FF 52ESR---FF57

[bob c]

So--can I have 52 ESR (and Seamonkey) on the same (drive)machine, and load at that time FF 57 to see what it's like, without it destroying in anyway-anything of my FF52 or Seamonkey.

Thanks

[Brummelchen]

https://portableapps.com/apps/internet/firefox_portable
or
http://kb.mozillazine.org/Creating_a_ne ... on_Windows
with
http://kb.mozillazine.org/Command_line_arguments

[therube]

SeaMonkey / FF or FF / SeaMonkey, one will not affect the other at all.

To run two (or more) SeaMonkey / FF (or combinations thereof) generally all you need to be aware of is to use separate Profiles for each browser version.

If you're going to run simultaneous instances of SeaMonkey's (or simultaneous instances of FF's) you'll need to open (any instance after the first) with the -no-remote switch. (Again SeaMonkey & FF don't interact, so you can run 1 instance of SeaMonkey & 1 instance of FF without needing a -no-remote switch.)

[c627627]

Make sure you backup your user profile, if possible you don't want it touched by Fx55/56/57 or higher.
I just did exactly what you asked, just now with Fx57 Beta10.
Holy smokes.... *nothing* works, vast majority of all my extensions have no replacements and as far as user interface modifications are concerned, forget about it, it's back to default and you're basically caged in [in comparison to mods you used to be able to do.]

Firefox 57 and later will be great for someone just starting out / people who haven't been exposed to all the extensions and modifications that worked on Firefox versions before v57.

But if you modded somewhat, let alone for 10+ years, I don't see how people would want to give up what they built all these years...
ESR until July 2018 for me, and then probably stay on ESR and give up browser security patches and rely solely on Antivirus/Firewall software for security after that.

I wonder what will kill Firefox ESR 52 functionality for browsing and how many years it will take?


Once again, backup your profile. Going back to Fx56 was not 100% possible until I deleted, copy/pasted back my backed up profile since some UI changes remained after going back from Fx57 to Fx56.

[Brummelchen]

how many years it will take?

quite a while - but will last longer as 3.6 and web pages. it started around v35/36 when getting compatible with modern web pages. but as delicacy1 in this forum always point out that v44 lacks also functionality - in special for extensions ^^
but the major problem is not compatibility more the fixed vulnerabilities and those concern much more.

[c627627]

I tried to get more information on that, unsuccessfully in several threads here.
If we take a relatively old version of Firefox today and its actual known critical vulnerabilities, what is the scenario and for which vulnerability, that would result in both exploitation of that vulnerability AND a fully updated quality Antivirus / Firewall combo not being able to intercept that exploit, which was triggered by an unpatched old version of Firefox?

[Brummelchen]

what is the scenario and for which vulnerability

the older the firefox the more attack vectors for any current payload free exploit. in fact pure javascript is able to trigger plugins through firefox and can cause an attack from behind - and no current antivirus is able to detect it - because such exploit were tested on each antivirus to work perfectly.

http://malware.dontneedcoffee.com/

[c627627]

Hm. And if Java SE Runtime Environment is not installed on the system, would that address that particular threat?

[flaneurb]

Java SE Runtime Environment has nothing to do with javascript.

[c627627]

Okay.
When he says trigger plugins, does that mean you have to have specific plugins installed for "pure" javascript to take you down, even if you have updated antivirus/firewall protecting you?

[Brummelchen]

exactly - in most javascript attacks a plugin is concerned (flash, pdf, java) - when enabled in firefox or allowed to run ("ask" confirmed). and common security software is not involved. thats why flash and other environments get so many updates because they offer attack vectors, stack overflow or else.

[c627627]

I mean, this is a conscious decision to give up security just to keep using Firefox as it is now. So even if the security issues were more serious, that wouldn't sway people who make a conscious decision to do this. You mentioned Flash, but Flash will be updatable on pre-Fx57 versions...
So it sounds like you would have to have a pretty specific old extension in order for it to trigger a major disaster.

[Frank Lion]

...and then probably stay on ESR and give up browser security patches and rely solely on Antivirus/Firewall software for security after that.

Firewalls are usually in the router and a good Sandbox program is a better route than anti-virus stuff in these circumstances.

[c627627]

Is Comodo Firewall okay?

[Frank Lion]

Is Comodo Firewall okay?

It's not bad and I notice the Comodo promo stuff makes the point that is often overlooked - antivirus software only detects what is known, not the unknown. Although, I would add, they are updated often.

Here's a useful overview - http://www.techradar.com/news/the-best-free-firewall

With the exception of OpenDNS (which is not a software firewall) the usual rules apply - like with The Highlander and anti-virus programs - 'There can only be one'.

In general terms, sandboxes (and also good firewalls) are not without their pain points at times, especially in the early stages of use, as limiting easy access to everything on your PC/device and at the same time giving you free roam can 'require patience'.

This is an area where a user cannot get away with the usual catch all of 'Oh, I'm a non-techie (and thus incapable of ever learning anything, other than how to play Call of Duty)' and some personal effort and responsibility is required.

However, getting whacked by ransomware or something is a far bigger pain point than the above, in my view.