Upgrading To 57 A Big Mistake

[wingspar]

Another question. I see a number appearing over the AdBlock Plus icon and it constantly changes. What is that number for?

[Vitesse]

Firefox dropped mainstream support for XP - and Vista - a while back. If you wish to use an XP machine with Firefox, the latest version which you can use is 52 ESR (Extended Support Release), which is primarily designed for enterprise users. It still receives seccurity updates, but you should be aware that in due course even that will eventually no longer work on XP.

If you're unhappy with Firefox 57 on your main Winows 7 system then rather than reverting to Firefox 56, can I suggest that you look at Waterfox? It is essentially Firefox 56, will continue to receive security fixes and developments and installs alongside Firefox, using its own profile, which it will import from your existing Firefox.

[Kevin McFarlane]

Just make sure your running a really good anti-virus with that out of date and vulnerable version of Firefox.

56 was last updated in October. To me, that is NOT old and outdated. Yes, I run a very strong firewall and antivirus.

Out of date as in it will not get security updates.

[smsmith]

Another question. I see a number appearing over the AdBlock Plus icon and it constantly changes. What is that number for?

The number of items blocked on the page by your filters.

Also, as Kevin mentions, v56 will no longer get updates. v57 has had at least one security related update since its release, and it's going to be retired itself in about a week or two. At this point, if you really insist on using an older version of Fx, the absolute best option is to use the ESR (extended support release), which is meant for people/groups that don't need or want to update every six weeks. It won't be retired until July, I believe, before being updated to v60+/- base.

[RobertJ]

.
As smsmith and others have said, moving to the ESR is the best solution until July; after that ESR it will be based on FF60.

If you haven't read about the latest Meltdown and Spectre bugs that affect a variety of CPUs, you should. FF57 has made changes to mitigate the problem.

Security should not be taken lightly; and, virus protection is not enough. It will not solve the malware threat.

Ignore at your own risk.

.

[Frank Lion]

http://slash7.com/2006/12/22/vampires/

That isn’t what I want to do. I want to go back to 56.

We are here solely to grant your every wish - http://ftp.mozilla.org/pub/firefox/releases/56.0.2/

Sorted.

[makaiguy]

http://slash7.com/2006/12/22/vampires/

Great find, Frank.

[LIMPET235]

Just a FWIW, if anyone cares to "take the test."
From, > https://www.askwoody.com/

Günter Born has an important recap of the the test website xlab.tencent.com,
which "has a tool" that can check to see if your browser is currently susceptible to Spectre attacks.

Well, after trying it in my old/er version, I am not vulnerable,
but with v57.0, I am.
Test site > http://xlab.tencent.com/special/spectre ... check.html

Interesting.

[Brummelchen]

my 57.0.4 is NOT concerned - fresh profile - seems you have nuts

$ Start checking...
$
$ According to our checking
$ Your browser is NOT VULNERABLE to Spectre
$

a notice to current question - we should not take care again of quantum deniers - let them run into trouble, thats no longer our business, too much talking about pros and cons and rants. although i am a responsible - just fed up.

[bob c]

Just a FWIW, if anyone cares to "take the test."
From, > https://www.askwoody.com/

Günter Born has an important recap of the the test website xlab.tencent.com,
which "has a tool" that can check to see if your browser is currently susceptible to Spectre attacks.

Well, after trying it in my old/er version, I am not vulnerable,
but with v57.0, I am.
Test site > http://xlab.tencent.com/special/spectre ... check.html

Interesting.

Is that site for real on the test. States my browsers, 3, (SeaMonkey, ESR, 57.0.4), all are not vulnerable. How can that be? What am I missing? Or is it not legit?

[Frank Lion]

..Test site > http://xlab.tencent.com/special/spectre ... check.html

Yeah, because I'm really going to click a button on an unknown Chinese test site for Spectre vulnerability,, all on the assumption that the 'askwoody' site has checked it out properly.

Not going to happen.

[LIMPET235]

Why is my v57.0 vulnerable?

Well, it's probably because it's just that > v57.0 & not the latest, 57.0.4 or whatever "they're" up to now.

Strange that it said my old/er version was not though.


&, Yes.
The test is legit. (Woody & Gunter said so.)

It's just getting a few minor? tweaks.

[bob c]

This is from article at ghacks.net (https://www.ghacks.net/2018/01/11/find- ... e-attacks/) website about the Tencents test for vulnerability.


"This uncertainty is a thing of the past however as Tencent’s XUANWU Lab released an online tester that checks whether web browsers are vulnerable to Spectre."

[therube]

Not all browser versions were affected by all the associated exploits.
52 is not affected (or not affected - enough), though the next 52.6 ESR release will have additional mitigations.
57.0.0 - 57.0.3 were affected, with some "fixes" included in 57.0.4 (& you've got to figure that 58 will have more).

[mightyglydd]

quantum deniers

Oh dear..... a new talking point/'name shaming' for Moz-Co agnostics?