Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Improved Security and Privacy Indicators in Firefox 70

Filed under
Moz/FF
Security
Web

The upcoming Firefox 70 release will update the security and privacy indicators in the URL bar.

In recent years we have seen a great increase in the number of websites that are delivered securely via HTTPS. At the same time, privacy threats have become more prevalent on the web and Firefox has shipped new technologies to protect our users against tracking.

To better reflect this new environment, the updated UI takes a step towards treating secure HTTPS as the default method of transport for websites, instead of a way to identify website security. It also puts greater emphasis on user privacy.

Read more

Mozilla: Firefox, Monitor and Search Engine Add-ons

Filed under
Moz/FF
  • has google won the browser wars? – should Mozilla build their own SmartPhones?

    on the desktop: one refuses to believe it.

    on mobile: should Mozilla start building their own SmartPhone and ship Firefox.apk per default?

  • Why you should review your credit report after a data breach

    When significant data breaches happen where high risk data is at stake, there’s often a lot of talk about credit reports. Some companies that have been hacked may even be required to provide credit monitoring to their customers as part of their breach notification requirements. Whether the breached company provides credit monitoring or not, security experts recommend you check your credit reports for suspicious activity. To protect your identity, they also recommend you freeze your credit. Here’s what that means and why it’s important.

  • Search Engine add-ons to be removed from addons.mozilla.org

    For the last eleven years, Firefox Search Engine add-ons have been powered by OpenSearch. With the recent implementation of the search overrides API, a WebExtensions API that offers users more controls for opting into changes, Mozilla intends to deprecate OpenSearch and eventually remove it from Firefox. Search Engine add-ons will be removed from AMO on December 5, 2019.

Firefox’s New WebSocket Inspector

Filed under
Moz/FF

The Firefox DevTools team and our contributors were hard at work over the summer, getting Firefox 70 jam-packed with improvements. We are especially excited about our new WebSocket inspection feature, because you told us in feedback how important it would be for your daily work.

To use the inspector now, download Firefox Developer Edition, open DevTools’ Network panel to find the Messages tab. Then, keep reading to learn more about WebSockets and the tricks that the new panel has up its sleeve.

But first, big thanks to Heng Yeow Tan, the Google Summer of Code (GSoC) student who’s responsible for the implementation.

Read more

Announcing Rustup 1.20.0

Filed under
Development
Moz/FF

The rustup working group is happy to announce the release of rustup version 1.20.0. Rustup is the recommended tool to install Rust, a programming language that is empowering everyone to build reliable and efficient software.

Read more

Also Mozilla: Karl Dubost: This is not a remote work

Chrome users gloriously freed from obviously treacherous and unsafe uBlock Origin

Filed under
Google
Moz/FF
OSS
Web

Thank you, O Great Chrome Web Store, for saving us from the clearly hazardous, manifestly unscrupulous, overtly duplicitous uBlock Origin. Because, doubtlessly, this open-source ad-block extension by its very existence and nature could never "have a single purpose that is clear to users." I mean, it's an ad-blocker. Those are bad.
Really, this is an incredible own goal on Google's part. Although I won't resist the opportunity to rag on them, I also grudgingly admit that this is probably incompetence rather than malice and likely yet another instance of something falling through the cracks in Google's all-powerful, rarely examined automatic algorithms (though there is circumstantial evidence to the contrary). Having a human examine these choices costs money in engineering time, and frankly when the automated systems are misjudging something that will probably cost Google's ad business money as well, there's just no incentive to do anything about it. But it's a bad look, especially with how two-faced the policy on Manifest V3 has turned out to be and its effect on ad-blocker options for Chrome.

It is important to note that this block is for Chrome rather than Chromium-based browsers (like Edge, Opera, Brave, etc.). That said, Chrome is clearly the one-ton gorilla, and Google doesn't like you sideloading extensions. While Mozilla reviews extensions too, and there have been controversial rejections on their part, speaking as an add-on author of over a decade there is at least a human on the other end even if once in a while the human is a butthead. (A volunteer butthead, to be sure, but still a butthead.) Plus, you can sideload with a little work, even unsigned add-ons. So far I think they've reached a reasonable compromise between safety and user choice even if sometimes the efforts don't scale. On the other hand, Google clearly hasn't by any metric.

Read more

Mozilla: Firefox, Rust and XUL Extensions

Filed under
Moz/FF
  • These Weeks in Firefox: Issue 66
  • How to speed up the Rust compiler some more in 2019

    In July I wrote about my efforts to speed up the Rust compiler in 2019. I also described how the Rust compiler has gotten faster in 2019, with compile time reductions of 20-50% on most benchmarks. Now that Q3 is finished it’s a good time to see how things have changed since then.

  • Extensions in Firefox 70

    Welcome to another round of new additions and changes to extensions, this time in Firefox 70. We have a new API, some improvements on existing APIs, and some great additions to Firefox Developer Tools to make it easier to debug your extensions.

    [...]

    We’ve made a few improvements to the downloads API in Firefox 70. By popular request, the Referer header is now allowed in the browser.downloads.download API’s headers object. This allows extensions, such as download managers, to download files for sites that require a referrer to be set.

    Also, we’ve improved error reporting for failed downloads. In addition to previously reported failures, the browser.downloads.download API will now report an error in case of various http 4xx failures. This makes the API more compatible with Chrome and gives developers a way to react to these errors in their code.

  • Last version

    Yesterday I released Mail Redirect 0.10.5, which may very well be the last version of Mail Redirect, at least in this form. The version contains some small bug fixes, with relation to compatibility with other extensions, Cardbook and Thunderbird Conversations to be precise.

    I already started trying to make Mail Redirect compatible with Thunderbird 71.0a1, when the Thunderbird developers announced that support traditional XUL-overlay add-ons, which Mail Redirect is, will be dropped in Thunderbird 72. This means that any effort I put in the add-on now with relation to compatibility with future Thunderbird versions will stop working in a month or so, so that won’t do any good.

    The good thing is that XUL-overlay add-ons will beep working in this major ESR-release, so Mail Redirect 0.10.5 will keep on working in Thunderbird 68., and will only stop working in Daily and Beta and in the next major Thunderbird release 76, which is planned to be released somewhere in july, I think.

    I haven’t decided what to do with Mail Redirect. In order to keep on working in Thunderbird 72+, I need to convert it to a WebExtension Experiment, but that will be a major rewrite and the future of WebExtension Experiments isn’t clear either. Thunderbird developers indicated that support for WebExtension Experiments will also be dropped somewhere in the future, so I’m not quite convinced yet that it will be worth the effort.

Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit

Filed under
Mac
Moz/FF
Security

A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2. After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the audit), and iTerm2’s developer George Nachman worked closely together to develop and release a patch to ensure users were no longer subject to this security threat. All users of iTerm2 should update immediately to the latest version (3.3.6) which has been published concurrent with this blog post.

Founded in 2015, MOSS broadens access, increases security, and empowers users by providing catalytic support to open source technologists. Track III of MOSS — created in the wake of the 2014 Heartbleed vulnerability — supports security audits for widely used open source technologies like iTerm2. Mozilla is an open source company, and the funding MOSS provides is one of the key ways that we continue to ensure the open source ecosystem is healthy and secure.

iTerm2 is one of the most popular terminal emulators in the world, and frequently used by developers. MOSS selected iTerm2 for a security audit because it processes untrusted data and it is widely used, including by high-risk targets (like developers and system administrators).

Read more

Firefox 71: new kiosk mode for the browser

Filed under
Moz/FF

Mozilla plans to integrate kiosk mode functionality in version 71 of the Firefox web browser that users of the browser may launch from the command line.

First requested more than 17 years ago, work on integrating a kiosk mode in the Firefox web browser started five months ago. Current Firefox Nightly versions support the new mode already.

Kiosk mode refers to a special display mode that launches the browser without interface elements in fullscreen. It is different from the browser's fullscreen mode that users can activate with a tap on the F11-key on the keyboard. F11 switches the browser to fullscreen and removes interface elements by default, but these can be displayed by moving the mouse to the top; additionally, another tap on F11 exits fullscreen mode again and restores the default browsing mode.

Read more

Also: Future OpenPGP Support in Thunderbird

Browsers: Opera 64 (Proprietary), Firefox and Chrome Benchmarks, New Firefox Features

Filed under
Google
Moz/FF
Web
  • Opera 64 is out: New tracker blocker promises you up to 20% faster page loads

    Browser maker Opera is releasing Opera 64 to the stable channel, offering users improved privacy protections from online tracking and updates to its Snapshot tool.

  • Firefox 69 + Chrome 77 On Windows 10 vs. Ubuntu / Clear Linux Benchmarks

    With running some fresh cross-OS benchmarks now that Ubuntu 19.10 is imminent followed by Ubuntu 19.10, a new Windows 10 update coming in the days ahead, and also the release of macOS 10.15, a lot of fun benchmarks are ahead. In today's article is a quick look at the Windows 10 vs. Ubuntu 19.10 vs. Clear Linux web browser performance for both Mozilla Firefox and Google Chrome.

  • Firefox 71 Landing Wayland DMA-BUF Textures Support

    Landing recently into the Mozilla code-base for the Firefox 71 release is DMA-BUF textures support on Wayland. When using Firefox with the OpenGL compositor enabled, the DMA-BUF EGL texture back-end is used that allows for sharing of buffers between the main/compositor process, working directly in GPU memory, and other benefits with this DMA-BUF usage. That code has been merged as another step forward for Firefox on Linux/Wayland.

Thunderbird, Enigmail and OpenPGP

Filed under
Moz/FF

Today the Thunderbird project is happy to announce that for the future Thunderbird 78 release, planned for summer 2020, we will add built-in functionality for email encryption and digital signatures using the OpenPGP standard. This new functionality will replace the Enigmail add-on, which will continue to be supported until Thunderbird 68 end of life, in the Fall of 2020.

For some background on encrypted email in Thunderbird: Two popular technologies exist that add support for end-to-end encryption and digital signatures to email. Thunderbird has been offering built-in support for S/MIME for many years and will continue to do so.

The Enigmail Add-on has made it possible to use Thunderbird with external GnuPG software for OpenPGP messaging. Because the types of add-ons supported in Thunderbird will change with version 78, the current Thunderbird 68.x branch (maintained until Fall 2020) will be the last that can be used with Enigmail.

Read more

Syndicate content