I'm writing this to "test the waters", and check if there are more people in the same situation as me.

It's obvious that using the previous ESR version of Firefox currently available in pasture/ is dangerous. But the current ESR version is still missing some WebExtensions APIs that are required by certain browser extensions (e.g. Simple Tab Groups requires at least Firefox 63). So I have a decision to make - either run the safer, current ESR version and break my workflow because some extensions are still not supported, or continue using my extensions, but opening my system to some attack vectors?

I'm wondering if I'm the only person facing this dilemma?

If it's just me, then I'll try to build the latest version by myself. I have no idea how it will go (up to a few minutes ago I was convinced that -current has the latest stable Firefox, but actually it's on ESR branch as well, so I can't simply use SlackBuild from -current). I guess building from source will be time consuming, and easy to get wrong. And additionally, the updates are quite frequent nowadays.

But if I'm not alone in this, then maybe it would make sense to additionally provide the latest stable version of Firefox (67.0.4 at the time of writing) in extra/? That would certainly be more energy efficient.

The same probably applies to Mozilla Thunderbird, but currently Firefox is my main concern.

What's you opinion on this? Is there some technical reason Firefox stable can't be provided that I'm not aware of?

At home I continue to use ESR 52. I do not lose sleep about using ESR 52. I don't care what the security wannabe fanboys claim about using that version. I always have run Firefox in a way that almost all common exploits can't and won't affect me. Primarily, through NoScript I do not allow Javashit JavaScript except for a very few trusted sites. I long have practiced not accepting cookies of any kind except for a very few sites. I use several security related extensions. I use DNS blocking to avoid nefarious and malicious URLs. I never open email attachments or select links in emails until I first check the email source. Etc., etc.

At work I am responsible for keeping Firefox updated. I have no choice but to use a supported version. We use ESR 60. I find ESR 60 to be frustrating because of the lack of previous extensions. NoScript frustrates and confuses me with the new interface. Mostly I miss Tab Mix Plus and all the beautiful ways that extension makes Firefox more usable for me at home. To replace the venerable Classic Theme Restorer I use the same author's Custom CSS tools.

Somewhat I find Firefox to be classic fuster cluck. The developers dropped the ball by moving forward without properly defined APIs to replace the previous extension framework. The sad part is there is no decent replacement browser. Anything based on Chrome is surveillance software, regardless of what developers claim. Even the default Firefox installation is surveillance software, but Firefox can be configured to overcome those defaults.

2 members found this post helpful.

Unless you have a burning desire to build from source, you could try downloading the linux version direct from mozilla.
Extract to a directory that suits you and simply run the firefox executable from there. It's not difficult to make a menu entry that points to this version of firefox.

This is what I have been doing for some time now (I have uninstalled the slackware version, but you don't need to).

In preferences I have "Check for updates but let you choose to install them"

I get prompted for updates when there is a new version, and updates install correctly.

I don't know if there are any downsides to this method, but I haven't found any.

tobyl

4 members found this post helpful.

I have the habit to build and use the latest stable Firefox, using The Little Beast, my "overpowered" main box driven by an AM1 CPU named Athlon x4 5350, with TDP of 25W.

In my humble opinion, what they do (at least for slackware-current), staying on Firefox ESR releases is a mistake. The Firefox ESR is not for home users but for organizations and businesses, as Mozilla claims here: https://www.mozilla.org/en-US/firefox/organizations/
Excuse me? For a distribution which makes a pride from not shipping PAM and Kerberos, sinking from starters any use of it on businesses, organizations and schools, why they would ship an Enterprise Software like Firefox ESR?

If myself I can build casually the latest Firefox with a 25W CPU, then for their Ryzen or i9 driven build boxes is matter of minutes.

3 members found this post helpful.

That's one way to do it. I modified the palemoon-bin SlackBuild to install Firefox Developer Edition.

This might help https://addons.mozilla.org/en-US/fir...-on-fix-57-60/

I do not think so. That Firefox package is related to an incident happened not so long in the past, where some SSL certificate expiration resulted in disabling all Firefox addons.

However, the fact is that Firefox (and Chrome) evolves quite fast, and that Firefox ESR is something which someone would expect from RHEL and his foster child CentOS, but not from a development tree which jumps on the latest GCC or X.org no questions asked, like a county girl on the lap of first guy who gives her a drink...

Anyway, like the past demonstrated well, even the LTS kernels aren't more stable or safe than latest ones, and about Firefox, oh well... ESR does not saved the shipped Firefox even from that particular stupid incident.

Ironically, the things was fixed first by Mozilla ensuing a new (latest) stable release, and only some days later by patching the "epic" stable ESR.

BTW, I use from long time the latest Mozilla binaries, using that script "latest-firefox" to repackage it before upgrading.

https://gist.github.com/ruario/9672798

4 members found this post helpful.

Not really, it's already 30 degrees Celsius here.

This looks useful. Thanks for sharing.

Still, I think the best solution would be if latest stable Firefox was available as official Slackware package (even as an optional one).

Perhaps as a package in /extra?

You're not the only one, no. Firefox went off the rails a few years ago, leaving me only with what seemed like impossible decisions.

I switched to Pale Moon, and that has thus far been the right choice. It might or might not be the right choice for you; YMMV.

I run FF (which comes with -current) on most of my Slackware64-current boxes. I run Google Chrome on one Slackware64-current Thinkpad.

On my Slackware 14.2, Firefox v. 60.7.2esr is the currently installed browser.

I have had no issues with it.

The add-on snafu was annoying, but the cause of the problem (allowing a cert to expire) was external to the browser itself. I would consider it hyperbole to characterize the Firefox browser itself as "dangerous."

Certainly, it's not so inimical as Chrome.

1 members found this post helpful.

+1 this works for me too.

Problem with just using the pre-compiled version of Firefox is that it doesn't build or default to ALSA, unless you build it yourself. So if you're not using pulse, there won't be any sound.

1 members found this post helpful.

Yes, they sabotaged that a while back. Not only in their official binaries, but it's disabled by default at compile time... I was hellaciously pissed when I didn't realize they turned if off by default and had to redo a build when I had no audio. Yes, I chose the word sabotage and I mean it. It's no skin off their asses to --enable-alsa yet they disable it, and try to default you into disabling it. That's what they do when they want to try to force a change on everyone, but they'd get too much backlash if they removed the option entirely.

I use pulseaudio now, but I still enable ALSA support to fall back on.