Firefox 53.0 release: find out what is new

Archive
1

Firefox 53.0 release: To find out what is new for more info go here   https://www.ghacks.net/2017/04/19/firefox-53-0-release-find-out-what-is-new/

2

[..] Chrome, starting version 58, protects against homograph attacks. Firefox, however, believes that it is the domain registrar’s responsibility to check for this potential scams. It does, however, have a hidden setting to show punycode by default. Opera, Internet Explorer, and Microsoft Edge are so far silent on the matter.

https://www.slashgear.com/punycode-phishing-attacks-exploit-unicodes-strength-21482956/ 

3
lmacri: I already followed the advice in the thread Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites and manually changed the value for parameter "network.IDN_show_punycode" from False to True before the release of FF 53 / FF ESR 52.1 so I'm not certain if the default value for this parameter was changed to True in the latest release.

punycode is bold w Fx53 (not default)

4

Thanks, lmacri.

5
Inquirer:

So does anyone know whether this release fixes this?

Hi Inquirer:

I can't see anything in security advisory MFSA 2017-10 to indicate it's been fixed and there don't seem to be any open Firefox bug reports related to "punycode" ,"homograph" or "CVE-2017-5060" on Bugzilla@Mozilla other than the 6-month-old NEW / UNASSIGNED Bug 1310906:Homograph Attack in Home Page Settings. I already followed the advice in the thread Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites and manually changed the value for parameter "network.IDN_show_punycode" from False to True before the release of FF 53 / FF ESR 52.1 so I'm not certain if the default value for this parameter was changed to True in the latest release.

According to the 19-Apr-2017 release notes for Chrome 58.0.3029.81 this punycode / homographic attack issue (Bug 683314 / CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng) was fixed in the latest release of Chrome.

-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.1 * NIS v22.9.1.12 * MBAM Premium v2.2.1

6

So does anyone know whether this release fixes this?

7

For release notes go here  https://www.mozilla.org/en-US/firefox/53.0/releasenotes/

8

53.0 available thru Internal and https://www.mozilla.org/en-US/firefox/all/ for me.  YMMV

9

Not available through Firefox update and download site still at 52.0.2.

Jim no

10

Glad I went to look. If you think, oh just another one, think again perhaps:

Executive Summary

  • Windows XP, Windows Vista, 32-bit Mac OS X, and Linux support for processors older than Pentium 4 or AMD Opteron, are no longer supported.
  • Windows XP and Vista users on Firefox 52.x will receive security updates for another year, but no feature updates anymore.

 I'm glad I'm using nothing older than W7