Firefox fixes cryptographic data leakage in latest security update

Naked Security

We don’t know whether lockdown has anything to do with it, but how time flies!

We couldn’t believe it either – it’s four weeks since Firefox’s last regular security update.

If you want to check your version numbers, Firefox 76.0 is now replaced by 77.0; Firefox 68.8.0ESR is now 68.9.0ESR, and the Tor Browser, based on Firefox ESR, is now at version 9.5 and based on 68.9.0ESR.

As we’ve explained before but we’ll mention again because it’s useful to know, the first two numbers in the ESR version should add up to the leftmost number in the regular release.

So the current ESR is based on the feature set of Firefox 68, but with 9 updates’ worth of regular security fixes in there, so it is at 68+9=77 in security terms.

For organisational users of Firefox who are conservative about new software features but aggressive about installing security patches, the ESR version is an excellent compromise.

Full article