Slashdot Mirror
Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 (softpedia.com)
prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.
Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins
Imagine for a moment that you're seeing this notice on your home NAS. You'd consider making it secure, but a secure page requires a TLS certificate. Because friends and family bring their own smartphones, tablets, or laptops to access your home server, you don't want them to have to first install an internal root certificate. A TLS certificate that others already trust requires a domain because the CA/Browser Forum's Baseline Requirements forbids issuing a certificate for a made-up TLD or a private IPv4 address (such as 192.168/16). So now it appears everyone with a home server will have to buy a domain in order to make this go away.
You must have zero add-ons installed, IOW you could use any other web browser. That's the sole reason Firefox was created, right? To allow extreme customizability, no?
I have a shitton of addons installed because it's the only way to make Firefox behave like I want it to.
Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".
Alas, that's what I'm going to do, because Firefox is still the best web browser out there. Too bad, it's headed in the direction of becoming a Chrome clone.
All that resetting is necessary to help to debug. If the bug is in add-ons, then it should be reported to the add-on developers. If it is really a fault of Mozilla, add-on developers should report it, since they will probably have a better insight of what exactly has gone wrong.
Similar with settings. If you have messed with about:config, it is nigh impossible for Mozilla to test all the permutations, or provide reasonable upgrade path to all of them.
In my workplace, we have similar issues, but we solve them by selling support. Since you get FF for free, it would be unreasonable to expect them to handle your specific configuration.
By setting security.enterprise_roots.enabled to true FF will check the Windows Certificate Store for CAs that can be pushed via GPO, so it should integrate more easily with Enterprise setups.
Karma: none (due to not believing in reincarnation)
For anyone who has the same problems (they are all caused by the same add-on): the culprit is
Status-4-Evar
Disable it and Firefox becomes functional, albeit without a status bar. I'm now trying to understand what status bar add ons still work with Firefox 52 (the status bar was removed aeons ago because Firefox developers believe no one needs it).
Nowadays Mozilla devs have a peculiar way of treating new bug reports: first, they offer you to disable all add-ons, then reset all settings, then try a fresh profile. I don't like any of these "options".
Let's say you bring your pickup truck to the Ford dealer for warranty repairs because you claim it "handles like crap".
If they tell you to first remove the after-market 6-inch lift kit and 35-inch off road-tires that you installed, would that be unreasonable?
This add-on also breaks Firefox. So far there are no functional status bar addons for this version. :-(
I switched nearly 2 years ago and I can tell you its really good
Quantify "really good" for compsci nerds.
How many security updates have Pale Moon Devs done since "2 years ago"? The internet seems to unfortunately be a moving target. You'd think they'd run out of bugs eventually =-)
I ask these questions as someone who has frozen at an earlier FF (51?) on my personal desktop, and doesn't bother with it at all for work development, and is saddened by it.
I just don't think the Pale Moon team has the manpower to keep up.
Populus vult decipi, ergo decipiatur...
"Force shits upon Reason's back." - Poor Richard's Almanac
The reason, of course, is services and the possible profit from them.
Your paranoia has crossed over into pure nonsense here. Anyway, WebAssembly is easier to audit for security problems than a JavaScript JIT, so as JavaScript moves to WebAssembly as a backend you'll have even better security.
I will not be using a browser with WebAssembly built in. :rolleyes:
.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)