be reasonable to assume Ford has some interest in making it work well with that setup?

Not if they are after-market parts -- you're putting Ford in the position of keeping track of what the aftermarket mod industry is doing. That's a classic case of the tail wagging the dog. Ford builds the truck to perform a certain way as they built it. If the owner adds a bunch of crap to it Ford had no design input on, they can't hold Ford responsible if the truck no longer performs the same.

If that suspension change was so popular, Ford would start offering the truck in that configuration from the factory. That way they have control over what it done and the final result.

But then you would have complaints from people who want a "streamlined vehicle that uses less petroleum resources".

Re:Upgrade experience

You are half right but mostly wrong. The goal was not to create a minimal browser. The idea from the beginning was to build a "make your own browser kit" that would have a lean core and, yes, an extreme level of customisability though a highly extensible plugin system.

There was never any suggestion that uses would want to use the less-minimal-than-viable core as a browser.

Re:Upgrade experience

Nearly all your extensions work... and you can always contact the devs of your favorite extensions like I did and ask them to add Pale Moon support

1) Out of 21 extensions I use, 2 work with Pale Moon. And they are the ones I would consider non-essential.
2) Most devs can hardly keep up with breakage in mainline Firefox.
3) Firefox internals are changing so much it is impossible support both browsers with one codebase for all but the most trivial of extensions. Meaning a wildly divergent fork is required, doubling the developers workload for zero gain to them.
4) There are a huge number - decades worth! - of extensions that are no longer maintained. They won't be ported to New Firefox OR Pale Moon.
5) I suspect you don't use many extensions or you haven't really tried contacting many developers or you would already know this.

Re:Upgrade experience

I'm late to the party, but I'll post anyway. People always trot out this stuff about what the goals of Firefox were, but a lot of it is simply made up, plain and simple, or what other people took it to be about. The extensibility of Firefox was what people most liked about it, but it wasn't the big goal of the project itself. Go on wayback machine and look at the Phoenix/Firefox pages from 2002; making a lean, customizable browser is not a prominently featured aspect of the project anywhere. Prominent features of Firefox as of 2004; "Tabbed Browsing", "Pop-up Blocking", "Find Stuff Faster" (Google bar, smart keywords), "Simplified Privacy", "Annoyance Eliminator", etc, etc, then bottom of list "Customize Toolbars", "Most Extensible". The emphasis is clearly on the features of the browser itself, not on leanness and extensibility. Look through the FAQs from back then, and the main mention of "leanness" refers to the fact that Firefox is a stand-browser as opposed to the Mozilla Application Suite; the leanness of the browser itself is barely mentioned unless you dig into developer blogs.

And if you were actually using it and paying in the early days, when add-ons were completely free to shit on each other and on the browser, you'd know that the attitude of the Firefox devs back then to add-on issues was "If an add-on is causing problems, don't use it." As far as they were concerned, they were building a browser, and the add-ons were just a bonus. It took literally years for them to get to grips with the fact that people were actually using Firefox primarily because of the add-ons and customisability, and realize that they better make the add-on platform a bit more robust. Which is largely how we got to where we are today.

Re:Upgrade experience

[trawg]

I seem to have a functional status bar, just using Classic Theme Restorer!

Re:Upgrade experience

*paying attention

Re:Upgrade experience

[Blaskowicz]

Fun fact, I eventually tried Classic Theme Restorer and found it looked like ass anyway, like it didn't play well with the GTK theme and had some "default" looking colors or shape that would work fine on the Windows 7 x64 SP1 that everyone uses except linux users. The configuration GUI looks like a space shuttle simulator, which is why I went not far and moreover the Firefox 4 GUI isn't that "classic" to me. But I don't want to flame the authors or the users!

Hopefully Firefox moves on in a good way. After XUL is completely removed, and after version 52 runs out, we'll lose things, but we might gain new things. i.e. the derivative browser scene won't die out and maybe we'll see more of them based on the "new Firefox" instead of webkit or Blink.

Re:Upgrade experience

If "lean and efficient" was the goal of Firefox, then they have failed in spectacular fashion. It works for me, as long as I restart it a couple of times every day. It always depends on how quickly the memory leaks make it unresponsive.

Still better than Chrome though. At least Firefox won't choke on under a dozen tabs.

Re:Upgrade experience

[knorthern+knight]

> How many security updates have Pale Moon Devs done since "2 years ago"?

Check their announcements page https://forum.palemoon.org/vie... Since 2015/03/13 they've released 25.3, 25.3.1, 25.3.2, 25.4, 25.4.1, 25.5, 25.6, 25.7.0, 25.7.1, 25.7.2, 25.7.3, 25.8, 25.8.1, 26.0, 26.0.2 (Note; 26.0.1 "internal only"), 26.0.3, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 26.3.1, 26.3.2, 26.3.3, 26.4.0, 26.4.0.1 (yes), 26.4.1, 26.5.0, 27.0.0, 27.0.1, 27.0.2, 27.0.3, 27.1.0, 27.1.1, and 27.1.2

That sounds like keeping up. Mind you, the version number bumping scheme is not ridiculously inflated, which might give the impression of an out-of-date browser.

ESR 1 year support

How shitty is technology, when the only extended support you can get is less than a fucking year.

Wow, 9 months of security updates!

Will Mozilla still be around by then?

Re:Wow, 9 months of security updates!

Will Mozilla still be around by then?

They'll be around until various companies stop giving them hundreds of millions of dollars of free money.

Re:Wow, 9 months of security updates!

Considering how tightly Firefox is still integrated with Google (e.g. when you first start your browser, you get a Google cookie), I wouldn't call it "free money".

Even search engine integrations such as the DuckDuckGo one is combined with tracking parameters to the URL to see which browser you use, even if you disable the User-Agent header, so it's not limited to Mozilla's interaction with marketing companies.

Re:Wow, 9 months of security updates!

[rudy_wayne]

Considering how tightly Firefox is still integrated with Google (e.g. when you first start your browser, you get a Google cookie), I wouldn't call it "free money".

Google paid Mozilla hundreds of millions of dollars a year and all Mozilla had to do was put a Google search box in their browser. That's it. Nothing else. That "tight integration" doesn't require a lot of developers or hundreds of millions of dollars.

  I call that free money.

When you have huge amounts of money constantly flowing in, with no requirement to deliver a decent product in return, you end up with a shit product, e.g., Firefox.

ESR branch!

Phew, for a moment I thought it was an Eric S. Raymond branch ...

Re:ESR branch!

Remember, it's Open Source (tm) so all bugs are shallow.

sending and recieving tabs to other users?

Cool. What could possibly go wrong?

Securing a home server

[tepples]

Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins

Imagine for a moment that you're seeing this notice on your home NAS. You'd consider making it secure, but a secure page requires a TLS certificate. Because friends and family bring their own smartphones, tablets, or laptops to access your home server, you don't want them to have to first install an internal root certificate. A TLS certificate that others already trust requires a domain because the CA/Browser Forum's Baseline Requirements forbids issuing a certificate for a made-up TLD or a private IPv4 address (such as 192.168/16). So now it appears everyone with a home server will have to buy a domain in order to make this go away.

Re:Securing a home server

[Tranzistors]

Oh, they should be informed that anyone on the network can sniff their password (which they most probably reuse). Even if they trust you to store it properly, they should not trust anyone else listening.

Re:Securing a home server

Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins

Imagine for a moment that you're seeing this notice on your home NAS. You'd consider making it secure, but a secure page requires a TLS certificate. Because friends and family bring their own smartphones, tablets, or laptops to access your home server, you don't want them to have to first install an internal root certificate. A TLS certificate that others already trust requires a domain because the CA/Browser Forum's Baseline Requirements forbids issuing a certificate for a made-up TLD or a private IPv4 address (such as 192.168/16). So now it appears everyone with a home server will have to buy a domain in order to make this go away.

It's just a warning. And, I think you can just click the box that says "always trust this certificate." What would be really kick ass is if browsers checked for weak or shared public keys, which is a problem particularly prevalent among embedded systems like home NAS appliances.

Re:Securing a home server

[tepples]

It's just a warning. And, I think you can just click the box that says "always trust this certificate."

Do the web browsers in video game consoles and set-top streaming boxes even have this box to check? If not, you can't use a self-signed certificate to stream to them from your NAS.

Re:Securing a home server

[Anonymous+Brave+Guy]

Just be glad you're not using professional networking gear that gets installed and then stays mostly untouched for years. A lot of gear that is still in use dates from the era when plugins were necessary to do just about anything graphical in a browser-based UI, and all of them just broke completely with the removal of NPAPI support. (There is a note on the Mozilla web site that the ESR for 52 doesn't have this limitation, so it looks like anyone in that position has about a year more before Firefox won't support them at all.)

Re:Securing a home server

[tepples]

Given that the NAS owner in your story will be using a self-signed cert (if he wasn't, then he would have been issued one by a Big CA, and he would already have a domain & etc...) and would _already_ be clicking through a "THIS IS A SELF-SIGNED CERT, ARE YOU SURE YOU WANNA DO THIS!?!?!?" warning

The NAS owner in my story was previously using cleartext HTTP. Switching from cleartext HTTP to HTTPS requires buying a domain.

Re:Securing a home server

> Switching from cleartext HTTP to HTTPS requires buying a domain.

Lolno. All it requires is creation of a local CA and signing a TLS cert with that CA. Both of those things are so easy to do that they could be trivially automated by the NAS's GUI.

https://devcenter.heroku.com/articles/ssl-certificate-self

And there's nothing that says that the DNS on your LAN can't have entries that aren't in the globally-reachable DNS. All of these routers who add DHCP client hostnames to local DNS and whose bailiwick is .lan or .local are existence proofs of a system with DNS entries that aren't in the global DNS.

But hey, I guess you're suffering from cryo-crankiness. I hear it wears off in a couple of weeks. Smile, The Future is not that bad!

Re:Securing a home server

[tepples]

Lolno. All it requires is creation of a local CA and signing a TLS cert with that CA.

How do you plan to install said local CA's root certificate on each device brought by a visitor to your home?

Re:Securing a home server

> How do you plan to install said local CA's root certificate on each device brought by a visitor to your home?

Don't worry, the cryofogginess will pass in a couple of weeks. However, if you're still feeling foggy after four weeks or so, you should report to your cryotechnician right away!

Earlier, I said:

"There's this _really_ nasty, big, scary warning that web browsers like to display when they're presented with a self-signed certificate. ... Given that the NAS owner in your story will be using a self-signed cert (if he wasn't, then he would have been issued one by a Big CA, and he would already have a domain & etc...) and would _already_ be clicking through a "THIS IS A SELF-SIGNED CERT, ARE YOU SURE YOU WANNA DO THIS!?!?!?" warning, I don't see how adding text to that page will do any harm."

Self-signed certs can be used in a TOFU capacity with no loss of security. The only side-effect is the initial scary warning GUI, and the "This Cert Is Self Signed!!!" site "security lock" UI.

Given that you said:

"A TLS certificate that others already trust requires a domain because the CA/Browser Forum's Baseline Requirements forbids issuing a certificate for a made-up TLD or a private IPv4 address (such as 192.168/16). So now it appears everyone with a home server will have to buy a domain in order to make this go away."

The Firefox change that you quoted:

"Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins"

changes absolutely nothing about that situation. Prior to FF 52.0, your choices were:

* Create a self-signed TLS cert and deal with the warnings and rely on TOFU.
* Create a self-signed TLS cert and put your CA in each connecting device's trusted CA list.
* Get a Real Domain and get a TLS cert signed by a CA that everyone trusts.

After FF 52.0, your choices are exactly the same.

Again, if the fogginess persists for more than a month, see your cryotechnican!

Re:Securing a home server

[tepples]

changes absolutely nothing about that situation. Prior to FF 52.0, your choices were:

* Create a self-signed TLS cert and deal with the warnings and rely on TOFU.
* Create a self-signed TLS cert and put your CA in each connecting device's trusted CA list.
* Get a Real Domain and get a TLS cert signed by a CA that everyone trusts.

Your comment did not list the fourth choice:

* Use cleartext HTTP instead of HTTPS.

After FF 52.0, your choices are exactly the same.

Firefox 52.0 adds a warning to the fourth choice, removing its advantage over "Create a self-signed TLS cert and deal with the warnings and rely on TOFU."

Self-signed certs can be used in a TOFU capacity with no loss of security.

Provided the device has a user interface for TOFU, as opposed to just giving an error message to the effect "Secure Connection Failed" that the device's user cannot override. I don't have an iPhone with which to test; does Safari for iOS have UI for TOFU?

Re:Securing a home server

It's just a warning. And, I think you can just click the box that says "always trust this certificate."

Do the web browsers in video game consoles and set-top streaming boxes even have this box to check? If not, you can't use a self-signed certificate to stream to them from your NAS.

Those devices have nothing to do with firefox, though.

Re:Securing a home server

> Your comment did not list the fourth choice:
>* Use cleartext HTTP instead of HTTPS.

That's because your proposed hypothetical situation was:

>> Imagine for a moment that you're seeing this notice on your home NAS. You'd consider making it secure, but a secure page requires a TLS certificate.

When the situation is "Make a web page secure by running it through TLS", using cleartext HTTP isn't an option. Once the fogginess lifts, you'll be less inclined to goalpost shift.

Remember that your original premise was "Firefox 52 and later won't let you do HTTPS without buying a domain and getting a TLS cert from a Real CA.". As I've demonstrated, this is untrue; the self-signed HTTPS story hasn't changed a bit.

> Provided the device has a user interface for TOFU, as opposed to just giving an error message to the effect "Secure Connection Failed" that the device's user cannot override.

I have seen attempts to make the "Just let me continue the TLS connection" button really easy to miss, but I've never seen a browser that (out of the box, absent any special corporate policy settings) prohibits self-signed HTTPS connections. Have you?

> I don't have an iPhone with which to test; does Safari for iOS have UI for TOFU?

The bulleted list in Tip #1 seems to indicate that iOS Safari works just like every other major browser in the world:

https://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/

More up-to-date content gives the impression that this hasn't changed since 2013.

Re:Securing a home server

[tepples]

The connection to Firefox is that if you modify the site on your private network to make Firefox show the warning only once rather than on every visit, that may break your site on other devices.

To hell with new features!

Make it faster! And do something about it hanging on scripts.Half the time the fucker hangs on seekingalpha.com.

I tell ya, Chrome is looking better and better!

Re:To hell with new features!

I tell ya, Chrome is looking better and better!

So you want your browser to be controlled by a very large for-profit on-line advertising company?

Re:ESR 1 year support

My thought exactly. 1 year is not an extended service release.

What the fuck is wrong with these people? It's really a shame to see just how badly they have fucked up Firefox.

the widely-used web browser

[QuietLagoon]

How Firefox's market share risen above 10% yet? What is Mozilla doing to make Firefox more compatible with sites that work well on other browsers?

.
https://www.netmarketshare.com...

Re:the widely-used web browser

According to netmarketshare it's 11.7% if the desktop market using Firefox, which is over 10%. The number you pulled included ONLY version 51. You left our everyone using ESR, all the people with up-to-date Developer Edition, and everyone who hadn't yet received the then-latest update.

https://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0

Re:the widely-used web browser

[QuietLagoon]

According to netmarketshare it's 11.7% ...

Thanks for the update.... Now, about those rendering issues...

Confused there for a minute

Wait... the Eric S. Raymond release? Awesome!

Re:ESR 1 year support

Why do you consider progress to be shitty? Plus ca change.

The important stuff for enterprise is:

[beat.bolli]

By setting security.enterprise_roots.enabled to true FF will check the Windows Certificate Store for CAs that can be pushed via GPO, so it should integrate more easily with Enterprise setups.

Who wants WebAssembly?

The main sources of online vulnerabilities have been Java, Flash, Silverlight, Adobe PDF plugin, and of course javascript. Running executable code in the browser is not a good idea. So how is it that so many people think adding a new vulnerability is a good idea? The reason, of course, is services and the possible profit from them. I will not be using a browser with WebAssembly built in.

Re:Who wants WebAssembly?

This is adding a new vulnerability, but eventually the plan is to replace the Javascript runtime with a Javascript-to-WebAssembly translator, which will remove a vulnerability, so we'll be down to only one part of the browser that runs executable code like before.

Re:Who wants WebAssembly?

[bill_mcgonigle]

The reason, of course, is services and the possible profit from them.

Your paranoia has crossed over into pure nonsense here. Anyway, WebAssembly is easier to audit for security problems than a JavaScript JIT, so as JavaScript moves to WebAssembly as a backend you'll have even better security.

I will not be using a browser with WebAssembly built in.
. :rolleyes:

Garbage reporting

The reporter who wrote this needs some English lessons. Very poor structure of English sentences in this articles.

'bout time we have a ESR release

Does it have more guns and fetchmail?

Needs a fork for XP users.

Now this is the last ESR that supports XP, they should make it a extra long support period until Windows XP market share is less than 1%. Currently it is 8%.

Mozilla Who Again?

[Neuronwelder]

Uh, excuse me, but didn't you say that Firefox was going the way of Chrome: No blocking of cookie tracking, and no advertiser blocking allowed! Along with any downloading monitored? And absolutely no tweaking of the browser! I think that article was posted weeks ago. What? Did they change their mind all of a sudden?

What progress?

I've been using and developing for the web for a very long time. It has been ages since I've seen anything I could even barely consider to be "progress".

Look at the so-called Web 2.0 technologies.

HTML5 isn't "progress". It added a few new tags that only have vague semantic meaning. It relaxed expectations so that lazy web devs could feed shitty, broken HTML to browsers and things would kind of work.

JavaScript isn't "progress". It's still a broken language, 20+ years on. It's only very recently that we've seen it get things like classes (instead of its shitty prototypes) that other languages have had for ages. Its standard library is still poop.

CSS still makes it a pain in the ass to create common layouts, and it makes it even harder to make them responsive.

Then there's the truly creepy functionality, like access to cameras, microphones, and geolocation data. I don't want online advertisers watching, listening, and tracking me.

Being able to play audio and video isn't much of an improvement. We had been able to do that for ages using various plugins, or external media players.

WebGL is pretty much useless. The only thing I've seen it used for is making shitty recreations of 1990s-era games that actually end up performing worse than the originals that ran on 386s!

Focusing on Firefox, I haven't seen anything good out of it in so long. Its UI is worse now than it was back during the Firefox 3 era. It still feels slower than Chrome. It still tends to use more memory than Chrome.

I want progress. I'd actually love to see the web progress. But that sure isn't what has happened lately. Browser upgrades end up being more like regressions in practice. The user experience gets worse and worse.

Re:What progress?

[Blaskowicz]

I recently ran some Tetris or Pacman type of game that was super smooth (and looked like early 80s, except it has to be about 1000-pixel wide now)
Well, it is butter smooth except for the garbage collection pause every second that makes it super jerky. It was not WebGL stuff though.

I wonder if we'll see 3D shit in web pages that suddenly makes your browser consume 1GB more memory, or half GB, pushing the PC into swap hell, not to mention "run out of swap" hell. I will eventually map a keyboard key to "killall Web\ Content".

We can't ignore mobile web users.

I don't think that 11.7% is a realistic number, at least across the board.

At the very least, it doesn't match with what I'm seeing on sites that target nontechnical users.

The linked-to stats do mention that they're for the "Desktop Browser Version Market Share". Ignoring mobile users is a big mistake today. It's not 2004. Today, mobile users make up a significant (about 30%, if not more) of web browsing activity.

These stats on the other hand are much, much closer to what I, and others I know of, are actually seeing.

Firefox is closer to 5% to 6%. It hasn't been near 10% for several years now. It has essentially no mobile presence, which drags its market share down when you consider the full picture.

Chrome is the dominant browser. It's around 50% of the market. Chrome has about 10 times the number of users than Firefox does.

Firefox is a niche player. It's behind Chrome, it's behind Safari, it's behind UC Browser for Android. It's almost behind IE/Edge. Even Opera nearly has more users than Firefox now, and this is even after significant disruption within the Opera ecosystem.

Firefox should not be called "widely used".

Re:We can't ignore mobile web users.

What is going on with that stat graph you provided? No label on the non-existent left axis. No total height for any column. Some sort of snap-shotting? Seriously, WTF.

Re: We can't ignore mobile web users.

Except that it's widely used.

Re: We can't ignore mobile web users.

Firefox is not widely used. It has a single-digit market share percentage, well behind the real players in the game. If we're being kind, we can consider it a relic from times long gone. Realistically, we should just consider it what it is: a failed software project, destroyed by numerous dumb decisions made by its developers that ruined its usability and drove away its user base.

Not available in the oficial Mozilla site

[williamyf]

As of March 2PM Eastern time, the official Mozilla Firefox ESR site

https://www.mozilla.org/en-US/...

is still offering ESR 45.8.0 and NOT esr 52.0.0

Please notice that TFA links to their own download site and NOT Mozilla's

----------

As per the NPAPI support:

NPAPI support is there in the code, since the NPAPI Flash plug-in still works. Is only that Mozilla's developers decided to disable it for all other plugins.
Plugins that do not use NPAPI are failing because Firefox is slowly rolling out multiplrocess (project electrolysis) and this interferes with Plugins.
As for Ad-ons (which are different beasts than plugins), the problem is both project Electrolysis AND the fact that Mozilla is migrating from their plug-in APIs of yore, to an API similar (but no completely equal to) chrome's, for security and performance reasons.

The path of least resistance, at least for now, is to install ESR 52, disable multiprocess and hang on to it until around june next year. Also, bear in mind that, on older hardware, Multiprocess (think core processos before the i series, specialy 2 cores non multithreaded machines) is actually SLOWER than the singlethreaded firefox way. This is specially important for Plugins used to handle pro grade equipment (servers, networking gear, etc)

The harder, but more efective long term path is to upgrade/substitute problematic Plug-Ins and AdOns and embrace the more secure multiprocessing future head on. Or change browser...

Me, I have been on the ESR channel since it was enabled, so you now my answer... ;-) :-P

Re:Not available in the oficial Mozilla site

[CrashNBrn]

I've been on Nightly and Firefox Developer (Auora) for 3 - 4 years. All of the necessary Add-ons work just fine. I got rid of all of QuickSaver's extensions as he pre-announced that he wasn't going to support them any longer due to the upcoming FF 57.

Activity Stream (Mozilla)
Copy All Tab Urls WE
Enpass Password Manager
Greasemonkey
Multiple Tab Handler
Page Shot (Mozilla)
Session Manager
SnoozeTabs (Mozilla)
Stylish
Stylish-Custom
Tabhunter
Test Pilot (Mozilla)
Tree Style Tab
uBlock Origin
uMatrix
Vertical Toolbar

Checking list of 15+ year-old bugs ....

Did they fix any of the top vote getting bugs that are over 15 years old? Nope. So Chrome it is.

ESR Branch?

Next thing you know, they'll have an RMS branch too.

Try Firefox 52 without installing

[pkrumins]

Hi all! I just added Firefox 52 to Browserling. You can try this latest Firefox version without installing right from your browser via this link:

www.browserling.com/firefox/52/slashdot.org

We run the browsers in virtual machines and stream them to your browser. If the demand is too high then you'll have to wait in a queue for a while to try it. I'm adding more virtual machines right now to let more people try it without waiting.

Re:Try Firefox 52 without installing

Ah, the unfiltered advertising experience!

DO NOT UPGRADE!

It appears to require pulseaudio.

ESR branch?

[Snard]

When I saw there was an ESR branch, my first thought is that they had renamed it to GNU/Firefox.