Details about quite a few Thunderbird vulnerabilities in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems were revealed today by Canonical.
Two years after giving it up to be a community project, Mozilla is now shutting its Persona Web authentication operations down entirely, due to low adoption.
When the Mozilla Identity team transitioned Persona to community
ownership, we committed resources to operational and security support
throughout 2014 , and renewed that commitment for 2015 . Due to
low, declining usage, we are reallocating the project’s dedicated,
ongoing resources and will shut down the persona.org services that we run.
Persona.org and related domains will be taken offline on November 30th,
Today, January 7, 2016, Mozilla has announced the immediate availability for download of the Mozilla Thunderbird 38.5.0 email, news and chat client for all supported platforms, including Microsoft Windows, Mac OS X, and GNU/Linux.
SHA-1 does still matter as Mozilla backtracks on support. However, don't expect the company to support SHA-1 for the long term.
According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm. For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren’t that many new SHA-1 certs being used. However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites. When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server.
The impact of Mozilla's decision to depreciate SHA-1 at the start of 2016 with the release of Firefox 43 turned out to be larger than it anticipated. As a result, Mozilla hastily released an update on Wednesday that re-enabled support for SHA-1 certificates as it seeks to better evaluate how many users might be affected.
Firefox 43 was supposed to ratchet up security for its users as part of Mozilla's roadmap by dropping support only for new SHA-1 certificates, while continuing to support older SHA-1. The rationale behind this move was to present a clear disincentive for certificate providers to move away from SHA-1 without penalizing – as yet – existing SHA-1 certificates that are already in use.
Mozilla has warned Firefox users that its decision to reject SHA-1 certificates has caused an unfortunate side effect: some man-in-the-middle devices, such as security scanners and antivirus products, are failing to connect to HTTPS sites.
The browser maker advised any netizens affected by the interference to install the latest version of Firefox, which reinstates support for SHA-1.
Mozilla has released a new version of Firefox, 43.0.4, which is just a maintenance release that happens to have an important fix for the Linux platform.
According to an internal analysis, Mozilla staff estimates, based on anonymous telemetry data, that around 40% of its userbase does not have add-ons installed on their browser.