Settings > Advanced > Update > 'Never check for updates (not recommended: security risk)'.
Enjoy being pwned.
Alternatively use Classic Theme Restorer and allow updates.
Mozilla Firefox needs patching urgently following the discovery that the open source browser is vulnerable to SSL man-in-the-middle attacks. The critical bug arises because the Network Security Services (NSS) libraries parser built into the browser is capable of being tricked into accepting forged RSA certificate signatures. …
This post has been deleted by its author
Settings > Advanced > Update > 'Never check for updates (not recommended: security risk)'.
That prevents it from auto-updating, but there is no setting to prevent the nag popup sceens.
I have an old laptop with Firefox 3.2.28, Outpost firewall, and an antivirus. Last year I ran a contest, if you can infect my machine through that version of Firefox I give you $100, if you can't, you give me $50. I admitted my firewall is Outpost, but my antivirus is undisclosed. There were no takers despite the outcry from Firefox fanbois gleefully insisting my laptop was going to hell.
My main daily laptop has Firefox 27 and has never had a single problem.
Lightning 3.3 still worked with Thunderbird 31.1.2 but I've now updated to Lightning 3.3.1. The real thing that killed my calendar was when I updated my server to Ubuntu 14.04. The extra stuff I had in apache's sites-available directory, including davical, stopped working because the scripts now all needed the suffix '.conf'. I wonder if it was just someone with a mania for tidying up, or whether it was necessary to make new functionality work.
Wikipedia has a list, which I'm sure is not comprehensive.
This is a pretty bad vulnerability. It's due - once again - to poor ASN.1 handling. ASN.1 is a blight upon computing. Though in this case it looks like the problem could have been avoided by refusing to handle BER and insisting on DER, which makes ASN.1 a little better. (Is there ever a good reason to use BER? I can't think of one.)
One thing that's not clear in the descriptions I've read of the bug is whether it only applies to some RSA keys. It's a variation of the Bleichenbacher attack, which appends attacker-chosen data to the signed hash so it matches a bogus key supplied by the attacker. Bleichenbacher's attack only works on RSA keys that use 3 for the exponent. It'd be interesting to know if this new bug ("BERserk") also only applies to RSA keys with exponent 3, since that at least reduces the scope of the vulnerability.
And, of course, it doesn't affect certificates signed using other algorithms (DSS, ECDH, ECDSA).
Honestly, I'd love to update FireFox, but since version 23, it's been nothing but a crash buggy. The latest version would not even stay running past launch. Click first bookmark... crash.
Yes, I did all the troubleshooting and recommended fixes... under a full moon while chanting special incantations and hopping about on one foot. I also not the only one.
So now I'm using Chrome. Which, low and behold, is far faster that FireFox and apparently more secure. Almost TOO secure.
On my. I had no idea there were FireFox fanbois just like Apple fanbois.
Let me say this again. FireFox is now bug riddled boat anchor and until someone can explain why, I will keep that recommendation. I wish it wasn't, but that doesn't change anything. It was my favorite browser for years.
.deb
packages