PDA

View Full Version : Dep't. of Homeland Security says: don't use Internet Explorer



vwestlife
April 28th, 2014, 09:11 AM
IE versions 6 to 11 are affected...

https://www.yahoo.com/tech/new-security-flaw-affects-all-versions-of-internet-84085229159.html

Ironically, I'm posting this from IE 8 running on XP. :)

KC9UDX
April 28th, 2014, 09:20 AM
I'm so glad I pay taxes so the government can recommend I don't do what I don't do anyway...

Stone
April 28th, 2014, 09:31 AM
Duh, what else is new?

Since when do *we* get our technical direction from some governmental agency? I tend to rely more on tech savvy individuals and firms, e.g., Edward Snowden. BTW, Vladimir Pukin says don't use any computer at all -- for anything! :-) :-) :-)

Chuck(G)
April 28th, 2014, 09:36 AM
Note that this doesn't affect XP per se, just that gaping oozing festering security hole called IE--it's always been that.

Agent Orange
April 28th, 2014, 11:25 AM
More flotsam and jetsam from Microsoft. Well orchestrated to coincide with push to bury Xp. Who really needs IE anyway?

g4ugm
April 28th, 2014, 12:52 PM
If its so important why isn't it on the DHS web site:-

http://www.dhs.gov/

I sense a scam of some sort... The current Vulnerability Summary for the Week of April 21, 2014:-

http://www.us-cert.gov/ncas/bulletins/SB14-118

does not mention IE 11. It does list several minors for Apple products though. Any one give me a pointer to the article on the DHS site?

I can't find anything on the CERT site either.

http://www.cert.org/

It all seems to be about Heartbleed....
.. ah now I have found here:-

http://www.kb.cert.org/vuls/id/222929

I can't say where that says not to use IE.....

Chuck(G)
April 28th, 2014, 01:27 PM
If its so important why isn't it on the DHS web site:-

Dunno, but it is on the US-CERT list and IE 6-11 are mentioned:

VU#222929 (http://www.kb.cert.org/vuls/id/222929)

So maybe not a scam.

krebizfan
April 28th, 2014, 01:58 PM
Or the MS write up on the issue: http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx

If I followed the listing right, turning Flash off will prevent any exploitation of the hole. There have been some articles showing how other OSes and web browsers might also be victimized by this problem in Flash but no known exploit applies to anything other than IE yet.

Caluser2000
April 29th, 2014, 09:57 AM
Isn't this ancient news? i mean it seems to pop up every 12 months or so. and just a newer version of IE is added to the list.

barythrin
April 29th, 2014, 03:34 PM
Yeah this is circulating around here also. The "recommended" solution (currently no Microsoft patch is out) is setting your IE security settings to high although that's likely going to inconvenience general end users quite a bit.

barythrin
May 1st, 2014, 02:41 PM
Microsoft releases MS14-021 today. (https://technet.microsoft.com/library/security/ms14-021) You'll enjoy the irony but since such a large range of IE versions and Windows versions are vulnerable to this attack yes they have a patch for XP ;-)

Oh I should include also some bug/issue for Windows 7 users. You want to have KB 2929437 (https://support.microsoft.com/kb/2964358) installed before applying this fix otherwise IE may crash.

rmay635703
May 1st, 2014, 04:01 PM
IE versions 6 to 11 are affected...



So when I post using IE 5, I definately am secure? :)

Good thing I only use versions prior to 5.5 eh?

vwestlife
May 1st, 2014, 05:13 PM
Microsoft releases MS14-021 today. (https://technet.microsoft.com/library/security/ms14-021) You'll enjoy the irony but since such a large range of IE versions and Windows versions are vulnerable to this attack yes they have a patch for XP ;-)

Yes, I was surprised to see the new update for XP today:

http://i57.tinypic.com/260qx3r.png

deathshadow
May 1st, 2014, 05:40 PM
I'm going to say what I've been saying since sometime around 2004...

Using IE as your browser is the equivalent of stripping naked, painting a bullseye on yourself in glow-in-the-dark paint, and running into the jungles of Vietnam in the late '60's screaming "shoot me, shoot me!" so far as security is concerned. They do not have a history of security that could possibly result in anything resembling trust, and older versions have unpatched gaping security holes big enough to sail the USS IOWA through.

ANYONE DUMB ENOUGH to use it for anything more than testing compatibility of YOUR OWN CODE... well, deserves what they get; as it WILL bite you in the ass sooner or later.

That said, it's not like Safari is any better -- after all, what's first to fall at every Pwn2Own competition of the past DECADE?

... and that said, at least nobody here (that I noticed reading the thread) said "wait, people still use IE" or "who cares, hasn't it lost 60% market share" or any such nonsense like you'll find on pretty much EVERY web development forum right now; Love that one which crops up every time a topic like this comes along; web developers try to use it as an excuse for not supporting certain browsers when the conclusion of "market share" is usually one big fat card-stacking lie.

See... sure, IE has dropped from 95% of the market in early 2004 to anywhere from 25% to 50% of the market depending on who's numbers you use right now -- but the number of people online has grown from 750 million to 2.9 billion users in the same time period. Now I'm no mathematical genius, but last time I checked 95% of 750 million is 712 million. 25% of 2.9 billion is 725 million... Guess what, while allegedly "losing" 70% of the market they gained 13 million users -- meaning they haven't lost jack ****.

Sad as it is, there are more people using IE today than there were back when IE 6 was "the only browser that mattered"!

One of those cautionary tales of "don't let people use percentages to lie to you" as a percentage, particularly when used for "share" means absolutely nothing without asking "Yeah, but a percentage of what?"

Still, anyone still using IE probably doesn't know enough about computers to be making choices on what software to use -- but NEWS FLASH, that probably describes 90% of users in first-world nations. Even sadder, many users in third world nations know more about it as they have to so they can even get online in the first place.

barythrin
May 2nd, 2014, 09:22 AM
I found this chart to be interesting when looking for a way to undo the new stupid UI interface of the latest Firefox. The suggestions are that Firefox is trying to look more like Chrome.
http://www.extremetech.com/wp-content/uploads/2013/11/statcounter-browser-market-share-640x371.png (http://www.extremetech.com/computing/171244-firefox-debuts-new-ui-that-looks-like-chrome-but-does-that-mean-it-can-compete-with-chrome)

Probably depends who you ask though. Here's another chart for browser usage per December 2013:
http://cdn1.tnwcdn.com/wp-content/blogs.dir/1/files/2014/01/ie_december_2013.png (http://thenextweb.com/insider/2014/01/02/ie11-triples-market-share-10-42-firefox-slips-bit-chrome-gains-back-share/)

Caluser2000
May 2nd, 2014, 12:11 PM
Firefox 29 is an unresponsive pile of crap on this box. IE 8 on the other hand is very spritely. Off back to the Opera camp I think.

Caluser2000
May 2nd, 2014, 12:23 PM
That's better. The Fisher Price look will have to do.

The IE 8 update was installed as soon as it was fired up.

This is another inherited XP box. Firefox gone and previous to that biffed Norton 360. What a difference it's made.

barythrin
May 2nd, 2014, 12:37 PM
Yeah just to save some folks the time I had to install a 3rd party extension https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/ to get back to the one version prior look. I think it's stupid that Mozilla doesn't have that as an option or theme. I don't really like downloading stuff from folks I don't know but several sites reference this person as a good v28 theme restoring tool.

SpidersWeb
May 2nd, 2014, 03:16 PM
I just wanted to throw in two things about IE.

a) it is devil spawn
b) it's popularity not only comes from it being the default. A lot of corporations use it because it ties in nicely with MS security policies etc. Admins can easily choose what features of IE that are enabled and roll them out over large networks / departments. So many users have no choice (at work).

As for UI changes, I've been getting very frustrated lately. Not because there are changes, but because I can't understand how they're "better", often it seems less functional / harder to use after the change.

commodorejohn
May 2nd, 2014, 03:20 PM
As for UI changes, I've been getting very frustrated lately. Not because there are changes, but because I can't understand how they're "better", often it seems less functional / harder to use after the change.
It's the Cult of Progress, the people that believe that All Change Is Good and Change Must Not Be Questioned. They've just about completely taken over software development in the last ten or fifteen years.

SpidersWeb
May 2nd, 2014, 03:21 PM
Firefox 29 is an unresponsive pile of crap on this box. IE 8 on the other hand is very spritely. Off back to the Opera camp I think.

Yeah in that era I liked IE8 for it's 'spiritely' feel compared to other browsers. The only time it becomes a killer is if there is heavy JavaScript, then it falls on it's ass. Haven't tried Opera.

vwestlife
May 2nd, 2014, 03:23 PM
Firefox 29 is an unresponsive pile of crap on this box. IE 8 on the other hand is very spritely. Off back to the Opera camp I think.

I assume you mean Opera 12.x or earlier, because Opera 15+ is just another Chrome clone.

At least in Mac OS, Apple still requires applications to have the traditional "File / Edit / etc." menu bar at the top of the screen. I thought the menu bar was part of Microsoft's "Common User Access" standards as well, but I guess either it was never really enforced, or they decided to give up on it and let every application design whatever kind of user interface they want -- which is contrary to one of the main reasons why GUIs caught on in the first place: a consistent layout of menus and buttons across all applications, so you only need to learn the basic controls once, instead of learning different commands for each program!

Anyway... you can also try Pale Moon, a Firefox variant which lists as one of its main features "Familiar, efficient user interface design (no Australis!)":

http://www.palemoon.org/

SpidersWeb
May 2nd, 2014, 03:25 PM
It's the Cult of Progress, the people that believe that All Change Is Good and Change Must Not Be Questioned.

That's exactly it.

Change is good but only if it's for the better. One thing seems to be hiding menus, and sticking them under a button that isn't labelled, how the heck does that help - saves me 30 pixels out of 1080??

Caluser2000
May 2nd, 2014, 03:26 PM
I
b) it's popularity not only comes from it being the default. A lot of corporations use it because it ties in nicely with MS security policies etc. Admins can easily choose what features of IE that are enabled and roll them out over large networks / departments. So many users have no choice (at work). That seems to be something some folk completely for about when ranting about IE, calling users stupid or some such ;)

vwestlife
May 2nd, 2014, 03:30 PM
Change is good but only if it's for the better. One thing seems to be hiding menus, and sticking them under a button that isn't labelled, how the heck does that help - saves me 30 pixels out of 1080??

Blame it on widescreen monitors. Last time I checked, the web still scrolls vertically, but on a 16:9 monitor you lose 25% of vertical height compared to a 4:3 monitor, so web browsers are trying to make up for that lost space -- especially now that they've increased the size of the buttons and added extra blank space around them to make them more "touch friendly", wasting even more space.

Caluser2000
May 2nd, 2014, 03:32 PM
I assume you mean Opera 12.x or earlier, because Opera 15+ is just another Chrome clone.

At least in Mac OS, Apple still requires applications to have the traditional "File / Edit / etc." menu bar at the top of the screen. I thought the menu bar was part of Microsoft's "Common User Access" standards as well, but I guess either it was never really enforced, or they decided to give up on it and let every application design whatever kind of user interface they want -- which is contrary to one of the main reasons why GUIs caught on in the first place: a consistent layout of menus and buttons across all applications, so you only need to learn the basic controls once, instead of learning different commands for each program!

Anyway... you can also try Pale Moon, a Firefox variant which lists as one of its main features "Familiar, efficient user interface design (no Australis!)":

http://www.palemoon.org/Cheers for that. I'll give it a shot.
Just installed it. Loading time is quite slow. Browsing is ok though. Certainly better than FF. Like the fact they've chosen Duckduckgo as the default search engine.

Not particually bothered with what back end it's got as long as the browser runs smooth and fast, which is what the current Opera versions are.

k2x4b524[
May 2nd, 2014, 09:49 PM
I roll a combination of IE 11 and Chrome on my desktop, and IE 11 on my laptop. Here is what i don't get, They make such a big deal about all the security holes and such, but yet, anyone that has good antimalware / antivirus / firewall, and whom maintains their system, updates everything when required, and generally pays attention to their system, doesn't have these problems. I tell my customers that you can't really beat a good antimalware/virus program and a decent firewall, in combination with a router that is secured, at least for the homefront. Knowledge is power, and the right knowledge can mean better security.

i'm prolly tooting my horn here, but a little brain power and forethrough can rid you of a lot of hassle before it even bites you.

Krille
May 3rd, 2014, 07:06 AM
@k2x4b524[: I pretty much agree with everything you said but I'd just like to point out that there is no such thing as "good antimalware".

Yes, I know this is going to sound very controversial but I consider all kinds of antimalware to be a complete waste of time and resources. In fact I'll even go as far as saying it's one of the biggest scams in the history of computing. All they do is give you a false sense of security while actually creating more problems than they solve. Note that I define "antimalware" as any software that does some kind of pattern matching in an attempt to identify malware (ie antivirus software). Just saying this to make it perfectly clear what I'm talking about. I don't include firewall software in this definition (firewalls are a good thing and should be used in the router as well as on each individual machine) unless they too do pattern matching, which incidentally some routers actually do and like all AV solutions fail so hard it's not even funny (http://www.google.com/search?q=%22DCC+SEND+Startkeylogger%22).

To keep a system reasonably* secure you need only do a few things (listed in order of importance);

Keep the software you use updated.
Not because the newer versions are inherently more secure (because they aren't) but because the new security holes aren't widely known yet.**

Disable or uninstall software/services you don't need.
Do you really need support for Javascript in your PDF-reader software? The answer is you don't. At all. Never ever.

Some people perceive Java as a must-have. I don't know if this has ever been true but it's definitely not true now. Uninstall it unless you know you need it. At the very least disable it in your browser (you might be surprised to see how few sites actually need Java). In any case, no site is worth the risk of having that steaming pile of shit enabled in your browser. Yes, I'm using strong words but it's definitely called for, trust me.

Use common sense.
Which surprisingly isn't so common in my experience. This means among many other things that you should take care to download software only from official sites. It also means realizing that very few things on the Internet is actually for free and understanding that you're almost always paying for stuff one way or the other.

Use a firewall.
As stated earlier. Preferably a hardware solution (like a router).

Use services like www.virustotal.com
For any file that seem suspicious. The only good use of AV software in my opinion. Another approach is to run suspicious files in a virtual machine where you can roll back the system after testing.

Know your system.
And know it well.*** This will allow you to easily clean your system manually when you eventually get infected (and you will get infected sooner or later). If you think cleaning your system manually sounds like a chore then understand that you will spend more time on your beloved AV program (and its related problems) then you ever will on cleaning your system manually. You will also do a far better job than some half-assed automated removal done by an AV solution. In fact, if you don't use an AV program you will most likely be able to remove every trace of infection whereas it is often impossible to remove everything when an AV program has done its thing.

My 2c on security based on my experiences. Most of what I've said should be obvious for people on here.

* Perfect security is simply not possible.

** A service I'd like to see and pay for would be a client that would identify all executable binaries on my systems and check them against a database on the Internet for known vulnerabilities. Maybe something like this already exists?

*** This is for expert users obviously and I don't actually expect everyone to be able to clean their systems manually.

Stone
May 3rd, 2014, 08:52 AM
Krille, I agree with everything you said. I couldn't have said it better myself! In fact, I couldn't even have said it half as well as you just did. :-) :-) Great dissertation.

Krille
May 3rd, 2014, 09:28 AM
Thanks Stone! :)

Chuck(G)
May 3rd, 2014, 09:50 AM
@Krille, excellent points.

In fact, one of the things that almost all malware/anti-virus vendors fail to mention is that all antivirus/malware software is reactionary--that is, someone has to be infected and report the infection before the database is updated. The implication of all of this is that 0-day exploits are almost always successful. Then you're at the mercy of the people who can figure out how to remove the infection. Good luck with Cryptolocker-like attacks.

That's cold comfort. I'll add the following:

I've never run into a tape with the write-enable ring pulled that has been subsequently infected by malware. The same goes for floppies with write disabled and for removable cartridges. In our conceit, we believe that a software lock can be absolutely secure, which is absolute folly. Keep a copy of important data offline on read-only media and infections won't bother you. Sandbox your web browsing and you'll also be a lot safer, even if it's not foolproof.

natcha
May 3rd, 2014, 10:05 AM
Some very good pointers have been given.

"Sandbox your web browsing"

I will add to that - sandbox your program testing. I run a separate computer that is used just for testing programs, before I decide to permanently install them on my production machine. I help maintain a neighbors computer system. She runs a small business that does a lot of work for the government. But she likes to play computer games. So I set up two computers, one for production and one for games. The two are not connected together other than the KVM switch. Her production machine has two monitors and the KVM switch will toggle one monitor to the game machine when she wishes to take a break and play a game. Just having this second computer has cleaned up the problems that I was having with her production computer. Every now and then, if the game machine gets infected, we just blow away the OS and reinstall from a good image. It's not foolproof - but then very little is with computers.

Bill
Smithville, NJ

k2x4b524[
May 3rd, 2014, 09:10 PM
I've dealt with cryptolocker once, and will NEVER touch it again. I was able to remove it but i use "remove it" loosely because i had to do 5 refreshes 8 system restores, and ultimately had to use the recovery partition on the laptop to get it back.


@Krille, excellent points.

In fact, one of the things that almost all malware/anti-virus vendors fail to mention is that all antivirus/malware software is reactionary--that is, someone has to be infected and report the infection before the database is updated. The implication of all of this is that 0-day exploits are almost always successful. Then you're at the mercy of the people who can figure out how to remove the infection. Good luck with Cryptolocker-like attacks.


That's cold comfort. I'll add the following:

I've never run into a tape with the write-enable ring pulled that has been subsequently infected by malware. The same goes for floppies with write disabled and for removable cartridges. In our conceit, we believe that a software lock can be absolutely secure, which is absolute folly. Keep a copy of important data offline on read-only media and infections won't bother you. Sandbox your web browsing and you'll also be a lot safer, even if it's not foolproof.

deathshadow
May 4th, 2014, 09:49 AM
I've never run into a tape with the write-enable ring pulled that has been subsequently infected by malware. The same goes for floppies with write disabled and for removable cartridges.
Hardware lockout FTMFW. Hell, isn't that on big iron why WORM was so popular for a few decades?

Most of us here learned security in a different age -- there's so much 'security' right now that operates on the delusion that a software only solution can be secure. Just look at DRM.

Billions if not trillions of dollars have been sunk into DRM -- but really how often has it WORKED? Just look at games -- how many games have had successful DRM that wasn't slapped aside in a few days after the commercial release (if not sooner)? MOST DRM on games (GTA IV comes to mind) does more to inconvenience or block legitimate owners than it does to prevent pirates; My own system I often have to use the DRM cracks to play GAMES I LEGALLY OWN, it's that big a mess.

Hell, look at Microsoft's WGA -- given the amount of money they've dumped into trying to prevent illegal copies of windows running, programs that came out BEFORE THE COMMERCIAL RELEASE of Vista/7/8 like 7Loader has to have the nitwits at Microsoft who dumped massive amounts of money and time into trying to protect it crying in their beers. That said software pretends to be a supposed hardware solution to the problem is the even bigger laugh; because you couldn't possibly fake the existence of a string in the BIOS using a bootloader on 386/newer hardware...

Software is not secure, because users have access to software; same goes for any time the user gets data. Dealing with web development I encounter this all the time -- people saying "How do I stop people from copying my content" -- and the only answer that works is "don't put it online."; anyone telling you otherwise is packing you so full of sand you could change your name to Sahara, and is so full of manure Biff Tannen crashed his car into the back of it.

But that's the old mantra I learned about security several decades ago -- the only secure system is one with zero access. The moment users have access to it, it's no longer secure.

Agent Orange
May 4th, 2014, 11:14 AM
Billions if not trillions of dollars have been sunk into DRM -- but really how often has it WORKED? Just look at games -- how many games have had successful DRM that wasn't slapped aside in a few days after the commercial release (if not sooner)? MOST DRM on games (GTA IV comes to mind) does more to inconvenience or block legitimate owners than it does to prevent pirates; My own system I often have to use the DRM cracks to play GAMES I LEGALLY OWN, it's that big a mess.


I have to agree with DS. As much as I enjoy high-end gaming the party may be over for me. I refuse to buy any more games that require me to purchase and/or run them through 'Steam', or stay on-line as a basic requirement just to play. Sooner or later things will turn around when folks get tired of shelling out for X-Box and such.

SpidersWeb
May 4th, 2014, 05:18 PM
Steam doesn't bother me, because it has offline mode and it's reliable.
Origin makes me want to punch things.

Agent Orange
May 4th, 2014, 05:51 PM
Steam doesn't bother me, because it has offline mode and it's reliable.
Origin makes me want to punch things.i

If you like it you like I guess. When I plunk down 50 bucks for a game I want to know that I own it and not feel like I'm renting it.

vwestlife
May 4th, 2014, 07:22 PM
Firefox 29 is an unresponsive pile of crap on this box. IE 8 on the other hand is very spritely. Off back to the Opera camp I think.

I finally gave in and tried Firefox 29 -- the Google Chrome-lookalike "Australis" version. Once you re-enable the title bar and menu bar (which at least it still lets you do, unlike the Chrome-based versions of Opera), it's not that bad, although the Chrome-like rounded tabs waste space, and it breaks compatibility with a lot of add-ons. Some Firefox add-on developers have released or will be releasing new Australis-compatible versions, but many have not, and some have stated that they have decided to pull the plug and end development rather than totally re-write their add-on to make it compatible with the new version.

Mozilla is heavily promoting the Classic Theme Restorer add-on to anyone who is unhappy with the new version, and it gives you back nearly all of the options and layout features that the new version takes away, but some of the more advanced options have disappeared even if you do have the Classic Theme add-on installed, and Mozilla flatly says that those features aren't coming back. I looked through some of the threads on the Mozilla forum, and if you complain loudly enough about the new version, eventually the mods there will give up and tell you to switch to the Firefox 24.x ESR (Extended Support Release), which is scheduled to receive security updates until at least October of this year, when the ESR version will get Australisized as well.

Caluser2000
May 5th, 2014, 02:04 AM
My system was freezing when using it so it's not going to get installed again. Seems a few users have experienced this as well. If that's the future of FF then bye bye.

vwestlife
May 9th, 2014, 11:25 AM
I just installed Pale Moon, and it is significantly faster than Firefox. It actually makes JavaScript-and-Flash-ridden web sites usable on a Pentium 4! But it requires SSE2, so it won't run on anything older than a Pentium 4 or Athlon 64.

njroadfan
May 12th, 2014, 03:42 AM
If Firefox doesn't require SSE2, than Pale Moon shouldn't. Something tells me whoever built the binary wasn't watching their compiler switches. Many new compilers (*cough* Visual Studio) enabled SSE2 by default on x86 32-bit builds when they really shouldn't.

https://connect.microsoft.com/VisualStudio/feedback/details/688736/compiler-generates-sse-instructions-without-arch-sse
http://virtualdub.org/blog/pivot/entry.php?id=354

I got Firefox 29 looking exactly like 28, not easy when one has tabs set to be below the navigation bar. Make sure you install the latest beta of Classic Theme Restorer, it has many new options. My main computer's install of Firefox wouldn't change the max width of tabs for some reason, so I had to install TabMix Plus. I haven't used it since the days of Mozilla Application Suite, it has quite a few nice features now!

deathshadow
May 12th, 2014, 06:10 AM
Many new compilers (*cough* Visual Studio) enabled SSE2 by default on x86 32-bit builds when they really shouldn't.
Sorry, but why not? Why should anyone sleazing out a modern program using a tool like Visual Studio give a flying purple fish if what they compile doesn't run on a Pentium 3? You've got to draw the line SOMEWHERE.. lands sakes SSE3 is now a decade old.

Though honestly with SSE4, AVX and FMA being commonplace, I'm starting to wonder if those Gentoo nutters have it right -- how much software out there is running like crap just because of binaries built to still support two decade old processors.

Caluser2000
May 12th, 2014, 06:23 AM
I just installed Pale Moon, and it is significantly faster than Firefox. It actually makes JavaScript-and-Flash-ridden web sites usable on a Pentium 4! But it requires SSE2, so it won't run on anything older than a Pentium 4 or Athlon 64.There's plenty of those lying next to or in skips that can be put to good use.

commodorejohn
May 12th, 2014, 07:02 AM
Sorry, but why not? Why should anyone sleazing out a modern program using a tool like Visual Studio give a flying purple fish if what they compile doesn't run on a Pentium 3? You've got to draw the line SOMEWHERE.. lands sakes SSE3 is now a decade old.
It would at least be nice if they provided optional lower-end binaries - I can understand not wanting to put additional development effort into supporting old systems, but stuff like SSE2/3 is pretty much just a compiler switch unless they're incorporating low-level assembler optimizations.

vwestlife
May 12th, 2014, 09:25 AM
I got Firefox 29 looking exactly like 28

That's great... but why? Does Firefox 29 really have any useful new features that you can't get in 24.5.x ESR? I set up 29 with Classic Theme Restorer, but after realizing that it isn't giving me any new features or improvements that I need -- on the contrary, it broke compatibility with most of the add-ons I was using -- I switched to ESR-based Pale Moon, which will continue to get security updates through at least October 2014 (at which point Mozilla plans to "Australisize" the ESR version as well, although the main release of Australis was delayed by five versions -- it was originally planned for Firefox 24 -- so that may end up being delayed as well).

SpidersWeb
May 13th, 2014, 03:37 PM
I just started using 29.

The top bar makes it look bald. I see it's now not labelled clearly as being Firefox and the menu is less obvious but the area it previously used is still there so no extra space gained. I don't get it.

Ole Juul
May 13th, 2014, 10:13 PM
I just started using 29.
I'm still using version 25 which has 25 problems. I'd assume that 29 has 4 more. I'm going to stay put until the numbers start going down again.