Mozilla on Tuesday shipped Firefox 74. Wait, didn’t we just get a new Firefox a minute or two ago?

It may feel that way. Firefox 74 arrived just four weeks after its predecessor, continuing the faster release cadence promised last year.

The refreshed browser dropped support for the now-obsolete TLS 1.0 and 1.1 cryptographic protocols, blocked all add-on “side-loading” except that allowed by enterprise-managed group policy, and enabled support for a header element designed to safeguard against attacks based on the Meltdown and Spectre hardware-based vulnerabilities first revealed two years ago.

Mozilla’s security engineers also patched a dozen vulnerabilities, half of them labeled “High,” Mozilla’s second-most-serious threat label. As usual, some of the flaws might be used by criminals.

“We presume that with enough effort some of these could have been exploited to run arbitrary code,” the firm wrote of two of the bugs. Two others were discovered and reported by members of Google Project Zero, the search company’s team of researchers who root out unpatched flaws in Google and non-Google software.

Firefox 74 can be downloaded for Windows, macOS and Linux from Mozilla’s site. Because Firefox updates in the background, most users can simply relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page shows that the browser is either up to date or describes the refresh process.

This was the first version of Firefox to be released four weeks after its predecessor — Mozilla last upgraded the browser on Feb. 11. In September 2019, the company announced it would pick up the development and release pace by shortening the interval between upgrades from six weeks to first five, then to four.

Say farewell to TLS 1.0, 1.1

As expected, Firefox 74 pulled the plug on the outdated encryption protocols of TLS (Transport Layer Security) 1.0 and 1.1. When users try to connect to a site secured with either TLS version, Firefox now shows a “Secure Connection Failed” error page.

Source Article