Update Firefox NOW

2020-01-10 11:50 am
mdlbear: (technonerdmonster)
[personal profile] mdlbear

Unlike my post Wednesday, this is one you should do Right Now(TM) if you have Firefox installed and aren't getting automatic updates. And even if you're getting updates automatically, you should check your version if you haven't updated since Wednesday. This vulnerability is being actively exploited in the wild.

The latest version is 72.0.1; you can check this by choosing the "About" item on the "Help" menu. The corresponding Android version is 68.4.1; "About" is the last item on the "Settings" menu. The update doesn't appear to be necessary on iOS (presumably because it's using a different just-in-time (jit) compiler)-- version 20.0 was released back in October.

Links

Another fine post from The Computer Curmudgeon (also at computer-curmudgeon.com).
Donation buttons in profile.

Tags:
Flat | Top-Level Comments Only

Date: 2020-01-10 09:42 pm (UTC)
madfilkentist: My cat Florestan (gray shorthair) (Default)
From: [personal profile] madfilkentist
Already did, but thanks for letting people know.

Date: 2020-01-10 10:57 pm (UTC)
mdlbear: blue fractal bear with text "since 2002" (Default)
From: [personal profile] mdlbear
My phone and laptop auto-updated, as I expect that almost everyone's did. But there's always somebody...

Date: 2020-01-10 11:29 pm (UTC)
acelightning: cartoon me in front of desktop computer (at computer)
From: [personal profile] acelightning
Does this also apply to SeaMonkey? I'm running the most recent release of SeaMonkey, version 2.49.5

Date: 2020-01-11 12:23 am (UTC)
mdlbear: blue fractal bear with text "since 2002" (Default)
From: [personal profile] mdlbear
If it's using the IonMonkey JIT for Javascript, which I think is likely, then yes. More detail:

According to the project docs, "SeaMonkey 2.49.5 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes." The current, fixed, version is 68.4.1. So it depends on whether 52.9.0 includes IonMonkey. It does according to SpiderMonkey - Wikipedia.
SeaMonkey 2.49.5 appears to have come out in October. According to SeaMonkey:Home Page - MozillaWiki it's receiving security updates, so maybe it will get updated. Or you could live dangerously and pick up one of the development builds.

Date: 2020-01-11 06:30 am (UTC)
acelightning: cartoon me in front of desktop computer (at computer)
From: [personal profile] acelightning
I don't even know when (or whether) I get automatic updates of SeaMonkey, but I suspect I do. So this vulnerability has been patched? I don't think the development builds run on Windows 10 :-(

I do remember there was a bunch of alarmist news about 2.48.xx, with big warnings about how users had to upgrade to the newest version immediately. Except the newest version wasn't available for several more weeks, at which point I installed it immediately.

The main reason I use SeaMonkey is because it's well maintained and protected. And it seems to be obscure enough that nobody bothers to create malware to affect it.
Edited Date: 2020-01-11 06:31 am (UTC)

Date: 2020-01-12 01:31 am (UTC)
From: [personal profile] chanter1944
Ugh to the ugh! Does Firefox still fail at screenreader accessibility post a certain ESR release? I had to download a specific ESR, then turn off autoupdating, in order to be able to use the browser without it contracting a gigantic case of screenreader fail. Ironically, it's the best of the browsers I can find out there, at least as I have it configured now. IE is full of security flaws and no longer updated, Chrome isn't great at all, Microsoft Edge is completely inaccessible... I wonder if I might have to default to Safari?
Flat | Top-Level Comments Only

Most Popular Tags

Links

Style Credit

Page generated 2025-06-28 02:00 pm
Powered by Dreamwidth Studios