Mozilla sent Firefox Version 37.0 to the release channel.
The update does not include any security fixes. See Correction reply posted below.
A major addition included in the browser is called Heartbeat (https://wiki.mozilla.org/Advocacy/heartbeat), described as User Voice in Firefox. Essentially, it is a user rating system. Heartbeat will appear randomly requesting a rating:
(https://wiki.mozilla.org/images/4/47/Heartbeatflow1.png) (https://wiki.mozilla.org/images/4/47/Heartbeatflow1.png)
which may be followed by an "Engagement" request:
(https://wiki.mozilla.org/images/a/a0/Heartbeatflow2.png) (https://wiki.mozilla.org/images/a/a0/Heartbeatflow2.png)
Personally, this seems like a whole lot of nonsense to me and a wasted effort on the part of Mozilla.org to increase its following. It is nonsense like that that convinces me further that I made the right decision to switch to Pale Moon.
If you do not wish to allow Heartbeat, it can be disabled as follows:
- Open about:config
- Click "I'll be careful, I promise!" when presented with the warning.
- Type selfsupport in the search box
- Set browser.selfsupport.url to ""
Additional information about the update is available in the Mozilla Firefox Release Notes (https://www.mozilla.org/en-US/firefox/37.0/releasenotes/)
Correction: Although not listed in the Release Notes, it appears that Version 37.0 does indeed include security fixes: four (4) critical, two (2) high, five (5) moderate and one (1) low.
Mozilla Foundation Security Advisories — Mozilla (https://www.mozilla.org/en-US/security/advisories/)
Thanks ky331!
Thanks for the directions to mute another nonsense addon!
I'll install and fix this on my husband's desktop. Of course I have the FF icon hidden. Palemoon is front and center for him to use.
I haven't had the incentive to even launch FF to update it after seeing that. Basil commented to me in Twitter:
QuoteIt seems to me Firefox has lost its way! I am also glad I use Pale Moon. :-)
All I could think about after reading that was Bing Crosby singing about the lambs who have lost their way, apparently named the "Whiffenpoof Song". Substituting Firefox for lambs seems to fit:
We're poor little Firefox who has lost our way
Baa, baa, baa
We're little Firefox browser who has gone astray
Baa, baa, baa
I tried to update to 37, on the one computer NOT having the ESR on today, April 1st and was told it was up to date. Now I'll have to see if v 37 was pulled.
By the way, the ESR was updated to v 31.6.
I'm still on v36.0.4 and I don't intend to update it until I get the FF popup.
There is definitely something wrong with their update mechanism. I haven't used Firefox in so long, I decided I should get the update. Launched Firefox and the desktop computer (but not the laptop) got the Windows Security Alert about the Windows Firewall exception for public networks. Denied and then checked for updates. Supposedly 36.0.1 is up to date on both computers. Not hardly. Aside from 37.0, the last version update was to 36.0.3.
Quote from: Corrine on April 01, 2015, 03:54:12 PM
There is definitely something wrong with their update mechanism.
^ Agreed!
In-place upgrade failed for me yesterday, it downloaded and restarted FF but no good. Manual update worked fine.
Not sure I'll have any time today to work through the Mozilla quagmire to find out what's happening.
I'm not certain it is worth attempting to work through the Mozilla quagmire. The manual update doesn't even work on two machines here.
Quote from: Corrine on April 01, 2015, 06:27:41 PMThe manual update doesn't even work on two machines here.
That must be via the stub installer? Have you tried using the full fat installer (http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest/win32/en-US/)?
No, I haven't tried the full fat installer. I went the usual route Firefox > Help > About Firefox and there was no "Check for Updates" option. However, I just got home, read your reply and checked again. This time I was offered 36.0.4.
A buggy Mozilla Maintenance Service/server response could fit the bill here? https://wiki.mozilla.org/Windows_Service_Silent_Update
QuoteApplying an application update from Firefox's perspective
On Firefox (or any other Mozilla application that uses the service) startup, Firefox detects an update is ready to be applied
Whether or not the service should be used, Firefox executes updater.exe unelevated.
Firefox shuts itself down.
updater.exe unelevated checks to see if the service should be used, and if so tries to start the service with the appropriate command line parameters.
If the service can't be started, is disabled, or does not exist, Firefox will execute updater.exe as it used to without the service.
If the service was used, updater.exe unelevated waits for the service to be stopped, which indicates the update is done.
Once done updater.exe unelevated will run the callback application and the post update process.
I don't have it active here, I set it to Disabled normally but it does seem to revert to Manual after each update/alt. install.
I don't have the Mozilla Maintenance Service installed and have always had the option "Check for updates but let me choose whether to install them" selected. It seems rather strange that the same thing happened on three systems (Windows 7 laptop, dual boot desktop with Windows 7 and Windows 10).
My 8.1 system downloaded and installed on the first attempt :blink:
I'm not going to worry about it since I use Pale Moon all the time and it is up to date. The only reason I checked was because of plodr's experience.
Quote from: Corrine on April 01, 2015, 10:15:58 PM
I'm not going to worry about it since I use Pale Moon all the time and it is up to date. The only reason I checked was because of plodr's experience.
I use IE 11, FF is the backup because of all the cool add-ons you told me about :grin:
Apparently Firefox 37.0 is experiencing "some" problems although it can still be downloaded and installed at this time. For those that have not upgraded to this version should perhaps wait for an official explanation as to why this is - from Mozilla.
This information is as clear as mud ~
https://support.mozilla.org/en-US/questions/1055077#answer-711946
Is Corrine trying to derail the thread with tales of that MoonRaker Browser ?
Quote from: winchester73 on April 01, 2015, 10:10:04 PM
My 8.1 system downloaded and installed on the first attempt :blink:
ditto
Quote from: siljaline on April 01, 2015, 10:25:52 PM
Apparently Firefox 37.0 is experiencing "some" problems although it can still be downloaded and installed at this time. For those that have not upgraded to this version should perhaps wait for an official explanation as to why this is - from Mozilla.
This information is as clear as mud ~
https://support.mozilla.org/en-US/questions/1055077#answer-711946
The above is the highest crash % logged, a crash on startup within the the graphics section on x64 Windows, probably related to Windowblinds modifications.
Half the 'Top Ten' crashes for 37.0 affect graphics - a pretty important part of a browser ;)
Best to wait for the next update - or the one after that ...
Quote from: siljaline on April 01, 2015, 10:28:34 PM
Is Corrine trying to derail the thread with tales of that MoonRaker Browser ?
That's a 007 movie and Corinne Cléry
:exorcize:
I experienced this on ONE of my systems (Win7x64)... the update downloaded, and told me FF had to restart. But it didn't open/update after that. I got around the issue by downloading a FULL copy of FF 37, and installing it on top of my existing version.
I checked again this morning and was told that 36.0.4 was up to date - again. Tired of the nonsense (and FF is only used as a backup), I downloaded ESR from here
https://www.mozilla.org/en-US/firefox/organizations/all/
and chose custom install because I don't want the maintenance service installed. It realized it was an upgrade to the 36.0.4. I clicked upgrade and it installed with no problem retaining all my customizations, bookmarks, etc.
Phew. Now all four computers are running the ESR which comes with 2 years support rather than the 6 week new version cycle.
ESR is updated but for security not to add bells and whistles that I neither want nor need.
I can't understand why if you are not a systems Admin
QuoteFirefox ESR is intended for groups who deploy and maintain the desktop environment in large organizations.
You are running this. :blink:
Firefox Release versions: like Paris fashion show week
Firefox ESR: what people actually buy and wear
ESR is the low maintenance stable version, for users that want minimum downtime; something that 'just works' and is just as secure as the latest fun-filled but fragile version :cool:
Satrow put it nicely. Because it works and is secure.
Each to their own I suggest. :)
It seems 37.0 has been pulled, updates (including manual checks) are disabled due to crash issues, and 37.0.1 is undergoing testing.
Known issues with v37:
https://bugzilla.mozilla.org/show_bug.cgi?id=1149761
https://bugzilla.mozilla.org/show_bug.cgi?id=1149864
Sorry, I thought Andy had posted that. I guess it was at another forum. :oops:
Quote from: Corrine on April 03, 2015, 06:46:46 PM
Sorry, I thought Andy had posted that. I guess it was at another forum. :oops:
Blame Mozilla, I'm not even sure what I've read or posted about this issue and I really don't want to work backwards to check where it might have been :moreevil:
I
think I picked the top link up a couple of pages away from
siljaline's link in #16.
One way or another, the information has been shared.
Looks like FF 37.0.1 is now available https://www.mozilla.org/en-US/firefox/37.0.1/releasenotes/
Changed: Disabled HTTP/2 AltSvc
Fixed: Start-up crash due to graphics hardware and third party software
[New security fixes, if any, are not yet documented...]
For what it's worth, I had to go through the internal updater TWICE on one of my systems (Win7x64). The first time, it downloaded the file, and advised me I had to close FF to complete the installation. I closed FF, but nothing happened. Task Manager showed me that, in some form, FF was running (still? again?)... but nothing visual that I could see. I "killed" the FF process, was able to open the program, to see that it was still version 37.0. I gambled on trying the update again, and this (second) time, it worked.
As usual, the security fixes were updated afterwards...
Fixed in Firefox 37.0.1
2015-43 Loading privileged content through Reader mode https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/
4.6 MB update, went smoothly on Win 8.1 box, using the Help > About Firefox method.
Went smoothly when I updated my Win8.1 (32) tablet. But it had gone smoothly here the first time (37.0).
It was just on my primary Win7x64 system that I ran in to the update glitches... badly to 37.0, "temporarily" to 37.0.1
I just succeeded at the 4th attempt on W7x64.
Internal updater failed on both the stub and the full installer, the main FF download page stub failed - all 3 delivered 37.0 (which I was trying to upgrade from). Finally succeeded with the full 37.01 download from the FF languages page.
Phew!
As posted by Win, I too checked Help/About and it auto updated to 37.0.1
All is good. :)
Quote from: winchester73 on April 03, 2015, 09:01:39 PM
4.6 MB update, went smoothly on Win 8.1 box, using the Help > About Firefox method.
Same here...
I suspect that if I'd waited, it would have updated automatically.
I'll agree on that Pete. :thumbsup:
Version 37.0.1 includes one (1) critical and one (1) high security update.
Release Notes (https://www.mozilla.org/en-US/firefox/37.0.1/releasenotes/)
As far as I can tell the Firewall Exception noted in previous builds has been eliminated.
Some setup types will want to send your installation metrics to Mozilla - be wary of this.
QuoteMozilla has pulled Firefox 37's opportunistic encryption feature after less than a week when it learned that tech designed to enhance security actually broke SSL certificate validation.
A simple patch wouldn't do the trick, so Mozilla opted to release an update, Firefox 37.0.1, that removed opportunistic encryption.
http://www.theregister.co.uk/2015/04/07/mozilla_crypto_encryption_snafu_pull/
https://twitter.com/TheRegister/status/585417534914088962
New Tracking Protection feature available
http://www.landzdown.com/security-alerts-briefings/firefox-'tracking-protection'-feature/msg175347/?topicseen#msg175347
Release 37.0.1 seems to be buggy. It has crashed a few times today.