Mozilla Firefox Browser Stable Version Releases

Discussion in 'other software & services' started by JRViejo, Mar 18, 2014.

  1. 142395

    142395 Guest

    @BoerenkoolMetWorst, how do you think about SSLeuth?
    I haven't used Cypherfox, and as to Calomel, last when I saw it it had lots of craps and a reviewer (and I too) had some question about their ranking so I didn't install. Don't know current state.
    As I'm new to this thread, pardon me for replying old post.
    ABE protects you from CSRF & DNS Rebinding to LAN by default rule while sandbox is to prevent damage from remote code execution. So they're basically other thing, protect you from different kind of threats. You can edit original rule to expand ABE's protection but it's quite tedious, better to go RequestPolicy or Policeman if you want protection against general CSRF and DNS Rebinding as well as some other threats.
    Yeah, you're right.
    Mozilla developping/developed Servo with Rust is one example.
    I remember several years ago when Mozilla said they don't adopt multi-process architecture cuz it complicates program, what a spinless reason? They could see multi-process will soon be more common and required. Do they only see current situation and don't want to see near future? I can't understand some of recent Mozilla's action, Servo is okay, Firefox OS is okay, but huh, Mozpay? I sometime feel Firefox is no more "your browser" and Mozilla is going off from user need and follow just their own self-satidfied beliefs, and having less and less interest to Firefox and its users, just IMHO.
     
  2. Yuki,

    Are you pulling my leg?

    Mozilla has a hard time to evolve Gecko into multi-process architecture, so they start up a parallel programming pilot Servo, The spinless reason is the fact that the Gecko engine has a Netscape architecture legacy.

    Legacy not a problem? While Webit has improvements (and security mechanism) like HeapArena, with Gecko you have to "free after use" to prevent the red panda (Mozilla) from leaking memory. Googling "memory leak and" Gecko gives 96.200 results, Googling Webkit gives 1.360 results.

    Also the rich programming API offered by Gecko is good for developers, but a richer API also means that there are more points of contacts and possible mis-use or bugs. More entrypoints, more (AxB) possible errors, without a massive automated test-bench (like Google has), or the manpower of the US-stock exchange giants Apple and Google, regression testing is a pig (in dutch we say dragon) of a task to complete.

    Regards Kees
     
    Last edited by a moderator: Mar 20, 2015
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I don't agree, Yuki. Firefox has been my browser for a long time, despite all the changes they done recently, my Firefox functions and look the way I want it. I dont want Firefox to be an squared browser ala Chrome. To me personally, Firefox is an exciting browser and Chrome is boring. Liking browsers is like someone liking brunettes and another guy liking blondes.

    In my opinion, measuring Firefox with Chrome in mind is shortsighted. If we wanted Chrome, we would be using Chrome. Kees, about sandboxing in Firefox. The longer it takes to be implemented, the better (IMO).

    Bo
     
  4. I was talking about Gecko and Webkit rendering engines and their design and quality differences, not the browser. Gecko is (security wise) a lot more exiting than Webkit, you are absolutely right: everyman to his one.
     
    Last edited by a moderator: Mar 20, 2015
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
  6. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    Thank you. :thumb:
     
  7. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    Just updated!
    :thumb:
     
  8. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,423
    Location:
    U.S.A.
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I usually wait a few days before updating Firefox but did this one right away. All is well in XP and W7.

    Bo
     
  10. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Updated as well. Have been jockying back and forth between FF and Palemoon as default. Right now it's FF because µBlock with Dynamic filtering works so well with it. Also using NoScript with untrusted list. So it's FF as default browser and Palemoon as secondary.

    Edit: Just updated to FF version 36.0.4 also.
     
    Last edited: Mar 21, 2015
  11. chachazz

    chachazz Updates Team

    Joined:
    Apr 23, 2004
    Posts:
    841
  12. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I've started using the have ESR versions after this latest release....A few must have extensions (for me) don't work in 36.04 ; self destructing -cookies, Ghostery 3 and The Addon Bar (restored)....I believe the ESR's have the latest security features?....I don't care much for the so called performance improvements because its memory leaks haven't truly improved and the others I either don't understand or need.
     
  13. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,423
    Location:
    U.S.A.
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Strange, all 3 addons are still working fine here with 36.0.4.
    The ESR branch is indeed still kept up to date with security fixes. Keep in mind that is only true for the latest branch(currently 31.x(I mention this because it appears that some people are on older branches and under the impression it is as secure as the latest)). New security features such as Public Key Pinning are not backported afaik.
    EDIT: Oops, I meant the latest Ghostery(not 3) and not Addon Bar restored but Status-4-Evar.

    About Calomel, it indeed has lots of options not related to SSL, but I don't use them anyway and about their ranking; it is debatable how divide the points on certain properties, but I don't need the rating because I can assess for myself what is good and what isn't.

    I wasn't aware of SSLeuth, first impressions are good. It has much more configurability and I like that it can display TLS details for loaded 3rd party domains as well.

    Btw, CipherFox is more limited, but you can set it to display in the statusbar/addonbar so you can see the used ciphersuite etc in a glance without having to click once. And it has a right-click menu with a nice SSL Labs option which tests the current site and open the results in a new tab.


    Looks like they didn't fix MSFA2015-28 properly in .3, as it's now listed for the .4 release.
     
  15. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    What symptoms are you noticing about the self destructing cookies extension not working?
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    SSLeuth looks good. The "colorize address bar" feature isn't working for me though.

    Edit: the colorize option is working now (not sure yet what I changed). For instance it turns a very noticeable orange on BankofAmerica.com which SSLeuth flags due to lack of Perfect Foward Secrecy and weak cipher suite. (need to ask the BofA people about that :) )
     
    Last edited: Mar 22, 2015
  17. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,423
    Location:
    U.S.A.
  18. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Currently trying Cyberfox latest 32 Bits.
    Yet no hangup prob.

    Is Cyberfox good?

    UPDATE - It seems hangup prob is solved in latest Firefox 36.0.4.
    Browsing for quite sometime yet no hangup probs.
    Lets see if the prob arises.

    But one thing, previously I had Adobe Flash installed.
    Now I dont have it installed.
    So dont know if Adobe Flash is the culprit for the hangup prob?
     
    Last edited: Mar 22, 2015
  19. 142395

    142395 Guest

    Sorry I don't get why it pulls your leg. honestly, I couldn't understand why Victek said it in #370 as a reply to your comment #369, but I just replied to "Sandboxing is only one of many ways to improve browser security." which is true.

    Borrowing your shipwreck example, sandbox can be illustrated like, separating each cabin so that even if there's a break, still only that cabin is affected and don't affects whole ship. Building secure language will be, like employing iron to build ship instead of wood.

    It's good to know Mozilla actually have been struggling to evolve Gecko to make it multi-process architecture. When I heard Mozilla gave up multi-process as it complicates programs, maybe I misunderstood sth.

    As I'm noob in programming, I tend to think freeing memory after use is common manner, but is it not the case in Chrome? Googling for HeapArena didn't give meaningful result for me except Arena is a lump of memory. Ofc I know it is often forgotten and cause memory leak, in my understanding it's not good to leave memory freeing to GC.
    I meant exactly this point in previous comment. I think when Mozilla says Fx is your browser, "your" = (client) user and not developer. Recent Mozilla adding too many APIs & functions and some of them are even privacy invasive. Not to mention snippets etc., but also battery API, netinfo, performance, resource timing, idle-observer etc. can give info you may not want to (tho some of them are not so new).
    I want simple but stable browser rather than multi-functional but buggy one.
     
  20. 142395

    142395 Guest

    I've been Fx user long time, compared to it I'm relatively new to Chrome and still Fx is one of main browser. In desktop my usage is almost 50:50, but on Android Fx usage is 90+%.
    Bo, do you like Australis? I don't, tho not the degree I want to immidiately revert to classic UI. I won't use Hello. Simply put, I don't have anything to do with most of function Fx recently adding. I think Fx is poisoned too much affected by Chrome, is rapid release cycle really needed for Fx? It's strange only IE remains simple browser which don't adopt rapid release, tho MS will eliminate it and go to Spartan (and I won't use IE as main browser).
     
  21. 142395

    142395 Guest

    As BoerenkoolMetWorst said, no ESR don't have latest security features. And even for security fixes, it only applies important security fix, so minor one may not be fixed.
    Same here, I always audit cipher by myself, but as I found SSLeuth I'm playing with it. Thanks for reply.;)
     
  22. I thought you were joking because Mozilla delayed two years with electrolysis (OOP) to improve CURRENT rendering engine. At the same time they spend manpower on a parallel processing pilot for a FUTURE rendering engine (may be applicable when Windows 13 arrives).

    Indeed sandboxing not the only security mechanisms, see https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not-WP.pdf
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    No, I don't like Australis. I don't like the way it looks or functions. But the thing with Firefox is that you can, via Option, about:config and extensions make the browser work exactly as you want it. To me personally, it doesn't bother me what they add or do to the default browser as long as I can easily customize the browser according to my taste and needs. And that is something that is easily done with Firefox.

    As you, I don't care about any of the new functions, like Hello, flashing downloads, tabs with tiles, etc. With Firefox, that's no big deal, you don't want it, yon can get rid of it. And I do. To me, having the choice is whats important. Functions like opening the bookmarks side bar with one click, tabs not on top, blank new tabs, addon bar, home button, those are functions that are important and I am able to have them in my Firefox.

    And on top of that, NoScript works great in Firefox. What else can I want in Firefox. The only thing left is Firefox with NoScript working great with Sandboxie, and it does. Never a problem. Rapid cycle? I don't care about that. People using antiviruses or other signature programs have to do updates everyday. I don't do any of that. I go weeks without upgrading anything in my computer. So, updating Firefox once in a while doesnt bother me at all.:)

    Bo
     
  24. 142395

    142395 Guest

    Well, my English currently don't reach a degree I can use joke or even correctly interpret joke. American joke is somewhat understandable, but British one is often hard to understand.

    Oh, thanks for thanks for the interesting link! I now got the idea of HeapArena!
     
  25. 142395

    142395 Guest

    Yeah, customaisability is definately Firefox's virtue! And as you say, I can disable anything I don't need/want, but my comment was somewhat selfish desire that, I wish Mozilla spent their resource to make Fx more stable, faster, securer, bug-free! I don't often encounter serious bug in Fx, but sometimes find small bug, latest one is occassional micro-freeze and I found some others reported similar issue (not sure if they're the same). And as to speed, I have to admit Chrome is bit faster, tho Fx is still acceptable.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.