Mozilla Releases Firefox 43.0.2 and Firefox ESR 38.5.2

In late December 2015 Mozilla released security updates for Firefox bringing it to version 43.0.2 and Firefox ESR (Extended Support Release) 38.5.2.

At that time the release notes for these updates didn’t reference any further security issues resolved since the previous updates (described in a previous post of mine). The above mentioned Firefox version numbers were not present in late December. I was aware of these updates but since they didn’t contain further security related changes I didn’t create a post about them. In future I will need to re-check those pages again in the days following such updates in order to avoid such a delay in posting.

Since that time the security advisory pages for Firefox and Firefox ESR (linked to below) now include details of a moderate severity security issue (assigned 1 CVE number (defined)) resolved by these updates. The issue relates to the Network Security Services (NSS) component of Firefox still accepting TLS 1.2 ServerKeyExchange messages with MD5 digital signatures. As discussed here and here, the use of MD5 is discouraged and Mozilla has rectified this issue using these updates.

Full details of the security issues resolved by these updates are available in the following links:

Firefox 43.0.2
Firefox ESR 38.5.2

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve this security issue.

Note: The most recent version of Firefox 43 at the time of writing is 43.0.4. It has since been updated following the release of 43.0.2. Please ensure you are using the most up to date version available. 43.0.4 re-enables SHA-1 certificates for “man-in-the-middle” (defined) devices. More details are provided here.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s