Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Mozilla Firefox 16.0 Final

anuraag

By anuraag
in News & Updates

Recommended Posts

anuraag

anuraag

Posted
Posted

Firefox is the award winning next generation browser from Mozilla. Firefox empowers you to browse faster, more safely, and more efficiently than with any other browser. Make the switch today - Firefox imports your Favorites, settings and other information, so you have nothing to lose. Stop annoying popup ads in their tracks with Firefox's built in popup blocker. View more than one web page in a single window with this time saving feature. Open links in the background so that they're ready for viewing when you're ready to read them. Built with your security in mind, Firefox keeps your computer safe from malicious spyware by not loading harmful ActiveX controls. A comprehensive set of privacy tools keep your online activity your business.


Thanks to sternog for the update.


Download

Link to comment
Share on other sites
  • Replies 25
  • Views 4.2k
  • Created
  • Last Reply
Olexijl

Olexijl

Posted
Posted

Not supporting MD5 based certificates. Is this really a bug? If i read changelog it is claimed as one.

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

Not supporting MD5 based certificates. Is this really a bug? If i read changelog it is claimed as one.

Read the bugzilla page and Wiki MD5.

MD5, though helpful in detecting file hashes, isn't safe to do certificate and security stuff anymore.

MD5 certificates may be compromised when attackers can create a fake cert that hashes to the same value as one with a legitimate signature, and is hence trusted. Mozilla can mitigate this potential vulnerability by turning off support for MD5-based signatures. The MD5 root certificates don’t necessarily need to be removed from NSS, because the signatures of root certificates are not validated (roots are self-signed). Disabling MD5 will impact intermediate and end entity certificates, where the signatures are validated.

The relevant CAs have confirmed that they stopped issuing MD5 certificates. However, there are still many end entity certificates that would be impacted if support for MD5-based signatures was turned off in 2010. Therefore, we are hoping to give the affected CAs time to react, and are proposing the date of June 30, 2011 for turning off support for MD5-based signatures. The relevant CAs are aware that Mozilla will turn off MD5 support earlier if needed.

https://wiki.mozilla.org/CA:MD5and1024

So yea, looks like a security enhancement to me. :rolleyes:

Link to comment
Share on other sites
thylacine

thylacine

Posted
Posted

http://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/

Security Vulnerability in Firefox 16

Issue:

Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.

Impact:

The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.

Status:

Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [http://www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.

Michael Coates

Director of Security Assurance

Link to comment
Share on other sites
spudboy

spudboy

Posted
Posted

Thank you very much for the information. :rasta:

Using FF 15.

Doesn't make sense to go back to an older version with 14 other vulnerabilities that were fixed in FF 16.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...