Mozilla Firefox Version 36 Released with Security Updates

[Corrine]

Mozilla sent Firefox Version 36.0 to the release channel, with Firefox ESR updated to 31.5. The update includes eight (8) security updates, of which three (3) are identified as critical, two (2) high, two (2) moderate and one (1) low.

 

A security feature finally incorporated in version 36.0 is full HTTP/2 support. Additional information this change is available in the Mozilla Security Blog, Phase 2: Phasing out Certificates with 1024-bit RSA Keys | Mozilla Security Blog.

 

Additional information regarding the security fixes and other changes made in this update are available in my blog post here.

 

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."

[ebrke]

Thanks Corrine.

[Capt.Crow]

21mb D/loaded in 45seconds. What's going to bust?

[securitybreach]

I am not a firefox user but this is neat:

 

Mozilla, the organization behind the Firefox browser, has released version 36 of this open source and immensely popular web browser. Some of the most interesting features include the syncing of pinned tiles across OSes. Which means once you logged into you Firefox sync account the tiles that you pinned on one system will be synced with Firefox running on other systems.

 

With this release Firefox adds support for the HTTP/2 protocol – the successor of HTTP1.1 protocol. That’s great news as recently Google dropped their on SPDY to embrace HTTP2.

FF (as it’s commonly known as) is already available for all major Linux distributions, Mac OS X and Windows. If you are on a Linux-based system, just run a system upgrade to get the latest Firefox.

 

http://www.linuxveda...h-new-features/

[Capt.Crow]

I see that ""Hello"" is included in the upgrade.. Must sus that one out . May not need Skype after all ..

[ebrke]

Let us know how you make out with Hello.

[Corrine]

I see that ""Hello"" is included in the upgrade.. Must sus that one out . May not need Skype after all ..

You may want to take a look at the Firefox Hello Privacy Notice, expanding the collapsed "Learn More" information, particularly since Mozilla is sending information to a third party, "TokBox".

 

Firefox Hello is provided to you in collaboration with TokBox, Inc. ("TokBox") and sends data to TokBox as a part of the function of the service. This notice only describes how Mozilla handles information we receive from you. For more information on TokBox’s handling of data, you should read their Privacy Policy

 

To disable Hello, it can be done through about:config. Just toggle loop.enabled to false (from how do I disable hello).

 

---

 

Although I haven't run into it, others who have updated to Version 36 have been getting a Windows Firewall popup, requesting exception. When I saw others had reported the issue, I tracked down this discussion at mozillazine.org: Which service - fx36 and up - is responsible for SSDP?

 

Two bug reports that appear to apply: 1086278 – Windows/Mac firewall dialog pops up on startup and 1111967 – Add an option to disable SSDP in Firefox.

[Capt.Crow]

Havent made time to look into this . I have been installing the wiring for the loft . I never realised how much equipment has to be catered for ,not to mention the two way switching for some of the lights. ...Spagelectrikery

 

Many thanks for the heads-up re:- Hello .

[Corrine]

Another update for Firefox sent to the release channel. The update to version 36.0.1 includes nine (9) security updates, of which four (4) are identified as high, four (4) moderate and one (1) low.

 

Details are available in my blog post here.

[Corrine]

Mozilla sent Firefox Version 36.0.3 and Firefox ESR 31.5.2 to the release channel to fix security issues disclosed at the HP Zero Day Initiative's Pwn2Own contest. The update includes two (2) critical security updates.

 

It appears that version 36.0.2 has been skipped in order to release the critical updates.

[zlim]

Thanks. I'm off to patch four computers.

[Corrine]

I'm sorry, Liz, but it appears that those four computers will need to be patched once again. Mozilla released Firefox Version 36.0.4 and Firefox ESR 31.5.3 to the release channel to repair the incomplete version of this fix that was shipped in Firefox 36.0.3, resulting from the HP Zero Day Initiative's Pwn2Own contest. The update includes one revised critical security update.

[ebrke]

Thanks Corrine! Twice in one day, wonder if that's a record of some kind.

[zlim]

Yup. I just read the thread at Lzndwn. I updated one and I'll do the three with ESR versions next.