4/24/2023 0 Comments Update waterfoxPlease also keep in mind that most of these smaller web browser projects are volunteer efforts by small teams with lives and families of their own. You need to decide for yourself what is an isn’t an acceptable security risk for you. However, you should be aware that alternate web browsers will be lagging behind the original projects when it comes to security updates. I’m not trying to convince you not to explore different web browsers. I reached out to the project’s account on Twitter (no other point of contact was provided on the project’s website), but haven’t heard back. They appear to have dropped the ball on the second security update, however. Waterfox is mostly a one-man project, but managed to deliver the first security update in a timely manner. Their project commit log shows that a developer had done the work required to update their codebase on Monday, but it still took them until Friday to push out the update. The Tor Project caters to people who need strong security and privacy, and it’s good to see them keeping up with the latest developments.Ĭliqz was slower, and took three days to release the first update, and then didn’t release the second update until I prompted them about it a week later for this article. The Tor Browser was quick to release an update for both issues. Pale Moon is a true project fork from Firefox and no longer shares the vulnerable components that were affected by the recent security issues. Both the current and EST versions of Firefox were vulnerable to the zero-day security issues. The most popular browsers unsurprisingly has the most resources to track upstream releases more closely.Ĭliqz and Waterfox ship the latest version of Firefox, and the Tor Browser ships the slightly older Extended Support Release ( ESR) version. The above table is sorted by the estimated number of active users for each web browser. Waterfox is specifically for 64-bit systems, with one thing in mind: speed. The below table shows how many hours it took after Mozilla Firefox had released an update before downstream projects released an update to address the problem:ĭownstream project hours to release after Firefox upstream release Waterfox G3.2.6: A browser based on the Mozilla Firefox source code. I’ll use the same Firefox derivatives I’ve featured before: Tor Browser, Cliqz, Waterfox, and Pale Moon. Mozilla released Firefox 67.0.3 and 67.0.4 two days apart to address each of these issues. The two security vulnerabilities in question, CVE-2019-11707 (MFSA-2019-18) and CVE-2019-11708 (MFSA-2019-19), were both zero-day critical security vulnerabilities that were known to be actively exploited on the web. This provided an excellent stress test and case study for how quickly Firefox derived web browsers ship security updates. Mozilla released two security updates to their open-source Firefox web browser just two days apart.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |