Mozilla Firefox Browser Stable Version Releases

After realizing that the plugin was in my plugin Window, I did a 5 minutes Google search to figure how it got there, I had thought that it came with Firefox but I had not read the Release notes. I also wanted to know what it was and how to get rid of it. The only instructions on how to disable it that I found were for earlier Firefox betas and that did not work so i look for H264 in about:config and was easy to figure what to change. I posted how to remove the plugin in post 120.

Bo

 

For those of you that don't like advertising tiles in your Browser, how to remove them

 

Firefox 33.0 crashed on me when I updated to 33.01 using Firefox's built in updater, strange

 

Thank You.

 

Also having trouble coping with the idea of yet another Firefox plug-in to babysit.
OpenH264 Now in Firefox
http://andreasgal.com/2014/10/14/openh264-now-in-firefox/

 

BBC Hardtalk:

Stephen Sackur speaks to Mitchell Baker, a Silicon Valley pioneer and boss of the not-for-profit Mozilla Corporation, best known for the Firefox web browser...30mins...available for next 11 months...

http://www.bbc.co.uk/iplayer/episode/b04p5b36/hardtalk-mitchell-baker-executive-chairwoman-mozilla

 

I'm curious if you're aware of this extension and if you have an opinion as to its usefulness on the security front?

https://addons.mozilla.org/en-US/firefox/addon/csfire/

 

hi
32.0.2 is out
can't find changelog as usual
english _ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/33.0.2/win32/en-US/Firefox%20Setup%2033.0.2.exe
all languages _ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/33.0.2/win32/

 

We know you meant 33.02

Not coming through the internal updater yet...

 

Unofficial changelog : http://hg.mozilla.org/releases/mozilla-release/shortlog

Rules.

 

To add to this, one of the basic rules for security is to uninstall code that you don't use.

Good day to the Forums. I'm an occasional home network admin and long-time reader of Wilders Forums.
I read up on the detail of this codec - in Andreas Gall's blog post of the other day

OpenH264 Now in Firefox | Andreas Gal
http://andreasgal.com/2014/10/14/openh2 ... n-firefox/

The codec doesn't support the <video> tag. It's purely for Web chat applications. And done to provide an alternative to stuff getting used by Google.
None of the users on my home network uses Web chat.

While I think it's great for Mozilla to be working so hard to get open codecs up and running, I don't think that having some binary installed quietly in every profile, default 'on', is admin security fun.

After turning it off with the pref

media.gmp-gmpopenh264.provider.enabled​

I also deleted the codec binaries - in directory gmp-gmpopenh264 - from each profile....
And added a bit to my admin update script.

 

Firefox 36 (currently in Nightly) and higher expose the SSL/TLS protocol version number, so addons like Cipherfox and Calomel SSL Validation will finally be able to show it.

I wasn't aware of this extension, but it looks nice for improved security. I thought NoScript protected against CSRF attacks, but apparently it's protection is mainly focused non-LAN(websites) requesting acces to LAN resources.
https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
I don't know how common CSRF attacks are, but this looks like a good addition to browser addons.
There is an old thread on CsFire here, but it's quite small:
https://www.wilderssecurity.com/threads/csfire-extension-for-firefox.275793/#post-1702292

 

That will make it easier for sure. Too bad we have to wait three release cycles for that feature in the stable build.

Thanks! It would be nice if there was more info, but I get the basic idea and see how to add sites to CsFire that I don't want it to block.

 

Yes, it would be nicer if they could put it in the current Beta versions.

Yes, it already has a rule(by default I think) to migitate CSRF when it requests information from the Local network, but not when the site makes a request to another site.
Default rule:

Code:

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny

It is probably possible to create your own rules to block outside of the Local network as well, but it's not really practical to create rules for tons of sites and when you create global rules you will probably break a lot of websites.
CsFire does not block the requests but strips the authentication information from them so it is much more user-friendly.

 

Firefox 33.0.3
first offered to Release channel users on November 6, 2014

• Fixed - 33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled (see bug 1093863)

Another item added sometime after initial posting -

• Fixed - 33.0.3 Fix two startup crashes with some combination of hardware and drivers (1064107 and 1021265)
  

Download - All systems & languages