Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 (softpedia.com)

Posted by BeauHD on from the it's-about-time dept.

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

39 of 91 comments (clear)

  1. Upgrade experience by Artem+S.+Tashkinov · · Score: 1, Insightful
    • My bookmarks bar is invisible on start up and in every new private window. The only way to show it is to hide and then unhide it.
    • The settings button (three horizontal bars) doesn't work. You click it - nothing happens
    • Firefox doesn't restore saved windows/tabs from the previous session even though it's what my preferences say: Show my windows and tabs from last time.
    • Firefox has reset my lightweight theme (luckily I have a backup).

    The worst update ever. I'm horrified by the prospect of upcoming Firefox 57 which will kill at least the third of my XUL add-ons.

    The previous ESR release is no longer supported. Fuck you Mozilla.

    1. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 3, Insightful

      You must have zero add-ons installed, IOW you could use any other web browser. That's the sole reason Firefox was created, right? To allow extreme customizability, no?

      I have a shitton of addons installed because it's the only way to make Firefox behave like I want it to.

    2. Re:Upgrade experience by Anonymous Coward · · Score: 1

      As another AC pointed out, the previous ESR is still supported until mid-June (and you don't have to stop using it as soon as its support ends).

      I hope you consider submitting those bugs to Bugzilla, because you seem to be quite good at identifying and articulating the problems you experience.

    3. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 1, Troll

      Have you even followed your own link? Firefox 45 will see the last release in several weeks and after that it's 52 for the next 9 months or so.

      45 ESR is basically dead and unsupported.

    4. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 3, Insightful

      Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".

      Alas, that's what I'm going to do, because Firefox is still the best web browser out there. Too bad, it's headed in the direction of becoming a Chrome clone.

    5. Re:Upgrade experience by Tranzistors · · Score: 3, Informative

      All that resetting is necessary to help to debug. If the bug is in add-ons, then it should be reported to the add-on developers. If it is really a fault of Mozilla, add-on developers should report it, since they will probably have a better insight of what exactly has gone wrong.

      Similar with settings. If you have messed with about:config, it is nigh impossible for Mozilla to test all the permutations, or provide reasonable upgrade path to all of them.

      In my workplace, we have similar issues, but we solve them by selling support. Since you get FF for free, it would be unreasonable to expect them to handle your specific configuration.

    6. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 3, Informative

      For anyone who has the same problems (they are all caused by the same add-on): the culprit is

      Status-4-Evar

      Disable it and Firefox becomes functional, albeit without a status bar. I'm now trying to understand what status bar add ons still work with Firefox 52 (the status bar was removed aeons ago because Firefox developers believe no one needs it).

    7. Re:Upgrade experience by hairyfeet · · Score: 1

      Switch to Pale Moon, it is what FF USED to be before they decided to become a shitty Chrome clone. Nearly all your extensions work (for the few that don't work with the latest they have a handy link to a known working version and you can always contact the devs of your favorite extensions like I did and ask them to add Pale Moon support), it handles like the old FF, they even have a Linux version so if you want the same browser on both Windows and Linux with your bookmarks synced between the two? Its not a problem.

      I switched nearly 2 years ago and I can tell you its really good and unlike FF they actually LISTEN TO THE USERS and don't take a steaming dump on the UI every other release like FF does.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    8. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 1

      While we are at it, I've found it:

      The Addon Bar (Restored) still works. Hopefully slashdotters will forgive me for 100+ messages in the comments section.

    9. Re:Upgrade experience by Waffle+Iron · · Score: 4, Interesting

      Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".

      Let's say you bring your pickup truck to the Ford dealer for warranty repairs because you claim it "handles like crap".

      If they tell you to first remove the after-market 6-inch lift kit and 35-inch off road-tires that you installed, would that be unreasonable?

    10. Re:Upgrade experience by Artem+S.+Tashkinov · · Score: 2

      This add-on also breaks Firefox. So far there are no functional status bar addons for this version. :-(

    11. Re:Upgrade experience by mujadaddy · · Score: 2

      I switched nearly 2 years ago and I can tell you its really good

      Quantify "really good" for compsci nerds.

      How many security updates have Pale Moon Devs done since "2 years ago"? The internet seems to unfortunately be a moving target. You'd think they'd run out of bugs eventually =-)

      I ask these questions as someone who has frozen at an earlier FF (51?) on my personal desktop, and doesn't bother with it at all for work development, and is saddened by it.

      I just don't think the Pale Moon team has the manpower to keep up.

      --
      Populus vult decipi, ergo decipiatur...
      "Force shits upon Reason's back." - Poor Richard's Almanac
    12. Re:Upgrade experience by Anonymous Coward · · Score: 1

      Let's say the 6" lift kit and 35" off-road tires are used by > 50% of Ford truck owners. Would it be reasonable to assume Ford has some interest in making it work well with that setup?

    13. Re:Upgrade experience by Anonymous Coward · · Score: 1

      The more accurate car analogy would be for you to remove the non-manufacturer provided tires you got from their approved retail partners, then delete your radio station presets and move your seats back to their initial positions, then replace the body with a new one.

      I agree with the GP, if the problem is with the engine, fix the engine.

    14. Re:Upgrade experience by trawg · · Score: 1

      So I read your post in fear, backed up via MozBackup, and then upgraded to see what would happen.

      Luckily I had none of the problems you did - except the font rendering has changed. This seems to be a global thing - tab titles look a little different (I think), but most notably almost every page I go to looks a little off - like the fonts aren't being smoothed properly, or something.

      Super noticable on text heavy sites (like Gmail and Slashdot).

      After the usual amount of fucking around trying to find what it was, I found some 'cleartype' settings (about:config, search for cleartype) that were non-default, so I just right-clicked them and reset them to default, and now it is back to normal. YMMV.

      As is usual with every Firefox update, may the force be with you and your plugins at this stressful time.

    15. Re:Upgrade experience by eam3 · · Score: 1

      I got lucky then. I updated to 52.0 and my bookmarks are fine (even in private mode), my add-ons are fine and it's working just like it was before. That's only on one computer though, have not tried it at home yet (Windows10/Linux Mint 18.1).

    16. Re:Upgrade experience by SeaFox · · Score: 1

      Let's say the 6" lift kit and 35" off-road tires are used by > 50% of Ford truck owners. Would it be reasonable to assume Ford has some interest in making it work well with that setup?

      Not if they are after-market parts -- you're putting Ford in the position of keeping track of what the aftermarket mod industry is doing. That's a classic case of the tail wagging the dog. Ford builds the truck to perform a certain way as they built it. If the owner adds a bunch of crap to it Ford had no design input on, they can't hold Ford responsible if the truck no longer performs the same.

      If that suspension change was so popular, Ford would start offering the truck in that configuration from the factory. That way they have control over what it done and the final result.

      But then you would have complaints from people who want a "streamlined vehicle that uses less petroleum resources".

    17. Re:Upgrade experience by trawg · · Score: 1

      I seem to have a functional status bar, just using Classic Theme Restorer!

    18. Re:Upgrade experience by Blaskowicz · · Score: 1

      Fun fact, I eventually tried Classic Theme Restorer and found it looked like ass anyway, like it didn't play well with the GTK theme and had some "default" looking colors or shape that would work fine on the Windows 7 x64 SP1 that everyone uses except linux users. The configuration GUI looks like a space shuttle simulator, which is why I went not far and moreover the Firefox 4 GUI isn't that "classic" to me. But I don't want to flame the authors or the users!

      Hopefully Firefox moves on in a good way. After XUL is completely removed, and after version 52 runs out, we'll lose things, but we might gain new things. i.e. the derivative browser scene won't die out and maybe we'll see more of them based on the "new Firefox" instead of webkit or Blink.

    19. Re:Upgrade experience by knorthern+knight · · Score: 1

      > How many security updates have Pale Moon Devs done since "2 years ago"?

      Check their announcements page https://forum.palemoon.org/vie... Since 2015/03/13 they've released 25.3, 25.3.1, 25.3.2, 25.4, 25.4.1, 25.5, 25.6, 25.7.0, 25.7.1, 25.7.2, 25.7.3, 25.8, 25.8.1, 26.0, 26.0.2 (Note; 26.0.1 "internal only"), 26.0.3, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 26.3.1, 26.3.2, 26.3.3, 26.4.0, 26.4.0.1 (yes), 26.4.1, 26.5.0, 27.0.0, 27.0.1, 27.0.2, 27.0.3, 27.1.0, 27.1.1, and 27.1.2

      That sounds like keeping up. Mind you, the version number bumping scheme is not ridiculously inflated, which might give the impression of an out-of-date browser.

      --

      I'm not repeating myself
      I'm an X window user; I'm an ex-Windows user
  2. ESR branch! by Anonymous Coward · · Score: 1

    Phew, for a moment I thought it was an Eric S. Raymond branch ...

  3. Securing a home server by tepples · · Score: 4, Informative

    Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins

    Imagine for a moment that you're seeing this notice on your home NAS. You'd consider making it secure, but a secure page requires a TLS certificate. Because friends and family bring their own smartphones, tablets, or laptops to access your home server, you don't want them to have to first install an internal root certificate. A TLS certificate that others already trust requires a domain because the CA/Browser Forum's Baseline Requirements forbids issuing a certificate for a made-up TLD or a private IPv4 address (such as 192.168/16). So now it appears everyone with a home server will have to buy a domain in order to make this go away.

    1. Re:Securing a home server by Tranzistors · · Score: 1

      Oh, they should be informed that anyone on the network can sniff their password (which they most probably reuse). Even if they trust you to store it properly, they should not trust anyone else listening.

    2. Re:Securing a home server by tepples · · Score: 1

      It's just a warning. And, I think you can just click the box that says "always trust this certificate."

      Do the web browsers in video game consoles and set-top streaming boxes even have this box to check? If not, you can't use a self-signed certificate to stream to them from your NAS.

    3. Re:Securing a home server by Anonymous+Brave+Guy · · Score: 1

      Just be glad you're not using professional networking gear that gets installed and then stays mostly untouched for years. A lot of gear that is still in use dates from the era when plugins were necessary to do just about anything graphical in a browser-based UI, and all of them just broke completely with the removal of NPAPI support. (There is a note on the Mozilla web site that the ESR for 52 doesn't have this limitation, so it looks like anyone in that position has about a year more before Firefox won't support them at all.)

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    4. Re:Securing a home server by tepples · · Score: 1

      Given that the NAS owner in your story will be using a self-signed cert (if he wasn't, then he would have been issued one by a Big CA, and he would already have a domain & etc...) and would _already_ be clicking through a "THIS IS A SELF-SIGNED CERT, ARE YOU SURE YOU WANNA DO THIS!?!?!?" warning

      The NAS owner in my story was previously using cleartext HTTP. Switching from cleartext HTTP to HTTPS requires buying a domain.

    5. Re:Securing a home server by tepples · · Score: 1

      Lolno. All it requires is creation of a local CA and signing a TLS cert with that CA.

      How do you plan to install said local CA's root certificate on each device brought by a visitor to your home?

    6. Re:Securing a home server by tepples · · Score: 1

      changes absolutely nothing about that situation. Prior to FF 52.0, your choices were:

      * Create a self-signed TLS cert and deal with the warnings and rely on TOFU.
      * Create a self-signed TLS cert and put your CA in each connecting device's trusted CA list.
      * Get a Real Domain and get a TLS cert signed by a CA that everyone trusts.

      Your comment did not list the fourth choice:

      * Use cleartext HTTP instead of HTTPS.

      After FF 52.0, your choices are exactly the same.

      Firefox 52.0 adds a warning to the fourth choice, removing its advantage over "Create a self-signed TLS cert and deal with the warnings and rely on TOFU."

      Self-signed certs can be used in a TOFU capacity with no loss of security.

      Provided the device has a user interface for TOFU, as opposed to just giving an error message to the effect "Secure Connection Failed" that the device's user cannot override. I don't have an iPhone with which to test; does Safari for iOS have UI for TOFU?

    7. Re:Securing a home server by tepples · · Score: 1

      The connection to Firefox is that if you modify the site on your private network to make Firefox show the warning only once rather than on every visit, that may break your site on other devices.

  4. The important stuff for enterprise is: by beat.bolli · · Score: 2

    By setting security.enterprise_roots.enabled to true FF will check the Windows Certificate Store for CAs that can be pushed via GPO, so it should integrate more easily with Enterprise setups.

    --
    Karma: none (due to not believing in reincarnation)
  5. Who wants WebAssembly? by Anonymous Coward · · Score: 1

    The main sources of online vulnerabilities have been Java, Flash, Silverlight, Adobe PDF plugin, and of course javascript. Running executable code in the browser is not a good idea. So how is it that so many people think adding a new vulnerability is a good idea? The reason, of course, is services and the possible profit from them. I will not be using a browser with WebAssembly built in.

    1. Re:Who wants WebAssembly? by bill_mcgonigle · · Score: 2

      The reason, of course, is services and the possible profit from them.

      Your paranoia has crossed over into pure nonsense here. Anyway, WebAssembly is easier to audit for security problems than a JavaScript JIT, so as JavaScript moves to WebAssembly as a backend you'll have even better security.

      I will not be using a browser with WebAssembly built in.
      . :rolleyes:

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Re:the widely-used web browser by Anonymous Coward · · Score: 1

    According to netmarketshare it's 11.7% if the desktop market using Firefox, which is over 10%. The number you pulled included ONLY version 51. You left our everyone using ESR, all the people with up-to-date Developer Edition, and everyone who hadn't yet received the then-latest update.

    https://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0

  7. Re:the widely-used web browser by QuietLagoon · · Score: 1

    According to netmarketshare it's 11.7% ...

    Thanks for the update.... Now, about those rendering issues...

  8. Not available in the oficial Mozilla site by williamyf · · Score: 1

    As of March 2PM Eastern time, the official Mozilla Firefox ESR site

    https://www.mozilla.org/en-US/...

    is still offering ESR 45.8.0 and NOT esr 52.0.0

    Please notice that TFA links to their own download site and NOT Mozilla's

    ----------

    As per the NPAPI support:

    NPAPI support is there in the code, since the NPAPI Flash plug-in still works. Is only that Mozilla's developers decided to disable it for all other plugins.
    Plugins that do not use NPAPI are failing because Firefox is slowly rolling out multiplrocess (project electrolysis) and this interferes with Plugins.
    As for Ad-ons (which are different beasts than plugins), the problem is both project Electrolysis AND the fact that Mozilla is migrating from their plug-in APIs of yore, to an API similar (but no completely equal to) chrome's, for security and performance reasons.

    The path of least resistance, at least for now, is to install ESR 52, disable multiprocess and hang on to it until around june next year. Also, bear in mind that, on older hardware, Multiprocess (think core processos before the i series, specialy 2 cores non multithreaded machines) is actually SLOWER than the singlethreaded firefox way. This is specially important for Plugins used to handle pro grade equipment (servers, networking gear, etc)

    The harder, but more efective long term path is to upgrade/substitute problematic Plug-Ins and AdOns and embrace the more secure multiprocessing future head on. Or change browser...

    Me, I have been on the ESR channel since it was enabled, so you now my answer... ;-) :-P

    --
    *** Suerte a todos y Feliz dia!
    1. Re:Not available in the oficial Mozilla site by CrashNBrn · · Score: 1
      I've been on Nightly and Firefox Developer (Auora) for 3 - 4 years. All of the necessary Add-ons work just fine. I got rid of all of QuickSaver's extensions as he pre-announced that he wasn't going to support them any longer due to the upcoming FF 57.

      Activity Stream (Mozilla)
      Copy All Tab Urls WE
      Enpass Password Manager
      Greasemonkey
      Multiple Tab Handler
      Page Shot (Mozilla)
      Session Manager
      SnoozeTabs (Mozilla)
      Stylish
      Stylish-Custom
      Tabhunter
      Test Pilot (Mozilla)
      Tree Style Tab
      uBlock Origin
      uMatrix
      Vertical Toolbar

  9. Try Firefox 52 without installing by pkrumins · · Score: 1

    Hi all! I just added Firefox 52 to Browserling. You can try this latest Firefox version without installing right from your browser via this link:

    www.browserling.com/firefox/52/slashdot.org

    We run the browsers in virtual machines and stream them to your browser. If the demand is too high then you'll have to wait in a queue for a while to try it. I'm adding more virtual machines right now to let more people try it without waiting.

  10. ESR branch? by Snard · · Score: 1

    When I saw there was an ESR branch, my first thought is that they had renamed it to GNU/Firefox.

    --
    - Mike
  11. Re:What progress? by Blaskowicz · · Score: 1

    I recently ran some Tetris or Pacman type of game that was super smooth (and looked like early 80s, except it has to be about 1000-pixel wide now)
    Well, it is butter smooth except for the garbage collection pause every second that makes it super jerky. It was not WebGL stuff though.

    I wonder if we'll see 3D shit in web pages that suddenly makes your browser consume 1GB more memory, or half GB, pushing the PC into swap hell, not to mention "run out of swap" hell. I will eventually map a keyboard key to "killall Web\ Content".