Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Firefox Mozilla Security

Mozilla Warns Users To Update Firefox Before Certificate Expires (bleepingcomputer.com) 26

Posted by BeauHD from the PSA dept.
Mozilla is urging Firefox users to update their browsers to version 128 or later (or ESR 115.13 for extended support users) before March 14, 2025, to avoid security risks and add-on disruptions caused by the expiration of a key root certificate. "On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post. "We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted." BleepingComputer reports: A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:

- Malicious add-ons can compromise user data or privacy by bypassing security protections.
- Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
- Compromised password alerts may stop working, leaving users unaware of potential account breaches.

It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system. Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.

Mozilla Warns Users To Update Firefox Before Certificate Expires More | Reply

Mozilla Warns Users To Update Firefox Before Certificate Expires

Comments Filter:

  • As the advisory says, go to FF115ESR (Score:4, Informative)

    by williamyf ( 227051 ) on Thursday March 13, 2025 @07:27PM (#65231655)

    If you like old browsers, and I know some of you do, go to FireFox ESR115 as per the advisory. Run on Win7, Old MacOS too, and it gets security patches ~4 weeks. No new UI, no new features, just security patches...

    Problem is, at this stage, support for it is a the whim of mozilla.

    I am writing this from FireFox ESR128, so I am on that train too.

  • Given the size of Firefox user base, if it all blows up, it will affect 2-3 users at best.

  • its 2025 use DNSSEC and DANE

    https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

  • And you waited until NOW to mention this?

    And another thing:

    Firefox users ... will not be able to use their add-ons

    Malicious add-ons can compromise user data

    Which is it? Will add-ons be disabled across the board, or will add-ons run indiscriminately, unchecked by revocation lists?

    • You can have both, really. In regular builds, signature validation will fail and add-ons might not work. In special builds, signature validation can be turned off entirely and you can install whatever you want, including malicious add-ons.

    • Firefox automatically updates, I am currently on 136.0.1, and 128 was released on July 9, 2024, so unless you turned it off it shouldn't be an issue.

  • notice? (Score:3)

    by v1 ( 525388 ) on Thursday March 13, 2025 @08:57PM (#65231839) Homepage Journal

    thanks for giving us.... one day's notice?

    • It's just slashdot that's slow. This notice went out elsewhere a while back.

    • thanks for giving us.... one day's notice?

      Pfft. This isn't even one day notice on Slashdot given that this article is a dupe!

  • Posting this from Ver 85.0 (Score:3)

    by jenningsthecat ( 1525947 ) on Thursday March 13, 2025 @09:41PM (#65231913)

    I have later versions as Snaps or Flatpaks or whatever, and I use them when I must. But the UIs are such utter crap that I find them totally unusable as daily drivers. I've tried the CSS and about:config changes to clean them up, but there are still too many areas where the UI just sucks ass. I've been looking at other FF derivatives, but so far they're all problematic. I'm not sure what I'm going to end up using

    Is it too much to ask to have a little bit of colour, always-present dividers between tabs, and always-present scrollbars with steppers that aren't pencil-line thin by default? The hacks that make them sorta usable also make them misbehave by covering up content - and as a 'bonus' they're butt-fucking ugly.

    I can't help thinking that if FF hadn't given the middle finger to so many users who complained over the years about crappy UI choices and disappearing features, maybe they'd still have a decent and growing market share. Maybe they wouldn't have had to whore themselves out to advertisers while facing the impending doom of their organization and everything it worked for over the past two decades. Fucking arrogant, narcissistic wankers.

    • If you're using version 85 was last updated February 2021, your setup is certainly vulnerable. You really should look into alternative update mechanisms. For the scrollbar, I set widget.non-native-theme.scrollbar.style=4 and I don't see it covering the contents.

  • Sure, why not? Oops, I'm on Windows XP.

  • No. No updates until the terms of service themselves are rewritten acceptably. Extra explanations tacked on as promises are insufficient. I have been refusing updates ever since that changed. If that's going to break Firefox, then it's going to break and I'll start the search for a replacement.

  • I've been a Firefox user for decades. But I'm tried of their updates breaking things and taking away functionality. I'm updating, but to Brave. Goodbye Firefox.

Slashdot Top Deals

"I think trash is the most important manifestation of culture we have in my lifetime." - Johnny Legend

Close