Waterfox 56.0.2 security update released
Waterfox 56.0.2 is out. The new version of the web browser patches security issues that made the round recently.
In short: security researchers found flaws in processors that attackers can use to read data in memory that they should not have access to.
The patching requires updates to firmware, operating systems and even other programs such as browsers.
Microsoft released out of band security updates for Windows to address the issue and Mozilla released a patch for Firefox that mitigated it as well.
Waterfox 56.0.2 incorporates the same patch that Mozilla released. Spectre, Speculative execution side-channel attack, relies on exact timing to function. Mozilla reduced the precision of some of the time sources that Firefox uses to mitigate the issue.
Tip: The following articles may also be of interest to you:
- Waterfox 56 is out
- Waterfox 55.2 update and roadmap released
- Waterfox dev has big plans for the browser
Waterfox includes the December 7, 2017 security patches for Firefox as well according to the changelog.
Waterfox 56.0.2 includes changes and bug fixes as well. The biggest change in the new browser version impacts multi-process Firefox (e10s, Electrolysis). Waterfox will disable e10s automatically if add-ons are installed in the browser that are not marked as compatible with the multi-process architecture.
It is unfortunately difficult to find out which of the installed add-ons are not multi-process compatible.
Here is what you need to do:
- Load about:support in the Waterfox address bar.
- Select "show folder" to open the profile folder on the local system.
- Open the "Extensions" directory.
- Use an archiving program like Bandzip to extract the add-on file if the extension is provided as a single XPI file.
- Open the file install.rdf in the root directory of the extracted extension.
- Locate the multiprocessCompatible line and check if it states true (compatible) or false (not compatible).
- Repeat this for any installed add-on.
The remaining changes in Waterfox 56.0.2
- Updated libcubeb library to prevent audio issues on new Windows 10 builds
- Fix default browser check
- Fix plugin issues due to checking .mozilla instead of .waterfox.
- Fix of various white space issues
Waterfox users should update the web browser asap to the new version to protect the browser and their data against exploits. You can run a check for updates with a click on Menu >Â Questionmark > About Waterfox. The browser runs a check for updates when you open the about window. The new version is available for all supported desktop operating systems on the website as well.
Why some people still use Firefox 52 ESR over this one is beyond me. Good to see continued security updates.
They probably don’t know or want to use a Mozilla product specifically.
SharedArrayBuffer is already disabled in Firefox 52 ESR
@Anonymous: That’s not what I meant.
Because you have no idea what you’re talking about.
@Anonymous: I know what I am talking about. Firefox 55 introduced noticeable startup and general performance improvements. Furthermore, WebExtensions support was improved since Firefox 52. Since Waterfox offers all those enhancements as well as all recent security patches, it makes zero sense to use FF 52 ESR over Waterfox.
Firefox 55 is faster mostly because of paralellization (multiprocess). It processes more things in separate processes.
Donâ€™t forget that multiprocess is disabled by default on Firefox 52 ESR, but you can force-enable it and it works perfectly.
Firefox 52 ESR is the best Firefox version because it still supports installing unsigned addons and still supports NPAPI plugins. New Firefox versions changed the behaviour of some features to worse, like Firefox 55 blocks Flash from loading content from any other URL scheme outside HTTP and HTTPS.
@vosie: Sorry, but this is not correct.
For one, Waterfox too supports unsigned add-ons by default. It too supports all NPAPI 64 bit plug-ins. You can toggle the Flash behavior you describe, if you really need Flash.
Multiprocess is in both browsers, true, but the startup improvements specifically were only introduced in Firefox 55 and thus – by definition – can’t be in FF 52 ESR. FF 55 and 56 also support more processes than Firefox 52.
I was comparing Firefox 52 ESR to Firefox 55, not Waterfox.
If you force enable multiprocess in Firefox 52, it reduces the performance difference compared to Firefox 55.
You can enable more processes in Firefox 52 too.
I also forgot to mention that Firefox 52 ESR is the last version supported on Windows XP.
Appster: “Why some people still use Firefox 52 ESR over [Waterfox] is beyond me.”
Well … “I cried because I had no shoes, until I met a man who had no feet.” — Persian poet Sa’adi Shirazi, in ‘Gulistan’ (1259 CE)
I prefer Cyberfox, which is offered in x32 & x64 flavours. Even so, I end up running the x32 build (after trialling various x64 builds), because my system has only 4 GB RAM (although my OS is x64).
On the other hand, I always opt to use x64 builds (where available) for all other applications. But I prefer x32 builds specifically for web browsers because:-
1) Modern web browsers tend to hog excessive RAM even for casual browsing alone. I want some spare RAM to run other applications (generally x64) alongside the browser. When using a x64 browser, not only is the browser noticeably slower to do anything, the system gets slowed down too.
2) It’s not as if I’m carrying out intensive tasks like video transcoding using the browser itself, so there is no need to use x64 builds to optimize performance.
Just wait until June, the time they will get the new ESR
> Why some people still use Firefox 52 ESR over this one is beyond me.
Privacy is one objective reason, but I doubt many people are aware of why it is so. People mostly use this or that browser for subjective reasons. Good luck to Waterfox either way!
Appster you are correct. Waterfox is the best of both worlds.
I am pleasantly surprised that WF was updated so soon.
In regards to extensions not being marked as compatible with multi-process some extensions work fine but don’t indicate whether they are compatible or not. One example is “Bookmarks menu v1.92” which as it turns out works fine with multi-process. I’ve been using it for years and currently use it in FF v56 and in Waterfox. I think Bookmarks menu is the only Legacy addon out of 10 Legacy addons that didn’t indicate one way or the other in the install.rdf file if it was compatible, or not.
Anyway, what I did back when was set the about:config entry “extensions.e10sBlocksEnabling” to false. Using that setting in Firefox v56 on the about:support page it says “Multiprocess Windows 1/1 (Enabled by default)”. In Waterfox it instead says “(Enabled by user)” which is weird, same exact addons are used, but multi-process works fine in both browsers. In Options/General/Performance it will show “Content process limit 1 (default)” which will actually mean there will be 4 processes shown in the Task Manager of Windows. You can raise the number of content processes in the Performance section or you can use “dom.ipc.processCount.web” set to 4 which will then show up as the “default” like in FFv57, the entry will be a new integer. Left mine at the default of 1 content process which is 4 in the Task Manager.
@Appster “Why some people still use Firefox 52 ESR over this one is beyond me”
My reason is that Waterfox is only for those that have a 64bit OS!
I have w7 pro 32bit I7 and do not want to purchase a new w7 pro 64bit just for Waterfox.
Firefox 52 ESR is working good for me.
Same here + many others.
Waterfox ignores 32-bit pc users,
as if they didn’t exist…
our perfectly operational 32-bit pcs
just because of the lack of perspective
of a software Co.
Hope they they see us
in the near future
and come out with a 32-bit version
(Linux in my case).
we continue to use Pale Moon
(a great browser, runs most / all FF addons, 100% OK!).
@GiddyUpGo and Sfer: It really boils down to how prevalent 32 bit still is. macOS did away with it in 2011 already, and AFAIK nearly all Windows machines in recent memory were 64 bit ones as well. At least since Windows 7 times. Most people see no reason to install a 32 bit OS on 64 bit hardware, when it comes to Linux. So… How many people are still using 32 bit? 10% at best?
So the Waterfox dev has to decide whether or not it’s really worth it, considering the numbers.
Alex announced the update already a few days ago on the WF (reddit) forum.
I changed 2 weeks ago from FF quantum to WF. All went smoothly..well apart from the fact that I cannot tick the ‘remember logins for websites’ box (Options/Security). Funnily enough it imported all my old logins from FF and they work???.
I use both. They are both free. ;)
Is it possible to override Waterfox’s change related to E10S and addons? So if you force enable E10S will Waterfox’s new change disable E10S if it thinks the addons is “incompatible”? Or if you force enable it, does it remain enabled forever?
@vosie: Sure, you can override the default behavior. Create the new boolean “browser.tabs.remote.force-enable” in about:config and set it to “true”. If you don’t delete this boolean, it will stay in place even when you update the browser.
Does anybody know what’s going on with Waterfox for Android? The latest version is 55.2.0 and it’s been a while since the last release…
im a long term palemoon user so why would i use waterfox over palemoon.?
I see no valid reason to do that.
Contrary to Pale Moon, Waterfox supports more recent versions of add-ons. Due to Pale Moon featuring a Firefox 28 interface, you are stuck with add-ons from this era (2014 and older), unless the add-on author decided to specifically support Pale Moon. That’s why.
its basically a 64bit firefox with firefox privacy adjustments.the data collection mechanisms which waterfox has apparently removed can be disabled in firefox,
@Kubrick: I don’t need to try again. You asked what makes it better than Pale Moon, and I told you so. Whether or not Firefox offers the same advantages is not of any meaning when it comes to Pale Moon vs. Waterfox.
Anyone notice Waterfox running very slowly after this update?
Android version v.56/57? Is it happening? 55 still runs better than the latest FF (which has a tendency to often crashes) but I think is left behind security-wise.
It appears from another Waterfox advocate on the MozillaZine forum, that Waterfox will soon be based on v60, and Alex will be dropping XUL-based extensions. Is this true?
Won’t it essentially be Quantum then?