Language Selection

English French German Italian Portuguese Spanish

Mozilla: Firefox 71 Is Now Available, TenFourFox FPR17 Also Available, Firefox Turns 15 and More

Filed under
Moz/FF
  • Mozilla Firefox 71 Is Now Available to Download for Linux, Windows, and macOS

    The upcoming Firefox 71 web browser is now available to download for all supported platforms, including Linux, Windows, and macOS, ahead of tomorrow's official launch.
    Firefox 71 has entered development in late October and it promises to introduce a new "--kiosk" command-line parameter that opens the web browser in full-screen mode (a.k.a. kiosk mode), a redesigned about:config internal configuration page, as well as Picture-in-Picture (PiP) support on Windows.

    "Windows users now have the ability to pop out videos on the web into an always-on-top video player using the Picture-in-Picture feature! For most videos, this can be accomplished by hovering the video with the mouse, and clicking on the Picture-in-Picture toggle," explained Mozilla in the preliminary release notes.

  • TenFourFox FPR17 available

    TenFourFox Feature Parity Release 17 final is now available for testing (downloads, hashes, release notes). Apologies for the delay, but I was visiting family and didn't return until a few hours ago so I could validate and perform the confidence testing on the builds. There are no other changes in this release other than a minor tweak to the ATSUI font blacklist and outstanding security patches. Assuming all is well, it will go live tomorrow evening Pacific time.

    The FPR18 cycle is the first of the 4-week Mozilla development cycles. It isn't feasible for me to run multiple branches, so we'll see how much time this actually gives me for new work. As previously mentioned, FPR18 will be primarily about parity updates to Reader mode, which helps to shore up the browser's layout deficiencies and is faster to render as well. There will also be some other minor miscellaneous fixes.

  • [Older] Firefox at 15: its rise, fall, and privacy-first renaissance

    There’s a good chance you are reading this in Google’s Chrome web browser, which commands 65% of the global market (and about 50% in the U.S.), according to Statcounter. Only about 4% to 5% of web surfers now go online through Firefox, the open-source browser from the California-based Mozilla foundation. But the web was much different when Firefox launched 15 years ago on November 9, 2004, and the browser began a fast rise to prominence.

    When Firefox hit the scene, Internet Explorer had more than 90% market share, having felled Netscape Navigator. Given that it was the default browser on Windows, which commanded a similar share of the operating system market, its monopoly seemed like it could be permanent. But Firefox quickly caught on, and eventually grew to command about a third of the market at its height in 2009. While it’s unlikely to recapture such former glory, Firefox has been experiencing something of a renaissance, not just by improving speed and features, but by putting user control over privacy front and center.

    Fifteen years on, it’s hard to imagine how radical Firefox was at the time of its debut. Instead of coming from a megacorporation like Microsoft (or today, Google), Firefox was built by volunteers around the world who gave their code away for free. “Open source was well known for developers,” says Mitchell Baker, who cofounded the Mozilla Project back in 1998 and is today the chairwoman of the Mozilla Corporation and Mozilla Foundation. “But the common wisdom of the time was that open source was only for the geeks. You could build [tools] for developers but not consumer products out of it.”

  • Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs

    I recently gave a talk at OWASP Global AppSec in Amsterdam and summarized the presentation in a blog post about how to achieve “critical”-rated code execution vulnerabilities in Firefox with user-interface XSS. The end of that blog posts encourages the reader to participate the bug bounty program, but did not come with proper instructions. This blog post will describe the mitigations Firefox has in place to protect against XSS bugs and how to test them.

    Our about: pages are privileged pages that control the browser (e.g., about:preferences, which contains Firefox settings). A successful XSS exploit has to bypass the Content Security Policy (CSP), which we have recently added but also our built-in XSS sanitizer to gain arbitrary code execution. A bypass of the sanitizer without a CSP bypass is in itself a severe-enough security bug and warrants a bounty, subject to the discretion of the Bounty Committee. See the bounty pages for more information, including how to submit findings.

  • Botond Ballo: Developing Mozilla C++ code with clangd and VSCode

    I’ve long been a fan of smart editors which have a semantic understanding of the code you’re editing, and leverage it to provide semantics-aware features such as accurate code completion (only offering completions for names that are actually in scope), go-to-definition, find references, semantic highlighting, and others.

    When I joined Mozilla six years ago, my choice of editor for C++ code was Eclipse CDT, because based on experience and research, this was the most fully-featured option that was cross-platform and open-source. (Depending on who you ask, Visual Studio, XCode, and CLion have, at various times, been described as matching or exceeding Eclipse CDT in terms of editor capabilities, but the first two of these are single-platform tools, and are three all proprietary.)

    This assessment was probably accurate at that time, and probably even for much of the intervening time, but in recent years Eclipse CDT has not aged well. The main reason for this is that Eclipse CDT has its own C++ parser. (For brevity, I’m using “parsing” here as an umbrella term for lexing, preprocessing, parsing, semantic analysis, and all other tasks that need to be performed to build a semantic model of code from source.) C++ is a very complex language to parse, and thus a C++ parser requires a lot of effort to write and maintain. In the early days of CDT, there was a lot of investment, mostly from commercial vendors that packaged CDT-based IDEs, in building and maintaining CDT’s parser, but over time, the level of investment has faded. Meanwhile, the C++ language has been gaining new features at an increasing rate (and the Mozilla codebase adopting them — we’re on the verge of switching to C++17), and CDT’s parser just hasn’t been able to keep up.

Now official, and Avast extensions banned

  • 71.0 Firefox Release

    Version 71.0, first offered to Release channel users on December 3, 2019

  • Firefox 71 Available With New Kiosk Mode, New Certificate Viewer

    Today marks the last Mozilla Firefox feature update of 2019 with the release of Firefox 71.0.

    Firefox 71.0 introduces a --kiosk CLI switch for launching Firefox in a full-screen kiosk mode, a redesigned about:config area, a new certificate viewer, new server timing information is exposed via Firefox's Developer Tools, partial support for the Media Session API, native MP3 encoding is enabled for all desktop platforms, and various other developer enhancements.

  • Mozilla and Google remove Avast extensions from add-on stores

    A month ago I wrote about Avast browser extensions being essentially spyware. While this article only names Avast Online Security and AVG Online Security extensions, the browser extensions Avast SafePrice and AVG SafePrice show the same behavior: they upload detailed browsing profiles of their users to uib.ff.avast.com. The amount of data collected here exceeds by far what would be considered necessary or appropriate even for the security extensions, for the shopping helpers this functionality isn’t justifiable at all.

    [...]

    Spying on your users is clearly a violation of the terms that both Google and Mozilla make extension developers sign. So yesterday I reported these four extensions to Mozilla and Google. Quite surprisingly, as of today all of these extensions are no longer listed on either Mozilla Add-ons website or Chrome Web Store. That was a rather swift action!

    It remains to be seen how this will affect millions of existing extension users. At least Mozilla didn’t add Avast extensions to the blocklist yet, stating that they are still talking to Avast. So the extensions will remain active and keep spying on the users for now. As to Google, I don’t really know where I can see their blocklist, any hints?

Multilingual Gecko Status Update 2019

  • Multilingual Gecko Status Update 2019

    Welcome to the fourth edition of Multilingual Gecko Status Update!

    In the previous update we covered the work which landed in Firefox 61-64.

    At the time, we were landing Fluent DOM Localization APIs, still adding mozIntl features, and we had close to 800 strings migrated to Fluent.

    I indicated that 2019 should be quieter, and in result I reduced the update frequency to just one this year.

Coverage by Thomas Claburn in San Francisco

  • Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

    Patting itself on the back for blocking more than one trillion web tracking requests through its Enhanced Tracking Protection tech, Mozilla on Tuesday continued its privacy push with a further test of its Firefox Private Network service, an update to Firefox Preview Beta for Android, and the debut of its latest desktop browser, Firefox 71.

    Back in September, Mozilla began testing its Firefox Private Network (FPN), a virtual private network (VPN) service for browser traffic, enabled through a Firefox extension (add-on), and soon for protecting all applications on devices at the operating system level.

    That FPN beta test has now reached its next stage. Mozilla is inviting US users of the Firefox desktop browser with Firefox Accounts to try FPN out, for free, for up to 12 hours per month.

    "With the holidays around the corner, the FPN couldn’t come at a more convenient time," said Marissa Wood, VP of product at Mozilla, in a blog post. "We know people are traveling and might have to rely on an unsecured public Wi-Fi network, like the one at the airport, at your local coffee shop, or even at your doctor’s office."

    FPN creates a secure tunnel from the user's browser or device to the internet, protecting any data passing through a Wi-Fi hotspot – if you must log into a public WiFi hotspot, you should use a VPN. Instead of providing the user's IP address, it presents its own IP address, which makes tracking more difficult.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

GNU Parallel 20200222 ('BrexitDay') released [stable]

GNU Parallel 20200222 ('BrexitDay') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

GNU/Linux in Crostini Form

  • Using 'LXPanel' as a UI for Crostini

    If you are used to a menu-driven user interface in Linux or find the Chrome OS application launcher not quite to your liking for accessing Crostini Linux applications then one option you could try is LXPanel. The panel generates a menu for installed applications automatically from '*.desktop' files and can itself be incorporated in its own '.desktop' file which if pinned to the Chrome OS shelf can also be used as a means to start the 'penguin' container after booting. Unfortunately it is not quite perfect as the panel is displayed in the middle of the screen and doesn't respond well to changing its position under geometry in its panel settings. However you can toggle its visibility by clicking the panel's icon on the shelf. Also closing the panel (by right clicking the icon) only closes the 'LXPanel' application in Chrome OS so to terminate it fully you need to use 'killall lxpanel' in a terminal session.

  • Linux apps on Chromebooks may be reason enough for external GPU support

    We’ve been tracking a device known only as ‘Mushu’ for about a month at this point, and it brings with it a very specific and interesting addition to the Chrome OS ecosystem: a discrete GPU (or dGPU for short). When we first reported on this device being in development, I suggested that I don’t see a ton of use cases for a Chromebook with a dGPU for most users. Without a proper video editor or tons of ways to play locally-stored games, its hard to make a case for dGPUs when existing Chromebooks are already so fast at what they do.

NVIDIA's Ray Tracing Approach in Vulkan

  • NVIDIA talk up bringing DirectX Ray Tracing to Vulkan

    With Ray Tracing becoming ever more popular, NVIDIA have written up a technical post on bringing DirectX Ray Tracing to Vulkan to encourage more developers to do it. The blog post, titled "Bringing HLSL Ray Tracing to Vulkan" mentions that porting content requires both the API calls (so DirectX to Vulkan) and the Shaders (HLSL to SPIR-V). Something that's not so difficult now, with the SPIR-V backend to Microsoft's open source DirectXCompiler (DXC). Since last year, NVIDIA added ray tracing support to DXC's SPIR-V back-end too using their SPV_NV_ray_tracing extension and there's already titles shipping with it like Quake II RTX and Wolfenstein: Youngblood. While this is all NVIDIA-only for now, The Khronos Group is having discussions to get a cross-vendor version of the Vulkan ray tracing extension implemented and NVIDIA expect the work already done can be used with it which does sound good.

  • NVIDIA Demonstrates Porting Of DirectX Ray-Tracing To Vulkan

    NVIDIA has written a new technical blog post on bringing HLSL ray-tracing to Vulkan with the same capabilities of DirextX Ray-Tracing. This effort is made feasible by Microsoft's existing open-source DirectXCompiler (DXC) with SPIR-V back-end for consumption by Vulkan drivers. Last year NVIDIA contributed to the open-source DXC support for SPV_NV_ray_tracing. This in turn with the open-source tooling allows converting DXR HLSL shaders into SPIR-V modules for Vulkan.

Vulkan Survey and AMDVLK, AMD Targets GNU/Linux

  • LunarG's Vulkan developer survey results out now - Vulkan also turns 4

    LunarG, the software company that Valve sponsors who work on building out the ecosystem for the Vulkan API recently conducted a Vulkan developer survey with the results out now. Before going over the results, just a reminder that Vulkan just recently turned four years old! The 1.0 specification went public on February 16, 2016. Since then, we've seen some pretty amazing things thanks to it. We've had Linux ports that perform really nicely, the mighty DXVK translation layer advanced dramatically, to the vkBasalt post-processing layer and so on—there's been a lot going on. However, as a graphics API do remember it's pretty young and has a long life ahead of it. As for the LunarG survey: there were 349 replies to it, and while not a huge amount it gives us an interesting insight into what some developers think and feel about how Vulkan is doing as a whole. Overall, it gives quite a positive picture on the health of Vulkan with over 60% feeling the overall quality of the Vulkan ecosystem as "Good" and almost 20% rating it as "Excellent".

  • AMDVLK 2020.Q1.2 Released With Vulkan 1.2 Support

    AMDVLK 2020.Q1.2 is out as the first official AMD open-source Vulkan Linux driver code drop in one month. AMDVLK has been off its wagon this quarter with their previous weekly/bi-weekly code drops of AMDVLK but that just means the v2020.Q1.2 is quite a big one. First up, AMDVLK 2020.Q1.2 now is supporting Vulkan 1.2 that debuted back in January and with Mesa's RADV Radeon Vulkan driver already having supported it for weeks.

  • Radeon Pro Software for Enterprise 20.Q1.1 for Linux Released

    AMD's Radeon Pro Software for Enterprise 20.Q1.1 Linux driver release was made available this week as their newest quarterly driver installment intended for use with Radeon Pro graphics hardware.