Slashdot Mirror

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."
InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."
InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."
InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."

Mozilla has a new logo. The company has ditched the world "ill" from the name with a colon and two slashes. From a report: Last year, Mozilla, the internet company best known for the Firefox browser, publicly started the rebranding process by opening the door to public feedback. With several options on display, Mozilla asked for comments and input from all who cared to share. As of today, the new logo is official and the simple change is meant as a reminder that Mozilla is more than just a browser.

An anonymous reader quotes Bleeping Computer: Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden form fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form... Finnish web developer Viljami Kuosmanen has published a demo on GitHub... A user looking at this page will only see a Name and Email input field, along with a Submit button. Unless the user looks at the page's source code, he won't know that the form also contains six more fields named Phone, Organization, Address, Postal Code, City, and Country. If the user has an autofill profile set up in his browser, if he decides to autofill the two visible fields, the six hidden fields will be filled in as well, since they're part of the same form, even if invisible to the user's eye.

Browsers that support autofill profiles are Google Chrome, Safari, and Opera. Browsers like Edge, Vivaldi, and Firefox don't support this feature, but Mozilla is currently working on a similar feature.

An anonymous reader writes: Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts. The user privacy protection system was borrowed from the Tor Browser, where a similar mechanism blocks websites from identifying users based on the fonts installed on their computers, only returning a list of "default fonts" per each OS. While sabotaging system font queries won't stop user fingerprinting as a whole, this is just one of the latest privacy-related updates Mozilla has added to Firefox, taken from Tor. Back in July 2016, Mozilla engineers started the Tor Uplift project, which aims to improve Firefox's privacy features with the ones present in the Tor Browser.

Krystalo writes: Mozilla today announced that it will continue to support Firefox for Windows XP and Windows Vista until September 2017. In March 2017, XP and Vista users will automatically be moved to the Firefox Extended Support Release (ESR) and in mid-2017 the company will reassess user numbers to announce a final support end date for the two operating systems. Firefox ESR is a version designed for schools, universities, businesses, and others who need help with mass deployments. Firefox ESR releases are maintained for one year. This means Mozilla will provide regular Firefox security patches for XP and Vista users for nine more months. After that, it may continue for a few more months, but eventually the browser won't get new versions on those operating systems. Mozilla correctly notes that "unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use." The company also tells enterprises that September 2017 should be considered the support end date for planning purposes and "strongly recommends" that all users "upgrade to a version of Windows that is supported by Microsoft."

Krystalo writes: Mozilla today announced that it will continue to support Firefox for Windows XP and Windows Vista until September 2017. In March 2017, XP and Vista users will automatically be moved to the Firefox Extended Support Release (ESR) and in mid-2017 the company will reassess user numbers to announce a final support end date for the two operating systems. Firefox ESR is a version designed for schools, universities, businesses, and others who need help with mass deployments. Firefox ESR releases are maintained for one year. This means Mozilla will provide regular Firefox security patches for XP and Vista users for nine more months. After that, it may continue for a few more months, but eventually the browser won't get new versions on those operating systems. Mozilla correctly notes that "unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use." The company also tells enterprises that September 2017 should be considered the support end date for planning purposes and "strongly recommends" that all users "upgrade to a version of Windows that is supported by Microsoft."

An anonymous reader quotes a report from Ars Technica: With Firefox 50, Mozilla has rolled out the first major piece of its new multi-process architecture. Edge, Internet Explorer, Chrome, and Safari all have a multiple process design that separates their rendering engine -- the part of the browser that reads and interprets HTML, CSS, and JavaScript -- from the browser frame. They do this for stability reasons (if the rendering process crashes, it doesn't kill the entire browser) and security reasons (the rendering process can be run in a low-privilege sandbox, so exploitable flaws in the rendering engine are harder to take advantage of). Moreover, these browsers can all create multiple rendering engine processes and use different processes for different tabs. This means that the scope of a crash is narrowed even further, typically to a single tab. Internet Explorer and Chrome both implemented this long ago, in 2009. Firefox, however, has not offered a similar design. Although work on a multi-process browser was started in 2009, under the codename Electrolysis, that work was suspended between 2011 and 2013 as priorities within the organization shifted. In response, Mozilla started switching to a new extension system in 2015 that opened the door to a multi-process design. The first stage of Firefox's move to multi-process involves separating the browser shell from a single rendering process that's used by every tab. In Firefox 48, that feature was enabled for a small number of users who used no extensions. Firefox 49 was rolled out to include users running a limited selection of extensions. Now, in Firefox 50, a separate renderer process is used for most users and most extensions. Developers are now able to mark their extensions as explicitly multi-process compatible. Firefox 51 will extend this even further to cover all extensions, except those that are explicitly marked as incompatible. Mozilla says that, even with the limited changes made in Firefox 50, responsiveness of the browser has improved by 400 percent due to the separation between the renderer and the browser shell. During page loads, responsiveness will increase to 700 percent.

An anonymous reader quotes a report from Ars Technica: With Firefox 50, Mozilla has rolled out the first major piece of its new multi-process architecture. Edge, Internet Explorer, Chrome, and Safari all have a multiple process design that separates their rendering engine -- the part of the browser that reads and interprets HTML, CSS, and JavaScript -- from the browser frame. They do this for stability reasons (if the rendering process crashes, it doesn't kill the entire browser) and security reasons (the rendering process can be run in a low-privilege sandbox, so exploitable flaws in the rendering engine are harder to take advantage of). Moreover, these browsers can all create multiple rendering engine processes and use different processes for different tabs. This means that the scope of a crash is narrowed even further, typically to a single tab. Internet Explorer and Chrome both implemented this long ago, in 2009. Firefox, however, has not offered a similar design. Although work on a multi-process browser was started in 2009, under the codename Electrolysis, that work was suspended between 2011 and 2013 as priorities within the organization shifted. In response, Mozilla started switching to a new extension system in 2015 that opened the door to a multi-process design. The first stage of Firefox's move to multi-process involves separating the browser shell from a single rendering process that's used by every tab. In Firefox 48, that feature was enabled for a small number of users who used no extensions. Firefox 49 was rolled out to include users running a limited selection of extensions. Now, in Firefox 50, a separate renderer process is used for most users and most extensions. Developers are now able to mark their extensions as explicitly multi-process compatible. Firefox 51 will extend this even further to cover all extensions, except those that are explicitly marked as incompatible. Mozilla says that, even with the limited changes made in Firefox 50, responsiveness of the browser has improved by 400 percent due to the separation between the renderer and the browser shell. During page loads, responsiveness will increase to 700 percent.

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.

Krystalo quotes a report from VentureBeat: Mozilla today launched a new browser for iOS. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Apple's App Store. If you're getting a huge feeling of deja vu, that's because in December 2015, Mozilla launched Focus by Firefox, a content blocker for iOS. The company has now rebranded the app as Firefox Focus, and it serves two purposes. The content blocker, which can still be used with Safari, remains unchanged. The basic browser, which can be used in conjunction with Firefox for iOS, is new. Firefox Focus is basically just an iOS web view with tracking protection. If you shut it down, or iOS shuts it down while it's in the background, the session is lost. There's also an erase button if you want to wipe your session sooner. But those are really the only features -- there's no history, menus, or even tabs.

An anonymous reader writes: Mozilla is currently working on a new browser engine called Quantum, which will take parts from the Servo project and create a new core for the Firefox browser. The new engine will replace the aging Gecko, Firefox' current engine. Mozilla hopes to finish the transition to Quantum (as in Quantum Leap) by the end of 2017. The first versions of Quantum will heavily rely on components from Servo, a browser engine that Mozilla has been sponsoring for the past years, and which shipped its first alpha version this June. In the upcoming year, Mozilla will slowly merge Gecko and Servo components with each new release, slowly removing Gecko's ancient code, and leaving Quantum's engine in place.

Reader Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe -- and potentially business-ending -- penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where -- hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

An anonymous Slashdot reader quotes Softpedia: Mozilla has announced this week that it is delaying the release of Firefox 49 for one week to address two unexpected bugs. Firefox 49, which was set for release on Tuesday, September 13, will now launch the following Tuesday, on September 20... Firefox 49 is an important release in Mozilla's grand scheme of things when it comes to Firefox. This is the version when Mozilla will finish multi-process support rollout (a.k.a. e10s, or Electrolysis), and the version when Firefox launches the new WebExtensions API that replaces the old Add-ons API, making Firefox compatible with Chromium extensions.
Firefox's release manager explained the delays as "two blocking issues and the need for a bit more time to evaluate the results of their fixes/backouts" -- one of which apparently involves opening Giphy GIFS on Twitter.

An anonymous Slashdot reader quotes BetaNews about new legal documents filed Friday: Microsoft is fighting the US Justice Department in an attempt to quash a law that prevents companies informing customers that the government is requesting their data. The technology giant has the backing of other tech companies as well as media outlets. Amazon, Apple, Google, Fox News, Electronic Frontier Foundation and Mozilla are among those offering their support to Microsoft. The lawsuit says that blocking companies from keeping their customers informed is unconstitutional, and it comes at a time when tech companies in particular are keen to be as open and transparent as possible about government requests for data....

As EFF Senior Staff Attorney Lee Tien puts it: "Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches. When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn't allow that, and it's time for the government to step up and respect the Constitution."
Mozilla argues transparency "is critical to our vision of an open, trusted, secure web that places users in control of their experience online," in a blog post announcing that they'd joined a brief filed by Apple, Twilio, and Lithium Technologies.

And a statement from an EFF staff attorney argues that notifying the targets of searches "provides a free society with a crucial means of government accountability."

An anonymous Slashdot reader quotes BetaNews about new legal documents filed Friday: Microsoft is fighting the US Justice Department in an attempt to quash a law that prevents companies informing customers that the government is requesting their data. The technology giant has the backing of other tech companies as well as media outlets. Amazon, Apple, Google, Fox News, Electronic Frontier Foundation and Mozilla are among those offering their support to Microsoft. The lawsuit says that blocking companies from keeping their customers informed is unconstitutional, and it comes at a time when tech companies in particular are keen to be as open and transparent as possible about government requests for data....

As EFF Senior Staff Attorney Lee Tien puts it: "Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches. When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn't allow that, and it's time for the government to step up and respect the Constitution."
Mozilla argues transparency "is critical to our vision of an open, trusted, secure web that places users in control of their experience online," in a blog post announcing that they'd joined a brief filed by Apple, Twilio, and Lithium Technologies.

And a statement from an EFF staff attorney argues that notifying the targets of searches "provides a free society with a crucial means of government accountability."

Reader LichtSpektren writes: Widevine, the media protocol that allows users to watch videos on Netflix, is supported in Firefox for Windows and macOS. But until now, its users on Linux were required to use a plug-in. That changes with v49, which offers out-of-the-box support for Netflix.Mozilla plans to offer plug-in streaming for Netflix as well as Amazon Prime Video and other similar services. The v49 will be available on Linux in September. Mozilla adds that it will be removing support for NPAPI plugins from its browser in the near future, plugins that some video streaming sites rely on for playback. "Mozilla plan to support the Widevine CDM on Linux, letting users watch Netflix without plugins," the company said.

Mozilla on Tuesday released Firefox v48, touted as one of the most important updates the browser has ever received. With the new version, Firefox starts migrating users to using mullti-process threads (e10s, Electrolysis), and it is also the first version to ship with Rust component. In addition, Firefox is now also making add-on signing mandatory. From a Softpedia article: Announced last year, Electrolysis, e10s, or multi-process support is Firefox's ability to process core browser operations separately from the content viewed on a Web page. Multi-process support allows a page to crash without bringing the entire browser down with it and improves the browser's overall performance. e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016. Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers. This is something similar to what Chrome employs, but Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired. Rust is a programming language that's a revamped and improved version of C++ but that protects developers from accidentally including dangerous memory bugs in their code. It achieves this by how the language was constructed and by how developers write the code.

Firefox's voice and videoconferencing add-on was described as "the first global communications system built directly into a browser" -- but things change. An anonymous Slashdot reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016. Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.
The article suggests this may have been a space-saving measure, "since Mozilla is focused on rebuilding Firefox's code from scratch to keep up with speedier competitors like Chrome, Opera, and Vivaldi."

Firefox's voice and videoconferencing add-on was described as "the first global communications system built directly into a browser" -- but things change. An anonymous Slashdot reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016. Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.
The article suggests this may have been a space-saving measure, "since Mozilla is focused on rebuilding Firefox's code from scratch to keep up with speedier competitors like Chrome, Opera, and Vivaldi."

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.

Mozilla has announced that it plans to discontinue support for Flash in Firefox. Starting next month, Firefox will block Flash content "that is not essential to the user experience." Also, starting sometime in 2017, the browser will require click-to-activate approval from users before a website activates the Flash plugin for any content. In a blogpost, the company writes:Mozilla and the Web as a whole have been taking steps to reduce the need for Flash content in everyday browsing. Over the past few years, Firefox has implemented Web APIs to replace functionality that was formerly provided only by plugins. This includes audio/video playback and streaming capabilities, clipboard integration, fast 2D and 3D graphics, WebSocket networking, and microphone/camera access. As websites have switched from Flash to other web technologies, the plugin crash rate in Firefox has dropped significantly. [...] We continue to work closely with Adobe to deliver the best possible Flash experience for our users.

An anonymous reader quotes a report from Softpedia: Mozilla announced today plans to ship its first ever Rust code with the production releases of Firefox. The first ever Rust components will arrive in Firefox 48, scheduled for release on August 2, 2016. After teasing Rust features last year, the Mozilla Foundation announced today that Firefox 48 would contain a new media stack component that's entirely coded in Rust. The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research. During tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that after one billion uses they have yet to see a crash or issue in the Rust media component. Last month, Mozilla released the first versions of Servo, a minimal browser created in Rust code alone. At around the same time, Microsoft open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues.

An anonymous reader quotes a report from Softpedia: Mozilla announced today plans to ship its first ever Rust code with the production releases of Firefox. The first ever Rust components will arrive in Firefox 48, scheduled for release on August 2, 2016. After teasing Rust features last year, the Mozilla Foundation announced today that Firefox 48 would contain a new media stack component that's entirely coded in Rust. The first Firefox component to feature Rust code was not chosen at random because media components often execute malicious code when parsing multimedia files. "This makes a memory-safe programming language like Rust a compelling addition to Mozilla's tool-chest for protecting against potentially malicious media content on the Web," says Dave Herman, Director of Strategy at Mozilla Research. During tests of this Rust-based media component in Firefox's unstable builds, Mozilla says that after one billion uses they have yet to see a crash or issue in the Rust media component. Last month, Mozilla released the first versions of Servo, a minimal browser created in Rust code alone. At around the same time, Microsoft open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues.

Mozilla is looking into ways to build a "better forward button" that helps you understand a topic, and find alternative solutions to a problem. On Wednesday, Firefox-maker announced Context Graph, which in addition also allows browsers to offer useful information without demanding input. From a VentureBeat report: Context Graph is a "recommender system for the web" that is supposed to help the company develop an understanding of browser activity at scale. By tapping into what and how people are browsing, Mozilla hopes to unlock "the next generation of web discovery on the internet." Another example is learning how to do something new, like bike repair. Context Graph should be able to help you learn bike repair based on the links others have navigated to when they attempted to learn the same thing. "This should work regardless of whom you're connected to, because your social network shouldn't be a prerequisite for getting the most from the web," Nick Nguyen, Firefox's vice president of product, said.

Firefox web browser has a new experimental feature that allows a user to segregate their online identities and sign in into multiple mail or social media accounts side-by-side without having to use multiple browsers. From a TechCrunch report: This new "container tab" feature, which is now available in the unstable Nightly Firefox release channel, provides you with four default identities (personal, work, shopping, and banking) with their own stores for cookies, IndexedDB data store, local storage and caches. In practice, this means you can surf Amazon without ads for products you may have looked at following you around the web when you switch over to your work persona. As the Firefox team notes, the idea behind this feature isn't new, but nobody has figured out how to best present this new tool to users.

Reader Orome1 writes: The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. Projects that want Mozilla's help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if their software is commonly used and is vital to the continued functioning of the Internet or the Web. Three open source projects -- PCRE, libjpeg-turbo, and phpMyAdmin -- have already gone through the process, and the result was removal of 43 vulnerabilities (including one critical).

Firefox is finally getting multi-process support. Mozilla has announced that Electrolysis (e10s) will be available to users starting Firefox 48. The foundation finds it the most significant Firefox change since the browser's inception. From a ZDNet report: With Electrolysis, Firefox can use child processes for content (tabs), media playback and legacy plug-ins. This is some way short of Google Chrome, which uses a different process for each tab. However, the result is that Chrome is a huge resource hog: Chrome uses roughly twice as much memory as Firefox on Windows and Linux. Eric Rahm has run some browser tests with Electrolysis, and says: "Overall we see a 10-20 percent increase in memory usage for the 1 content process case (which is what we plan on shipping initially). This seems like a fair trade-off for potential security and performance benefits." With 8 content processes, Rahm says: "we see roughly a doubling of memory usage on the TabsOpenSettled measurement. It's a bit worse on Windows, a bit better on OS X, but it's not 8 times worse."The aforementioned feature will be available in Firefox 48 Beta shortly.

An anonymous reader quotes a report from VentureBeat: Mozilla today launched Firefox 47 for Windows, Mac, Linux, and Android. The browser has gained a sidebar for synced tabs from other devices, improvements to YouTube playback and HTML5 support, and is seeing the end of support for Android Gingerbread. [If you're logged in with your Firefox Account, the sidebar will show all your open tabs from your smartphone and other computers. The sidebar even lets you search for specific tabs. Next, Firefox 47 supports the open source VP9 video codec on machines with powerful multiprocessors. VP9 is the successor to VP8, both of which fall under Google's WebM project of freeing web codecs from royalty constraints.] Firefox 47 is available for download on Firefox.com, and will be slowly released on Google Play. You can view the full Firefox 47 changelog here. If you're a developer, Firefox 47 for developers offers more details for you.

An anonymous reader quotes a report from VentureBeat: Mozilla today launched Firefox 47 for Windows, Mac, Linux, and Android. The browser has gained a sidebar for synced tabs from other devices, improvements to YouTube playback and HTML5 support, and is seeing the end of support for Android Gingerbread. [If you're logged in with your Firefox Account, the sidebar will show all your open tabs from your smartphone and other computers. The sidebar even lets you search for specific tabs. Next, Firefox 47 supports the open source VP9 video codec on machines with powerful multiprocessors. VP9 is the successor to VP8, both of which fall under Google's WebM project of freeing web codecs from royalty constraints.] Firefox 47 is available for download on Firefox.com, and will be slowly released on Google Play. You can view the full Firefox 47 changelog here. If you're a developer, Firefox 47 for developers offers more details for you.

An anonymous reader quotes a report from VentureBeat: Mozilla today launched Firefox 47 for Windows, Mac, Linux, and Android. The browser has gained a sidebar for synced tabs from other devices, improvements to YouTube playback and HTML5 support, and is seeing the end of support for Android Gingerbread. [If you're logged in with your Firefox Account, the sidebar will show all your open tabs from your smartphone and other computers. The sidebar even lets you search for specific tabs. Next, Firefox 47 supports the open source VP9 video codec on machines with powerful multiprocessors. VP9 is the successor to VP8, both of which fall under Google's WebM project of freeing web codecs from royalty constraints.] Firefox 47 is available for download on Firefox.com, and will be slowly released on Google Play. You can view the full Firefox 47 changelog here. If you're a developer, Firefox 47 for developers offers more details for you.

An anonymous reader writes from a report on Help Net Security: Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser hack with them, before they share it with the defendant in a lawsuit, so that they could fix it before the knowledge becomes public. The lawsuit in question is against Jay Michaud, a Vancouver (Wa.) teacher that stands accused of accessing and downloading child pornography from a website on the Dark Web. The FBI used a "network investigative technique" (NIT) to discover the IP address and identity of the defendant, which was only possible from a vulnerability in the Tor Browser. Why does Mozilla care to learn about the vulnerability? "The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defense team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser," Denelle Dixon-Thayer, Chief Legal and Business Officer at Mozilla Corporation, explained.

An anonymous reader writes: Mozilla today launched Test Pilot, a program for trying out experimental Firefox features. To try the new functionality Mozilla is offering for its browser, you have to download a Firefox add-on from testpilot.firefox.com and enable an experiment. The main caveat is that experiments are currently only available in English (though Mozilla promises to add more languages "later this year"). Test Pilot was first introduced for Firefox 3.5, but the new program has been revamped since then, featuring three main components: Activity Stream, Tab Center and Universal Search. Activity Stream is designed to help you navigate your browsing history faster, surfacing your top sites along with highlights from your browsing history and bookmarks. Tab Center displays open tabs vertically along the side of your screen. Mozilla says Universal Search "combines the Awesome Bar history with the Firefox Search drop down menu to give you the best recommendations so you can spend less time sifting through search results and more time enjoying the web."

Reader chefmonkey writes: In a report commissioned by Mozilla to explore the next home for Thunderbird, two potential new hosts have been offered: the Software Freedom Conservancy (host to git, boost, QEMU, and a host of other projects) and The Document Foundation (home of LibreOffice). At the same time, the report discusses completely uncoupling Thunderbird from the rest of the Mozilla codebase and bringing in a dedicated technical architect to chart the software's roadmap.

Given that the two named organizations are already on board with taking Thunderbird under their wing, is this a new lease on life for the email program Mozilla put out to pasture four years ago?In December last year, Mozilla Foundation chairperson Mitchell Baker had argued that the organization should disentangle itself from the Thunderbird email client in order to focus on Firefox. It appears the Firefox-maker is all set to part ways with Thunderbird.

Reader prisoninmate writes: The latest, and hopefully, the greatest version of Ubuntu is now available to download. On the sidelines, Mozilla today announced the availability of future releases of its popular Firefox web browser in the snap package format for Ubuntu 16.04 LTS. Earlier today, Canonical unleashed the final release of the highly anticipated Ubuntu 16.04 LTS (Xenial Xerus) operating system, bringing users a great set of new features and improvements. Also today, it looks like Canonical has renewed its partnership with Mozilla to offer Firefox as the default web browser on Ubuntu 16.04 LTS and upcoming releases of the Linux kernel-based operating systems. As part of the new partnership, Mozilla is committed to distributing future versions of Firefox as a snap package. Having Firefox distributed in the snap format means that you'll have 0-day releases in Ubuntu 16.04. Yes, just like Windows and Mac OS X, users are enjoying their 0-day releases of Mozilla Firefox and don't have to wait for package maintainers of a particular GNU/Linux distribution to update the software in the main repositories. For Mozilla, having Firefox as a snap package means that they'll be able to continually optimize it for Ubuntu.

An anonymous reader writes: Mozilla has announced it is releasing the first alpha versions of its Servo browser this upcoming June. The project uses browser.html for the browser's UI and Rust for the browser's core. There's a similarity between how Microsoft launched Spartan (Edge) and how Mozilla is launching Servo now. While many might think Mozilla is sneakily working on a Firefox replacement, Mozilla has also invested quite a lot in Firefox these days, like WebExtensions and e10s, and it may be more plausible that Servo might slowly be integrated in Firefox to replace Gecko, rather than replace Firefox altogether, like Microsoft did with Edge to IE.

An anonymous reader writes: Firefox 45, set to be released today, will remove the Tab Groups feature, a feature that many people used, but Mozilla decided to ask due to buggy code. The good news is that a developer created a perfect replacement for this feature as an add-on. Users that use Tab Groups on a daily basis are urged to install the add-on before upgrading to Firefox 45. The add-on will take over from the browser's Tab Groups feature without any complex configuration. Users that update to Firefox 45 will have their tab groups moved to their Bookmarks as folders, which may be difficult to move back into the Tab Groups add-on later on, especially if some people have hundreds of URLs.

AmiMoJo writes: Four years ago Mozilla moved to a fixed-schedule release model, otherwise known as the Train Model, in which we released Firefox every six weeks to get features and updates to users faster. Now Mozilla is moving to a variable 6-8 week cycle, with the same number of releases per year but some flexibility to 'respond to emerging user and market needs' and allow time for holidays. The new release schedule looks like this:

• 2016-01-26 – Firefox 44
• 2016-03-08 – Firefox 45, ESR 45 (6 weeks cycle)
• 2016-04-19 – Firefox 46 (6 weeks cycle)
• 2016-06-07 – Firefox 47 (7 weeks cycle)
• 2016-08-02 – Firefox 48 (8 weeks cycle)
• 2016-09-13 – Firefox 49 (6 weeks cycle)
• 2016-11-08 – Firefox 50 (8 weeks cycle)
• 2016-12-13 – Firefox 50.0.1 (5 week cycle, release for critical fixes as needed)
• 2017-01-24 – Firefox 51 (6 weeks from prior release)

ewhac writes: Among its other desirable features, Firefox included a feature allowing very fine-grained cookie management. When enabled, every time a Web site asked to set a cookie, Firefox would raise a dialog containing information about the cookie requested, which you could then approve or deny. An "exception" list also allowed you to mark selected domains as "Always allow" or "Always deny", so that the dialog would not appear for frequently-visited sites. It was an excellent way to maintain close, custom control over which sites could set cookies, and which specific cookies they could set. It also helped easily identify poorly-coded sites that unnecessarily requested cookies for every single asset, or which would hit the browser with a "cookie storm" — hundreds of concurrent cookie requests.

Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.