Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,052 Location Upstate, NY Feb 24, 2015 #1 Mozilla sent Firefox Version 36.0 to the release channel, with Firefox ESR updated to 31.5. The update includes eight (8) security updates, of which three (3) are identified as critical, two (2) high, two (2) moderate and one (1) low. A security feature finally incorporated in version 36.0 is full HTTP/2 support. Additional information this change is available in the Mozilla Security Blog, Phase 2: Phasing out Certificates with 1024-bit RSA Keys | Mozilla Security Blog. Additional information regarding the security fixes and other changes made in this update are available in my blog post here. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."
Mozilla sent Firefox Version 36.0 to the release channel, with Firefox ESR updated to 31.5. The update includes eight (8) security updates, of which three (3) are identified as critical, two (2) high, two (2) moderate and one (1) low. A security feature finally incorporated in version 36.0 is full HTTP/2 support. Additional information this change is available in the Mozilla Security Blog, Phase 2: Phasing out Certificates with 1024-bit RSA Keys | Mozilla Security Blog. Additional information regarding the security fixes and other changes made in this update are available in my blog post here. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,052 Location Upstate, NY Feb 26, 2015 #2 For those using Firefox 36, you may want to take a look at the Firefox Hello Privacy Notice, expanding the collapsed "Learn More" information, particularly since Mozilla is sending information to a third party, "TokBox". Firefox Hello is provided to you in collaboration with TokBox, Inc. ("TokBox") and sends data to TokBox as a part of the function of the service. This notice only describes how Mozilla handles information we receive from you. For more information on TokBox’s handling of data, you should read their Privacy Policy Click to expand... If you choose to disable Hello, it can done through about:config. Just toggle loop.enabled to false (from how do I disable hello). Although I haven't run into it on two different computers (both Windows 7 64x), others who have updated to Version 36 have been getting a Windows Firewall popup, requesting exception. When I saw others had reported the issue, I tracked down this discussion at mozillazine.org: Which service - fx36 and up - is responsible for SSDP? Two bug reports that appear to apply: 1086278 – Windows/Mac firewall dialog pops up on startup and 1111967 – Add an option to disable SSDP in Firefox Yet another reason I'm glad I've switched to Pale Moon as my default browser. .
For those using Firefox 36, you may want to take a look at the Firefox Hello Privacy Notice, expanding the collapsed "Learn More" information, particularly since Mozilla is sending information to a third party, "TokBox". Firefox Hello is provided to you in collaboration with TokBox, Inc. ("TokBox") and sends data to TokBox as a part of the function of the service. This notice only describes how Mozilla handles information we receive from you. For more information on TokBox’s handling of data, you should read their Privacy Policy Click to expand... If you choose to disable Hello, it can done through about:config. Just toggle loop.enabled to false (from how do I disable hello). Although I haven't run into it on two different computers (both Windows 7 64x), others who have updated to Version 36 have been getting a Windows Firewall popup, requesting exception. When I saw others had reported the issue, I tracked down this discussion at mozillazine.org: Which service - fx36 and up - is responsible for SSDP? Two bug reports that appear to apply: 1086278 – Windows/Mac firewall dialog pops up on startup and 1111967 – Add an option to disable SSDP in Firefox Yet another reason I'm glad I've switched to Pale Moon as my default browser. .
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Feb 26, 2015 #3 Just funneling garbage after garbage...
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,052 Location Upstate, NY Mar 5, 2015 #4 Mozilla Firefox Version 36.0.1 Released with Security Updates Another update for Firefox sent to the release channel. The update to version 36.0.1 includes nine (9) security updates, of which four (4) are identified as high, four (4) moderate and one (1) low. Details are available in my blog post here.
Mozilla Firefox Version 36.0.1 Released with Security Updates Another update for Firefox sent to the release channel. The update to version 36.0.1 includes nine (9) security updates, of which four (4) are identified as high, four (4) moderate and one (1) low. Details are available in my blog post here.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,052 Location Upstate, NY Mar 21, 2015 #5 Mozilla sent Firefox Version 36.0.3 and Firefox ESR 31.5.2 to the release channel to fix security issues disclosed at the HP Zero Day Initiative's Pwn2Own contest. The update includes two (2) critical security updates. It appears that version 36.0.2 has been skipped in order to release the critical updates.
Mozilla sent Firefox Version 36.0.3 and Firefox ESR 31.5.2 to the release channel to fix security issues disclosed at the HP Zero Day Initiative's Pwn2Own contest. The update includes two (2) critical security updates. It appears that version 36.0.2 has been skipped in order to release the critical updates.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,052 Location Upstate, NY Mar 21, 2015 #6 Did you update yet? If not, you've saved yourself a step because Mozilla sent Firefox Version 36.0.4 and Firefox ESR 31.5.3 to the release channel to repair the incomplete version of this fix that was shipped in Firefox 36.0.3. The update includes one revised critical security update.
Did you update yet? If not, you've saved yourself a step because Mozilla sent Firefox Version 36.0.4 and Firefox ESR 31.5.3 to the release channel to repair the incomplete version of this fix that was shipped in Firefox 36.0.3. The update includes one revised critical security update.