Mozilla has released Firefox 60 for Windows, macOS and Linux, enabling a previously-only-tested policy engine so IT admins can manage the browser within the enterprise.
Firefox, which can be downloaded from here, updates in the background, so most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or details the updating process.
Mozilla usually updates Firefox every six to eight weeks; the last time it upgraded the browser, to version 59, was March 13, or eight weeks ago.
Quantum Enterprise goes live
In March, Mozilla asked for corporate volunteers to help it test a new policy engine that it would add to Firefox Quantum - the secondary name the developer slapped on its browser in late 2017 after a major redesign and recoding - so IT could administer the application through Group Policy on Windows.
As planned, Mozilla enabled the policy engine in Firefox 60, making it possible for the first time to manage the browser. "Firefox now supports a long-requested feature - the ability for IT professionals to easily configure the browser using Windows Group Policy or a cross-platform JSON file," crowed Ryan Pollock, who leads Firefox product marketing, in a post to a company blog Wednesday.
Organizations can deploy either the standard Firefox, which Pollack referred to as "Rapid Release" in a nod to its every-six-week update cadence, or the long-available Extended Support Release (ESR). The latter remains feature-stable for about a year, receiving only security fixes during that time. At the end of a year, a new ESR build is produced from the then-latest Firefox.
Pollack touted Firefox's speed, something Mozilla has hung much of its Quantum marketing around, the Mozilla Foundation's emphasis on user privacy, and, of course, the new management skills in his pitch to corporations. Left unsaid was Mozilla's historical neglect of the enterprise: It kicked off ESR in 2012, but then took six years to add basic management through Group Policy.
The move also signals that Mozilla is actively after customers anywhere it can find them. Although Quantum collected praise from many reviewers when it launched last year, the overhaul has not returned the browser to growth, as tracked by independent metrics companies. U.S.-based vendor Net Applications, for example, has recorded an 11% decrease in Firefox's user share since Quantum's November debut.
Tokens replace passwords
Firefox 60 also added support for the WebAuthn API (application programming interface), which is enabled by default.
A W3 (World Wide Web Consortium) standard - albeit not finalized - WebAuthentication (truncated to WebAuthn) provides two-factor authentication for website log-ins using hardware keys that generate FIDO U2F tokens. Those keys, typically USB devices, are sold under names such as U2F Zero, ePass and Yubikey at prices ranging from $9 to $50.
Although Firefox 60 is the first browser to support WebAuthn, Google was a major driver of FIDO U2F; its Chrome has supported the keys since version 38 in 2014.
"WebAuthn is a set of anti-phishing rules that uses a sophisticated level of authenticators and cryptography to protect user accounts," Nick Nguyen, Mozilla's vice president of product strategy, wrote in a company blog post Wednesday. "It supports various authenticators, such as physical security keys today, and in the future mobile phones, or biometric mechanisms such as face recognition or fingerprints."
So, while Firefox 60 does not do away with log-on passwords, by supporting WebAuthn - and assuming site developers adopt the standard - Firefox in the future may do so with next-generation hardware keys.
Mozilla also patched 26 security vulnerabilities in Firefox 60, two of which were marked "Critical," the company's most serious threat ranking.
The next edition, Firefox 61, should reach users June 26, according to the browser's release calendar.