Mozilla releases Firefox 78.0.2 security update - gHacks Tech News

ADVERTISEMENT

Mozilla releases Firefox 78.0.2 security update

Mozilla released Firefox 78.0.2, a new stable version of the web browser, to the public on July 9, 2020. The new version is a security update as it fixes a security vulnerability found in the stable version of the browser.

Firefox ESR, the Extended Support Release of the browser, was updated as well. The new version is Firefox EST 78.0.2.

Mozilla released Firefox 78 Stable and Firefox 78 ESR to the public on June 30, 2020.

Tip: you can check out this guide to get a better understanding of the differences between Firefox Stable 78 and Firefox ESR 78.

Firefox users may upgrade existing installations by selecting Menu > Help > About Firefox to start the update process. Firefox downloads the update, in my case a 5 Megabyte file, and installs it. Firefox needs to be restarted after the update has been applied to complete the process.

The update will be offered automatically as well to users; the manual method speeds up the installation of the update, however.

The new version of Firefox is also available as a standalone download from the Mozilla website.

Firefox 78.0.2

firefox 78.0.2

Firefox 78.0.2 is a security update first and foremost. It fixes the following security issue:

MFSA-2020-0003: X-Frame-Options bypass using object or embed tags

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header.

Mozilla gave the vulnerability a moderate rating. A CSV has not been assigned yet.

The new stable version of Firefox includes three bug fixes besides that:

  • Improved data resilience of the new address bar to better protect against data corruption (which coincidentally was the reason why Mozilla pulled Firefox 78 Stable shortly after release to address an issue that caused search provider and other corruption for some users in the browser). See here for more information.
  • Fixed an accessibility regression in reader mode.
  • Fixed a regression opening certain external applications (the bug report mentions Microsoft Teams, Microsoft Dynamics 365 CRM emails, and Citrix Receiver as affected). See here.

The next stable Firefox release is scheduled on July 28. 2020. Mozilla switched to a four-week release cycle recently.

Now You: When do you upgrade your browsers?

Summary
Mozilla releases Firefox 78.0.2 security update
Article Name
Mozilla releases Firefox 78.0.2 security update
Description
Mozilla released Firefox 78.0.2, a new stable version of the web browser, to the public on July 9, 2020. The new version is a security update as it fixes a security vulnerability found in the stable version of the browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Addy T. said on July 10, 2020 at 8:25 am
    Reply

    I install updates like this one immediately. When a new full version of Firefox is realesed I do, however, delay the update for several days, in order to wait for their obligatory 0.1 fix.

  2. owl said on July 10, 2020 at 8:42 am
    Reply

    My main browser is “Firefox ESR”.
    I use “Firefox Developer Edition” for AMO development support, etc and “Firefox Nightly” for testing.

    Most of the major update versions of programs have bugs that occur frequently within a month or two from the beginning of their release, making them uncomfortable to use (Especially in the updated version of Windows OS, troubles always occur and it is terrible. So I am updating manually).
    Since I have experienced such experiences many times (not limited to Firefox), Firefox “ESR” always reserves “major update (current: 68.10.0esr to 78 series)” until the support deadline.
    Until the “68” series support deadline, the required “security patches” will continue to be provided.
    If I want to use the “new functions” adopted in the new “78” series, “Developer Edition” is sufficient.
    Such a method is my style.

    Related information below:
    https://support.mozilla.org/en-US/kb/choosing-firefox-update-channel
    We currently offer two paths for Firefox updates: rapid release and Extended Support Release (ESR).
    ● Rapid release: receives major updates every four weeks and minor updates such as crash fixes and security fixes as needed during those four weeks.
    ● Extended Support Release (ESR): receives major updates on average every 42 weeks with minor updates such as crash fixes, security fixes and policy updates as needed, but at least every four weeks.

    In addition to different update cycles, the ESR currently has access to additional policies that are not available on rapid release.
    https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr

    Firefox Releases:
    Firefox release notes are specific to each version of the application. Select your version from the list below to see the release notes for it.
    https://www.mozilla.org/en-US/firefox/releases/

  3. ilev said on July 10, 2020 at 8:58 am
    Reply

    I am waiting for Firefox 78 ESR Portable.

    1. Pants said on July 10, 2020 at 11:04 am
      Reply

      IIRC, John doesn’t put those out until EOL (end-of-life) for the previous one. And now with basically 4 week cycles instead of 6, the overlap from new ESR to EOL of the previous is three releases (still 12 weeks). I expect the first portable ESR78 (based on 78.2) sometime after 25th August, although technically ESR68.12 is good until 22nd September

      [1] https://wiki.mozilla.org/Release_Management/Calendar

    2. owl said on July 10, 2020 at 11:29 am
      Reply

      The “Portable” version of Firefox is not official release and is developed and supported by “Mozilla & PortableApps.com”.
      Currently available for download:
      Version 78.0.2 for Windows, English (94MB download / 345MB installed)
      https://portableapps.com/apps/internet/firefox_portable
      Publisher: Mozilla & PortableApps.com (John T. Haller)
      Date Updated: 2020-07-10
      Date Added: 2004-04-16
      System Requirements: Windows 7, 8, 10 & WINE
      App License: Open Source (MPL/GPL/LGPL under Mozilla EULA)
      Source: Firefox, SQLite, Launcher source included, PortableApps.com Installer
      MD5 Hash: a2577e1abe31f52d5fa737e5248d3400 (English)
      SHA256 Hash: 5aaa3c896be34c39fea16e0889d17bd6e47541437744066d8c7a2eb4aa557e68 (English)

    3. John T. Haller said on July 13, 2020 at 1:11 am
      Reply

      We take a middle road approach to ESR as the purpose of it isn’t to upgrade right away. It’s detailed here: https://portableapps.com/support/firefox_portable#esr

      Short answer: Firefox ESR will be updated to 78.x when Firefox stable is updated to 79.x.

  4. Anonymous said on July 10, 2020 at 4:18 pm
    Reply

    Now You: When do you upgrade your browsers?

    Now. I updated 78 ESR version. Thank you Martin.

  5. James said on July 10, 2020 at 8:16 pm
    Reply

    I’m on Linux so usually whenever the package is in the repos. Being thus, KaOS typically is a couple of days behind.

  6. Lawrence said on July 11, 2020 at 11:13 am
    Reply

    I update as soon as an upgrade is available. Works fine nearly all the time. But … in this instance Firefox wiped all my settings (search & security etc., plus extensions and all bookmarks) – sigh. The update didn’t leave a copy of my old settings so a small time investment needed. Not fatal, just one of the risks of being an early adopter, but somewhat annoying.

  7. Mothy said on July 11, 2020 at 6:36 pm
    Reply

    I only use Firefox ESR and usually wait at least a day after a new release to install it to see if there are any issues. Then when ready it’s installed on an older laptop first as a test then on my primary system.

    I also stick with the same ESR branch as long as possible. Example in this case is 68.x until it ends with 68.12 in August in which I’ll then move to the newer branch (78.3) in September. By then most if not all of the bugs have been worked out in the newer branch so it’s pretty stable.

  8. Testertime said on July 12, 2020 at 7:59 pm
    Reply

    “Fixed a regression opening certain external applications”

    This bug has been actually a long-standing one. For example typing in something like steam://openurl/ into the address bar did not open in Steam. Good to see it’s fixed, though this changed my habit due to that bug. Now I use the “start” command in the command prompt.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.