News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Critical Mozilla Firefox Update!

    Posted on Microfix Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Critical Mozilla Firefox Update!

    Topic Resolution: Not a Question

    This topic contains 29 replies, has 9 voices, and was last updated by  Nathan Parker 1 week, 4 days ago.

    • Author
      Posts
    • #2042540 Reply

      Microfix
      Da Boss

      Mozilla has today, released a point update for both firefox 72.0 and ESR 68.4 versions of the browser a day after their release to fix a Qihoo 360 ATA reported vulnerability that affects the browser’s Just in Time Compiler.

      Since it is exploited in the wild, Mozilla had to react quickly to release a patch.

      It is therefor advisable to update your FF version 72.0 to 72.0.1 and FF ESR 68.4 to 68.4.1
      thru the mozilla update channel or via the mozilla FTP if you keep your browser up-to-date.

      more information is available over at Ghacks on the point release.

      Must say,  Mozilla’s rapid response is admirable.

      Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 | W10 1909 x86 Pro
      8 users thanked author for this post.
    • #2056201 Reply

      Nathan Parker
      AskWoody_MVP

      Even DHS is requiring people to update ASAP:

      https://www.macrumors.com/2020/01/10/mozilla-firefox-update-vulnerability/

      Nathan Parker

    • #2056267 Reply

      OscarCP
      AskWoody Plus

      Still no update for Waterfox. I would guess that, if the problem is as described and if it does apply to WF as well as to it’s cousin FF, then WF’s will come along in the not-to-distant future.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      • #2056685 Reply

        anonymous

        Links to updates, yes this Reddit is an official support area.

        • #2057342 Reply

          OscarCP
          AskWoody Plus

          According to the Reddit commentator (link provided by anonymous #2056685 ), the danger comes from booby-trapped ads in otherwise OK Web sites. If that were all, then using an ad blocker relentlessly, without fear or favor, as is my custom, should take care of this particular problem. If a site is set up to demand turning off the ad blocker, I say sayonara and high tail it to some where less demanding. I don’t blame the owners of those sites for trying to keep them going through advertising revenue, but the world has changed and continues to change in ways that make that way of financing Web sites increasingly dangerous to those who visit them. The alternative, requiring paid subscriptions, or being well-heeled, or finding rich sponsors is, unfortunately, perhaps the only way to go for many sites, including some that provide useful services to the broader community.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

          • #2065541 Reply

            anonymous

            This is heading toward being well off topic, but one last point:

            …financing Web sites increasingly dangerous to those who visit them….

            Not only those, but increasingly certain other sites even ones whose cost is supported will not function completely without enabling known or possible bad tracking domains. Not a good future for the Internet.

    • #2056295 Reply

      Nathan Parker
      AskWoody_MVP

      Still no update for Waterfox. I would guess that, if the problem is as described and if it does apply to WF as well as to it’s cousin FF, then WF’s will come along in the not-to-distant future.

      My thoughts exactly.

      Nathan Parker

    • #2056302 Reply

      Cybertooth
      AskWoody Plus

      Is it known whether this vulnerability affects Firefox derivatives (e.g. Pale Moon, Waterfox, Basilisk)?

       

      1 user thanked author for this post.
    • #2056530 Reply

      satrow
      AskWoody MVP

      Mozilla always delays publication of vulnerabilities for several days after the release of patched software versions, the other devs can then dive in and check/test/patch as appropriate.

      Be patient, we should know more within ~2 days.

      1 user thanked author for this post.
    • #2056716 Reply

      anonymous

      Waterfox’s Releases page is updated for the new versions to download.

      • #2068901 Reply

        OscarCP
        AskWoody Plus

        Looking at the “Releases” page with that link it reads, on top of the new version (2020.01) for Windows, Mac and Linux on offer there, as follows:

        “The latest or preview versions of Waterfox on various platforms.
        CDN kindly provided by STOKPATH”

        My own browser is still, as of today, January 12th, on the previous, December version (2019.12) and WF is “up to date” according to the pop up box that opens when clicking on “Waterfox/About Waterfox.” So the 2020.01 version is probably the preview one, made available for people that may wish to try it.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        • #2069047 Reply

          satrow
          AskWoody MVP

          So you’re staying with the vulnerable older version rather than manually updating to the patched .01 release!?

          1 user thanked author for this post.
          • #2069196 Reply

            OscarCP
            AskWoody Plus

            No: I would wait a few days more, until I get the message, in the usual way, that the fully tested version is available, according to the WF developers. But then again, I am a wild and crazy guy. So don’t even think of doing what I do. I am a very bad example. Not a role model at all. Just don’t tell my grand-aunt Agatha. She won’t be amused.

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

            • #2069261 Reply

              satrow
              AskWoody MVP

              Try spending some time reading the latest comments in r/waterfox and the Waterfox blog.

            • #2069366 Reply

              OscarCP
              AskWoody Plus

              I have tried. It was so very hard, but I have persevered. And, in the end, I got some interesting information — or perhaps nonsense? — from a couple of comments posted in a WF discussion page:

              Fry McFry: “I just checked for updates and didn’t get any. This is now the 3rd time in a row that I have to download an update manually! Why does Waterfox even have an updater when it obviously doesn’t work? And how can you publish a software that does not support such an important function?”

              Cicero Interactive: “It indeed detects the update, but only around one to two months later. IDK why, I opened an issue for the 2019.12 release, but Alex didn’t respond: https://github.com/MrAlex94/Waterfox/issues/1323. It’s only this way since the 2019.10 release. Maybe it’s related to the new versioning scheme?”

              (“Alex” is Alex Kontos, the founder and lead developer of Waterfox.)

              And also these, from r/waterfox:

              “Auto-Update is not prepared yet. Simply download installer and install it over the existing one, it’s not rocket science.”

              “So, basically, you expect all of the users reading Waterfox Reddit or some other similar space to get known about update patching 0-zero vulnerability for the most important SW which any person use?
              Like, are you serious?
              I’m waiting for the moment, the patch is distributed – that’s the only moment since u can announce the fix is done.”

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        • #2069312 Reply

          Ascaris
          AskWoody_MVP

          FWIW, my Waterfox Classic updated to 2020.01 yesterday (from the Hawkeye PPA).  Using it now… no problems with it that I can see!

          Group "L" (KDE Neon User Edition 5.17.5).

          1 user thanked author for this post.
    • #2069927 Reply

      wavy
      AskWoody Plus

      Palemoon has been updated as well
      v28.8.1 (2020-01-11)

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      2 users thanked author for this post.
    • #2085068 Reply

      Nathan Parker
      AskWoody_MVP

      My Waterfox Classic isn’t showing the update when I check for updates. Does it require a manual update?

      Nathan Parker

      • #2085075 Reply

        OscarCP
        AskWoody Plus

        Nathan

        Yes. It looks like the WF updater, or whatever it is called, is not working at the moment, so the update to 2020.1 is not sent to those of us that use WF. One has to go and get it. It installs in the usual way: after one downloads the installer.and clicks on it, the usual little box opens with the icon of the application on the left and that of the “Applications” folder on the right. One drags the former over the latter (with WF turned off) and it is done, after a few feints and dodges, as usual.

        The download is from here:

        https://www.waterfox.net/releases/

        Bonne chance!

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        1 user thanked author for this post.
      • #2085076 Reply

        anonymous

        It might still require manual updating.  In any event, you can get it here: https://www.waterfox.net/releases/

    • #2085077 Reply

      JNP
      AskWoody Plus

      It might still require manual updating.  In any event, it can be downloaded here: https://www.waterfox.net/releases/

      1 user thanked author for this post.
    • #2085078 Reply

      Nathan Parker
      AskWoody_MVP

      Grabbing it now. Thanks!

      Nathan Parker

    • #2085080 Reply

      Nathan Parker
      AskWoody_MVP

      This is strange. I now have two copies of WF:

      1. Waterfox Classic-launches the 2019 release
      2. Waterfox-launches the 2020 release

      When I launch the Waterfox (2020 release) all my same settings are there.

      Do I need to simply trash the Waterfox Classic app, and are there any other files associated with it I need to trash, or are those migrated to the app for 2020?

      When I downloaded the Waterfox update, I still did it from the Classic channel.

      Nathan Parker

      • #2085087 Reply

        OscarCP
        AskWoody Plus

        Nathan, I also had, after installing 2020.1, two apps on the Finder “Aplications” folder, with those two somewhat different names. I removed the “Waterfox.classical.app” (2019.12), after installing the new one, but kept a copy of it on my Desktop, for a while. And, for a while there, the icon of the old one was looking nice, blue and fat: the very image of a proper working WF icon. After a while, it went cold, turning white and unresponsive, so I trashed it. Only the new version, called “Waterfox.app” remains now in the Mac. It is working fine, and all my settings got migrated to it during the installation, as I could ascertain right away after it was done.

        And Netflix still does not deliver videos to WF, new version and all.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #2085564 Reply

      Nathan Parker
      AskWoody_MVP

      Nathan, I also had, after installing 2020.1, two apps on the Finder “Aplications” folder, with those two somewhat different names.

      Great to know. I found out Waterfox and Waterfox Classic share support-related files, so tossing the Waterfox Classic app but keeping most of the support-related files on the Mac ensures everything is properly migrated to the Waterfox update.

      The only other support-related file I needed to toss was the Waterfox Classic folder inside Caches inside my User’s Library Folder (it’s separate from the master Library folder on the Mac hard drive, and generally hidden). That one is tied to the old version of Waterfox Classic which is no more.

      On a side now, I’m downloading Edge for Mac today.

      Nathan Parker

      • #2085586 Reply

        OscarCP
        AskWoody Plus

        Nathan: Glad that you got your question answered. Now I have one myself.

        I have 3/4 Tb free in the SSD of my MacBook Pro and wonder if there is a great need to get rid of those folder caches, etc. you mention, besides the application itself. If not, I’d rather wouldn’t bother removing them. Unless they are really big.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        1 user thanked author for this post.
        • #2085607 Reply

          OscarCP
          AskWoody Plus

          I just had a look in Finder/Go/Library/Caches and there is only one Waterfox cache there and it is only 174 KB in size. It also appears empty, with only a folder inside called “Profiles” that is also, apparently, empty. It could have something to do with my having WF set to “delete history” and “delete cookies” when closing it. In any case, those two settings are not causing problems, at least that I am aware of, and they seem to do exactly what their names indicate.

          There is Waterfox/Preferences/Privacy a setting to “Remember  searches and form history” and I am not sure if that is good or bad.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

          1 user thanked author for this post.
    • #2085609 Reply

      Nathan Parker
      AskWoody_MVP

      Might be. Mine had two folders in Users/MYUSERNAMEHERE/Library/Caches: Waterfox and Waterfox Classic. Tossing Waterfox Classic is all I needed to do.

      In general, you won’t need to toss any other cache files on your Mac. macOS can auto-delete stuff if need be when needed. Some people delete stuff to free up space, but I generally only delete stuff there if I know I’m fully removing the app from my Mac.

      Nathan Parker

    • #2085627 Reply

      OscarCP
      AskWoody Plus

      I have looked in the Caches in: Users/MY USER NAME/etc. It was much the same as what I found in Finder/Go/Libraries/Caches a while ago. Only  one Waterfox folder there, also with a second one inside called “Profiles”, both empty and using just 125 KB of disk space altogether. It looks like macOS tidied up things very nicely all by itself after I installed the WF.app (v 2020.1) two days ago and deleted the previous WF.classic.app (v 2019.12)– although the new application is also from the “Classic” series.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      1 user thanked author for this post.
    • #2085635 Reply

      Nathan Parker
      AskWoody_MVP

      Yep, seems macOS cleaned up after itself, which it can. You’re all set.

      Nathan Parker

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Critical Mozilla Firefox Update!

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.