CVE-2018-12376, Firefox, Information Security, Microsoft, Mozilla, Organisations, Top News, Windows, Windows XP

Firefox finally casts Windows XP users adrift

If you’re one of the millions of holdouts still unwisely clinging to Windows XP, Mozilla’s Firefox browser just waved you goodbye.

It’s a connection to XP that started with Firefox’s public launch in 2004, and ended with version 52 in March 2017, after which support for the obsolete OS continued under the Extended Support Release Channel (ESR) which staggered on until version 59.1.0.

Mozilla has used this week’s launch of Firefox 62 as the moment to cast XP adrift for good, justified because the company believes the OS makes up only 2% of Firefox’s user base, down from 8% in 2017.

Firefox has lasted longer than Chrome, which ended its support with version 50 in 2016, and Microsoft itself which stopped supporting XP’s native browser, Internet Explorer 8, two years earlier (although security updates were said to be possible via server versions).

Mozilla is pleased that it soldiered on alone:

That’s millions of users we kept safe on the internet despite running a nearly-17-year-old operating system whose last patch was over 4 years ago. And now we’re wishing these users the very best of luck.… and that they please oh please upgrade so we can go on protecting them into the future.

In short, there will be no more updates, including most importantly of all, no more security updates, leaving XP users with only one place to go – Opera – which ceased development with version 36 in 2016 but said it would continue to provide security fixes.

(Anyone running Windows Vista should assume that the same browser support timelines outlined above apply to them too.)

Version 62 fixes

The new version fixes nine CVEs, including one rated ‘critical’, three rated ‘high’, and two rated ‘moderate’.

So far, little detail is available on these, but the important one – identified as CVE-2018-12376 – patches a memory corruption flaw which “with enough effort… could be exploited to run arbitrary code.”

More interesting for security will be the next release due later this month, version 63, which will turn tracking protection on by default.  Version 65 coming in January 2019 will add the same default setting to the blocking of cross-site trackers which are used to ‘follow’ users from site-to-site to build up a broader picture of their habits.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend