Site icon Sophos News

Firefox hits 100*, fixes bugs… but no new zero-days this month

Firefox has followed Chromium to the century mark, reaching a score of 100* with its latest scheduled almost-monthly release.

For readers without the sporting good fortune of living in a cricket-playing country, an individual score of 100 in a single innings, known as a century or a ton, is considered a noteworthy achivement.

Adding an asterisk after the score means “not out”, in other words that the batter is still going strong (or completed their innings without getting out at all), making the feat even more noteworthy.

We know you’re wondering, and if you aren’t you should be, so we’ll mention that from 1959 to 1994, the highest ever score worldwide in first-class cricket was 499, with no asterisk, by the late, great Pakistani batter Hanif Mohammed. Desperate to reach 500 before he ran out of batting time, he took a weary risk for that magical 500th run but fell one short. That total wasn’t eclipsed until 1994, when West Indian batter Brian Lara got to 501*, a record that has stood ever since. Indeed, the only first-class score of 400 or more since Lara’s 501* was Lara’s own 400* in 2004, playing in an international match against England in Antigua. At its current release rate of once every four weeks, Firefox has just over 23 years to go to equal Lara’s quadruple century, and almost 30 years to reach 502*.

No trouble at the version number mill

Earlier this year, we wrote about the potential confusion that Chrome (now at 101) and Firefox (100 today) might cause for some users…

…not through any fault on the part of Google or Mozilla, the respective curators of the Chromium and Firefox codebases, but because at least a few web servers seemed unable to recognise three-digit version numbers correctly.

Today’s ever-funkier and ever-keener-to-track-you websites love to look at your HTTP headers to try to figure out which browser you’re using, and what version you’re on, for example by dissecting the User-Agent header to decide what sort of content to send back.

After updating, our Firefox User-Agent string now looks like this:

GET / HTTP/1.1
Host: testsite.example
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
[.  .  .  .]

Back in February 2022, a few mainstream sites didn’t seem to realise that 100 was greater than 99, presumably because they were hard-coded to use only the first (or last) two characters of the version number, millennium bug style, thus turning the text 100 either into the number 10, or into the number zero.

https://nakedsecurity.sophos.com/2022/02/25/did-we-learn-nothing-from-y2k-why-are-some-coders-still-stuck-on-two-digit-numbers/

Fortunately, we have’t had any visible trouble with Edge, which is based on Chromium and flipped over from 99 to 100 at the start of April (keeping just ahead of Firefox with 101 out at the start of May), and in the few hours that we’ve been on Firefox 100.0, we’ve had no problems either.

We’re assuming either that the last few poorly-coded websites fixed their server-side code in the interim, or that the “special case” lists of problem sites created in recent months by Google and Firefox have suppressed any problems, for example by allowing both browsers to pretend as needed still to be version 99.

Bugs fixes in this update

The good news is that none of the security bugs patched in Firefox 100 (or its equivalent long-term version 91.9 ESR, which has the feature set of Firefox 91 plus a further 9 versions worth of vulnerability updates to bring it onto a cybersecurity par with 100) is considered “Critical”, and there aren’t any zero-day holes on the list.

Nevertheless, the patches deal with an intriguing range of security issues, reminding us all just how much we rely on our browsers to do the right thing when it comes to cybersecurity.

CVE-numbered vulnerabilities dealt with in this update include:

What to do?

Use Help > About Firefox to force a manual check for updates.

Remember that even if you have automatic updates turned on, it’s worth checking that you’ve correctly received the update, instead of simply assuming it worked.


“About Firefox” dialog offering an immediate update to 100,0.

Exit mobile version