Mozilla Firefox, Firefox Browser, or simply Firefox, is a free and opensource (src: Wikipedia) web browser developed by the Mozilla Foundation and its subsidiary, Mozilla Corporation.

even when mozilla is (financially) having a tough time, security should be everyone’s top priority.

security wise things spin faster and faster and especially flaws in a lot of used software such as browsers is especially problematic, hence it is important to provide timely updates.

Currently firefox-esr is not receiving the latest updates, so they can also not be availble through the default Debian 9 Strech apt respositories (Debian is not to blame).

Firefox-ESR less safe than latest version?

“Firefox ESR is not ideal for most personal users. … Patches that are classified as moderate or low are not added to the Firefox ESR because you are not receiving all updates when using theFirefox ESR, it may be less secure than the release version.”

https://support.mozilla.org/en-US/questions/1117407

“Over time the ESR will be less secure than the regular release of Firefox, as new functionality will not be added at the same pace as Firefox, and only high-risk/impact security patches will be backported. It is important that organizations deploying this software understand and accept this.”

https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks

and it seems the security problems announced here, where fixed in firefox 70 and esr 68.2

https://www.heise.de/security/meldung/Sicherheitsupdate-Praepariertes-Video-koennte-Firefox-zum-Absturz-bringen-4567059.html

So firefox-esr is meant for companies/schools etc. that rely on a tested (not often changing) version of firefox, to be used with their custom build applications to reduce the testing hazzle (with every new version all functionality of a web based software ought to be tested).

how to manually install firefox 71:

currently latest version

1) BACKUP YOUR BOOKMARKS (has export functionality build in) WRITE DOWN SAVED PASSWORDS!
(they will get lost during the update process, because Mozilla changed the profile layout from version 68.2 to 71)

also cool ad blocking addons such as ublock, will have to be reinstalled afterwards.

2) download latest version for your system and language: https://www.mozilla.org/de/firefox/new/

as of the time of this article, the latest version is: https://download-installer.cdn.mozilla.net/pub/firefox/releases/71.0/linux-x86_64/de/firefox-71.0.tar.bz2

or if one wants the very very latest beta: https://www.mozilla.org/en-US/firefox/all/#product-desktop-beta

safe it to one’s software repo for example /software/firefox/

3) hit the command line and become root:

# tested with
hostnamectl 
         Icon name: computer-desktop
           Chassis: desktop
  Operating System: Debian GNU/Linux 9 (stretch)
            Kernel: Linux 4.9.0-11-amd64
      Architecture: x86-64

apt-mark hold firefox-esr; # disable apt updates for firefox

which firefox; # where is the binary
/usr/bin/firefox
# is just a script that points to
/usr/bin/firefox-esr
# and this is again just a link to:
/usr/lib/firefox-esr/firefox-esr

# backup currention installation
tar fcvz /software/firefox/firefox-esr.backup.tar.gz /usr/lib/firefox-esr/
rm -rf /usr/lib/firefox-esr/; # remove current installation
cp /software/firefox/firefox-71.0.tar.bz2 /usr/lib/

cd /usr/lib/;

tar fxv firefox-71.0.tar.bz2; # unpack
# this will create a new folder called "firefox"
# link to the folder
ln -sv firefox firefox-esr

# need to create one more softlink
cd firefox-esr;

ln -sv firefox-bin firefox-esr

# change permissions so updates of firefox via firefox
# can be installed as non-root user
chown -R user:user /usr/lib/firefox*

# done!
# become non-root (Ctrl+D)
# one now should be able to start firefox by typing
firefox 

congrats!

one should now have the latest verions installed and integrated into Debian.

further updates can be downloaded and installed as non-root via: Help -> About firefox

how should it be:

there should be firefox and firefox-esr (extended support release) versions in in all default apt repositories, so people can apt install firefox or apt install firefox-esr and stay up to date with apt.

evil scripts:

While it is conveniant to outsource web gui changes to the client, JavaScript ought to be disabled in Adobe Reader, nobody is using it there (again: ADOBE WHAT WERE YOU THINKING?)

Disabling JavaScript completely in browsers, breaks functionality and sometimes even content (not this site)!

Google used to ignore JS loaded/included content.

https://developers.google.com/search/docs/guides/javascript-seo-basics

Maybe there should be a badge “this site is secure and works without JavaScript”.

where are the packages?

# show repository that package firefox-esr was installed from
apt-cache policy firefox-esr
firefox-esr:
  Installiert:           68.2.0esr-1~deb9u2
  Installationskandidat: 68.2.0esr-1~deb9u2
  Versionstabelle:
 *** 68.2.0esr-1~deb9u2 500
        500 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     60.7.1esr-1~deb9u1 500
        500 http://ftp.halifax.rwth-aachen.de/debian stretch/main amd64 Packages
     60.6.3esr-1~deb9u1 500
        500 http://ftp.halifax.rwth-aachen.de/debian stretch-updates/main amd64 Packages

Links:

the people behind Mozilla Firefox: https://www.mozilla.org/en-US/about/leadership/

https://www.techspot.com/news/81672-mozilla-ceo-chris-beard-step-down-end-year.html

tweets:

admin