You were already protected from this bug (and many more), if you have been using NoScript all along.
It's like this nonsense of saying users need to run anti-virus on their TV sets. Why in god's name do I need, or want, a TV that can run programs in the first place? I can happily plug programmable devices into my set via HDMI, and I can happily choose not to, as well.
But *need* it? No - you don't need it. Not even amazon needs it. Enter name, press search. You might not get the menu of items similar to what you'd typed in so far, but frankly, that's so rarely useful for me, I could live without it (and probably it would make the site faster as it's not sending messages to the server every keystroke...)
This is a bad thing.
I do love the understatement of Reg articles :-) ... keep it coming guys, I've got a pile of replacement keyboards to go with my morning coffee.
This post has been deleted by a moderator
"For comment, we've brought in a noted IT security expert with a PhD in Compsci and 25 years of experience in the field to argue in favour, and a plumber called Tom who can't turn on his laptop without help from his grandchildren to argue against. We're going to give them both equal airtime and treat their opinions as equally valid on the topic."
Here's an idea - why doesn't Mozilla offer security fixes separately from new versions of the browser? I'm getting tired of having to install a new version because some critical bug has been discovered, only to find a whole new set of pointless features (like Pocket) that I'm never going to use have been added. Or worse, you find that some feature you actually use has been "deprecated" because the developers decided they can't be arsed to support it any more (live bookmarks, anyone?)
Or here's another idea - why don't developers actually ask the users what they want instead of just rolling out new features then complaining when the users express dissatisfaction with their precious ideas?
Sorry, rant over.....
I must have disabled the auto-update as I use a few quality of life addons that always seem to break when I upgrade
Once it was Adblock....
So I get a nag box instead, though to be fair it nags once per session.
The complaint here, I believe, isn't that it updates a lot - it does, but that's vigilance for you - it is that extra "features" seem to sneak their way into what nominally should be a security patch.
> why doesn't Mozilla offer security fixes separately from new versions of the browser
They do. They offer an ESR version that only gets security and bug fixes, and a normal version that gets new features and fixes.
Note that providing security fixes to N different versions of the browser takes about N times as much engineering effort as just supporting a single version. So Mozilla chose N = 2 - you get the ESR version and the normal version. Providing security fixes for the last 20 versions of the browser would be far too much effort for not enough benefit.
https://linuxhint.com/getting_latest_version_firefox_linux_mint/ suggests getting the Snap version, or, and I think you won't want to do this, an "unofficial" "flatpack" download which comes as "developer" or "nightly" edition, which I think means respectively "prominent new bugs" and "extraordinary new bugs".
Having said that, I am looking (in Microsoft Internet Explorer) at the release-channel appearance of version 67.0.4 for some reason, at https://www.mozilla.org/en-US/firefox/67.0.4/releasenotes/
Yup, https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ says that we now need, or anyway want, version 67.0.4, or ESR 60.7.2.
Biting the hand that feeds IT © 1998–2020