Mozilla Says Goodbye to Firefox Hello in Firefox 49
Firefox 49 fixes 18 flaws, including one already fixed in the Tor Browser. Mozilla formally removed support for Firefox Hello as part of the Firefox 49 release.In October 2014, as part of the Firefox 34 beta release, Mozilla introduced its Firefox Hello communications technology enabling users to make calls directly from the browser. On Sept. 20, 2016, Mozilla formally removed support for Firefox Hello as part of the new Firefox 49 release. The Mozilla Bugzilla entry for the removal of Firefox Hello provides little insight as to why the communications feature is being pulled from the open-source browser. As it turns out, the Firefox Hello removal is related to shifting priorities at Mozilla. "Our original vision in 2014 was for Firefox Hello to be a tool for sharing and collaboration on the Web," a Mozilla spokesperson told eWEEK. "Since then, our engineering priorities have shifted, and as a result, we've refocused resources to higher-priority initiatives." Beyond the removal of Firefox Hello, the new Firefox 49 release is noteworthy in that it patches 18 vulnerabilities, four of which are rated by Mozilla as critical. The four vulnerabilities rated critical include CVE-2016-5275, a global buffer overflow; CVE-2016-5278, a heap buffer overflow; and pair of memory safety vulnerabilities identified as CVE-2016-5256 and CVE-2016-5257.
While not rated critical by Mozilla, CVE-2016-5284 is noteworthy for several reasons. CVE-2016-5284 is an HTTPS certificate pinning vulnerability that was first publicly reported on Sept. 13 as a flaw in the Tor Browser. The Tor Browser, which is based on Firefox, provides its users with an integrated capability to send traffic through the Tor network for anonymizing traffic.