Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

Constant Updates to 43.0.x -

more options

First, I have Preferences ->Advanced -> Update set to Never. Installed version is 38.05.

Every morning I when I log in I find it's been upgraded to 43.0.x. So I have to uninstall, reinstall 38.05 before I can start my work day.

Why is this program doing this in direct contravention to my settings? Even as we speak there's a pending update to 43, even after my first action was to disable automatic updates.

How can I stop these updates?

First, I have Preferences ->Advanced -> Update set to Never. Installed version is 38.05. Every morning I when I log in I find it's been upgraded to 43.0.x. So I have to uninstall, reinstall 38.05 before I can start my work day. Why is this program doing this in direct contravention to my settings? Even as we speak there's a pending update to 43, even after my first action was to disable automatic updates. How can I stop these updates?

Vahaolana nofidina

I know of two changes in Firefox 39 related to secure sites:

(1) No longer possible to use SSLv3 at all. If you need SSLv3 to administer an older device which cannot be upgraded, you have to use ESR.

(2) Logjam detection related to weak ephemeral Diffie-Hellman ciphers. There is a workaround that works with most servers: you can disable two ciphers in Firefox to try to force the server to up its game. Here's how:

(A) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(B) In the search box above the list, type or paste dhe and pause while the list is filtered

(C) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)

(D) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)

If that doesn't work on your internal site, then ESR is your best bet.

Hamaky an'ity valiny ity @ sehatra 👍 0

All Replies (3)

more options

The update settings usually work. Sometimes after an update the temp folder(s) used in that process might not be cleaned out successfully and therefore it runs again. I've seen it mentioned in other threads, but haven't dug into the details.

Why are you avoiding newer versions of Firefox? You probably are aware that older versions have publicly disclosed security vulnerabilities that make them unsafe to use on the wilds of the web.


If you really need to stay on Firefox 38, consider switching to Firefox ESR, the extended support release, which currently is based on Firefox 38, but still gets the highest priority security updates. You can read more about it here: https://www.mozilla.org/firefox/organizations/

To install ESR, I suggest this method to avoid folder confusion:

(A) Download an installer for Firefox 38.5.2esr from https://www.mozilla.org/firefox/organizations/all/ to a convenient location. (Scroll down to your preferred language.)

(B) Exit out of Firefox (if applicable).

(C) Rename the program folder, either:

(64-bit Windows folder names)

C:\Program Files (x86)\Mozilla Firefox

to

C:\Program Files (x86)\FxOld

(32-bit Windows folder names)

C:\Program Files\Mozilla Firefox

to

C:\Program Files\FxOld

(D) Run the installer you downloaded in (A). It should automatically connect to your existing settings.

Note: Some plugins may exist only in that old folder. If something essential is missing, look in these folders:

  • \FxOld\Plugins
  • \FxOld\browser\plugins
more options

There's an internal / private admin site that I use to access my workflow, and it trips up more recent versions of Firefox because of the SHA issues.

But changing the website it outside my access rights and management has already decreed it to be a very low priority since it's an internal only site, so it won't be updated until a bunch of other things are done first.

If FF would only give us a bypass / ignore option for that message, I could use it. But just stopping at the error page makes the application completely non-useful, no matter how secure it is.

more options

Vahaolana Nofidina

I know of two changes in Firefox 39 related to secure sites:

(1) No longer possible to use SSLv3 at all. If you need SSLv3 to administer an older device which cannot be upgraded, you have to use ESR.

(2) Logjam detection related to weak ephemeral Diffie-Hellman ciphers. There is a workaround that works with most servers: you can disable two ciphers in Firefox to try to force the server to up its game. Here's how:

(A) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(B) In the search box above the list, type or paste dhe and pause while the list is filtered

(C) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)

(D) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)

If that doesn't work on your internal site, then ESR is your best bet.