Slashdot Mirror

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.

mitcheli writes: If you're hanging on to the theory that collision attacks against SHA-1 and MD5 aren't yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have provided reason for urgency. They demonstrated a new series of transcript collision attacks centered on the SHA-1 and MD5 implementations in TLS 1.1, 1.2 and 1.3, along with IKEv1 and v2, and SSH 2. They say, "Our main conclusion is that the continued use of MD5 and SHA1 in mainstream cryptographic protocols significantly reduces their security and, in some cases, leads to practical attacks on key protocol mechanisms (PDF)." Of course, Mozilla officially began rejecting new SHA-1 certificates as of the first of the year. And as promised, there have been some usability issues. Mozilla said on Wednesday that various security scanners and antivirus products are keeping some users from reaching HTTPS websites.

An anonymous reader writes: Jonas Echterhoff from Unity has posted the latest Unity WebGL benchmark results on the Unity blog. He writes, "A bit over a year ago, we released a blog post with performance benchmarks for Unity WebGL, to compare WebGL performance in different browsers. We figured it was time to revisit those benchmarks to see how the numbers have changed. Microsoft has since released Windows 10 with their new Edge browser (which supports asm.js and is now enabling it by default) – so we were interested to see how that competes. Also, we have an experimental build of Unity using Shared Array Buffers to run multithreaded code, and we wanted to see what kind of performance gains to expect. So we tested this in a nightly build of Firefox with Shared Array Buffer support." The benchmark concludes that Firefox 42 64-bit is the fastest, Edge takes second, and Chrome and Safari share third place.

An anonymous reader writes: Mozilla today launched Firefox 43 for Windows, Mac, Linux, and Android. Notable additions to the browser include a 64-bit version for Windows (finally!), a new strict blocklist for the browser's tracking protection feature, and tab audio indicators on Android. "There is, however, a bit of a caveat. Firefox 64-bit for Windows has limited support for plugins. Certain sites that require plugins and work in Firefox 32-bit might not work in this 64-bit version. But Mozilla doesn’t see this as a big problem, and says it is by design. After all, the company plans to drop support for NPAPI plugins in Firefox by the end of the year (though it will keep Flash around). Mozilla has just over two weeks to deliver on that promise." Here are the changelogs: desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 43 for Windows, Mac, Linux, and Android. Notable additions to the browser include a 64-bit version for Windows (finally!), a new strict blocklist for the browser's tracking protection feature, and tab audio indicators on Android. "There is, however, a bit of a caveat. Firefox 64-bit for Windows has limited support for plugins. Certain sites that require plugins and work in Firefox 32-bit might not work in this 64-bit version. But Mozilla doesn’t see this as a big problem, and says it is by design. After all, the company plans to drop support for NPAPI plugins in Firefox by the end of the year (though it will keep Flash around). Mozilla has just over two weeks to deliver on that promise." Here are the changelogs: desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 43 for Windows, Mac, Linux, and Android. Notable additions to the browser include a 64-bit version for Windows (finally!), a new strict blocklist for the browser's tracking protection feature, and tab audio indicators on Android. "There is, however, a bit of a caveat. Firefox 64-bit for Windows has limited support for plugins. Certain sites that require plugins and work in Firefox 32-bit might not work in this 64-bit version. But Mozilla doesn’t see this as a big problem, and says it is by design. After all, the company plans to drop support for NPAPI plugins in Firefox by the end of the year (though it will keep Flash around). Mozilla has just over two weeks to deliver on that promise." Here are the changelogs: desktop and Android.

An anonymous reader writes: A couple months ago, we discussed news that Mozilla was planning to give back to the open source projects they rely on, to the tune of $1 million. Now, Mozilla has announced the first round of awards, giving out $503,000 in the process. The biggest payout, $200,000, went to Bro, who makes network monitoring software. They plan to use the funds to create "a public repository for sharing 3rd-party scripts and plug-ins." The Django project received $150,000, and they'll use it to "rewrite the core of Django to support (among other things) WebSockets and background tasks," and a few other goodies. Mercurial was awarded $75,000, which will go toward "better support for 'blame' (showing who last changed some code) and a better web UI." Also receiving awards were Read The Docs ($48,000), Discourse ($25,000), CodeMirror ($20,000), and BuildBot ($15,000).

An anonymous reader writes: Mozilla today launched an iOS content blocker called Focus by Firefox. It's a "content blocker" because although Focus is capable of blocking some ads, this latest project from the non-profit is aimed at stopping trackers. The free app is made possible thanks to iOS 9's content-blocking feature, which requires some setting up. Like with any content blocker, after you download Focus, you'll have to activate Focus' content-blocking features within your system-wide iOS settings (launching the app will provide a guide to finish configuration). It's worth noting that Focus only works with Safari. Mozilla says, "This was not our choice—Apple has chosen to make content blocking unavailable to third party browsers on iOS." Here is the Focus GitHub repo and its feedback tool.

An anonymous reader writes: Mozilla today launched an iOS content blocker called Focus by Firefox. It's a "content blocker" because although Focus is capable of blocking some ads, this latest project from the non-profit is aimed at stopping trackers. The free app is made possible thanks to iOS 9's content-blocking feature, which requires some setting up. Like with any content blocker, after you download Focus, you'll have to activate Focus' content-blocking features within your system-wide iOS settings (launching the app will provide a guide to finish configuration). It's worth noting that Focus only works with Safari. Mozilla says, "This was not our choice—Apple has chosen to make content blocking unavailable to third party browsers on iOS." Here is the Focus GitHub repo and its feedback tool.

An anonymous reader writes: For some time, Mozilla has been experimenting with advertisements in the "suggested tiles" on new Firefox tabs. They received a lot of criticism from the community for it, and now (using linguistic gymnastics), Mozilla has decided to end that experiment. They say, "We experimented with all content – including advertising. We proved that advertising can be done well while respecting users. We have learned a ton along the way. Our learnings show that users want content that is relevant, exciting and engaging. We want to deliver that type of content experience to our users, and we know that it will take focus and effort to do that right. We have therefore made the decision to stop advertising in Firefox through the Tiles experiment in order to focus on content discovery. We want to thank all the partners who have worked with us on Tiles. Naturally, we will fulfill our current commitments as we wind down this experiment over the next few months."

An anonymous reader writes: As part of Mozilla's "Go Faster" initiative for Firefox, the company is removing features that aren't used by many and require a lot of technical effort to continually improve. VentureBeat learned that the first two features to get the axe are tab groups and complete themes. Dave Camp, Firefox’s director of engineering, said, "Tab Groups was an experiment to help users deal with large numbers of tabs. Very few people chose to use it, so we are retiring it because the work required to maintain it is disproportionate to its popularity."

An anonymous reader writes: As part of Mozilla's "Go Faster" initiative for Firefox, the company is removing features that aren't used by many and require a lot of technical effort to continually improve. VentureBeat learned that the first two features to get the axe are tab groups and complete themes. Dave Camp, Firefox’s director of engineering, said, "Tab Groups was an experiment to help users deal with large numbers of tabs. Very few people chose to use it, so we are retiring it because the work required to maintain it is disproportionate to its popularity."

An anonymous reader writes: In June, Mozilla integrated Pocket into Firefox, garnering a mixed response from the browser's community. This week, VentureBeat stumbled upon a Bugzilla ticket (bug 1215694) to "move Pocket to a built-in add-on" and immediately reached out to the company. "There are currently no plans to offer a version of Firefox that doesn't include Pocket," said Dave Camp, Firefox's director of engineering.

AmiMoJo writes: Mozilla's engineers have announced the removal of Firefox complete themes as a way to lighten the browser core and remove a feature they don't see as heavily used any more. "Personas", or lightweight themes that are basically just wallpaper images, will remain. The Firefox community did not respond well to this piece of news, most seeing it as the engineers "chromifying Firefox." The change is part of Mozilla's Great-or-Dead initiative, which plans to simplify the Firefox codebase and remove features that are not popular.

An anonymous reader writes: Mozilla has been a big part of the open source community for a long time, and their main projects rely heavily on independent open source work. They've now announced the Mozilla Open Source Support program, which aims to give back to the projects they rely on, and to also reward other projects that make the community stronger. Mozilla has allocated $1 million to award to these projects — to start. This appears to be Mozilla's efforts to fix a problem we've become painfully aware over the past year and a half: huge portions of the modern web rely on critical bits of open source software whose developers have minimal resources. The company has already begun to compile a list of the projects they rely on. Hopefully it will inspire other organizations to support the open source software projects they rely on as well.

An anonymous reader writes: Mozilla has been a big part of the open source community for a long time, and their main projects rely heavily on independent open source work. They've now announced the Mozilla Open Source Support program, which aims to give back to the projects they rely on, and to also reward other projects that make the community stronger. Mozilla has allocated $1 million to award to these projects — to start. This appears to be Mozilla's efforts to fix a problem we've become painfully aware over the past year and a half: huge portions of the modern web rely on critical bits of open source software whose developers have minimal resources. The company has already begun to compile a list of the projects they rely on. Hopefully it will inspire other organizations to support the open source software projects they rely on as well.

An anonymous reader writes: Mozilla has been a big part of the open source community for a long time, and their main projects rely heavily on independent open source work. They've now announced the Mozilla Open Source Support program, which aims to give back to the projects they rely on, and to also reward other projects that make the community stronger. Mozilla has allocated $1 million to award to these projects — to start. This appears to be Mozilla's efforts to fix a problem we've become painfully aware over the past year and a half: huge portions of the modern web rely on critical bits of open source software whose developers have minimal resources. The company has already begun to compile a list of the projects they rely on. Hopefully it will inspire other organizations to support the open source software projects they rely on as well.

theodp writes: Several weeks ago, Google launched Brotli, a new open source compression algorithm for the web. Since then, controversy broke out over the choice of 'bro' as the content encoding type. "We are hoping to establish a file ending .bro for brotli compressed files, a command line tool 'bro' for compressing and uncompressing brotli files, and a accept/content encoding type 'bro'," explained Google software engineer Jyrki Alakuijala. "Can I talk you out of it?," replied Mozilla SW engineer Patrick McManus. "'bro' has a gender problem, even though the dual meaning is unintentional. It comes of[f] misogynistic and unprofessional due to the world it lives in." Despite some pushback from commenters, a GitHub commit made by Google's Zoltan Szabadka shows that there will be no '.bro' in Brotli. "I have asked a feminist friend from the North American culture-sphere, and she advised against bro," explained Alakuijala. "We have found a compromise that satisfies us, so we don't need to discuss this further. Even if we don't understand why people are upset from our cultural standpoint, they would be (unnecessarily) upset and this is enough reason not to use it."

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

Mark Wilson writes: With Apple embracing ad blocking and the likes of AdBlock Plus proving more popular than ever, content blocking is making the headlines at the moment. There are many sides to the debate about blocking ads — revenue for sites, privacy concerns for visitors, speeding up page loads times (Google even allows for the display of ads with its AMP Project), and so on — but there are no signs that it is going to go away. Getting in on the action, Mozilla has set out what it believes are some reasonable principles for content blocking that will benefit everyone involved. Three cornerstones have been devised with a view to ensuring that content providers and content consumers get a fair deal, and you can help to shape how they develop.

An anonymous reader writes: Mozilla launched Firefox 41 yesterday. Today, Adblock Plus confirmed the update "massively improves" the memory usage of its Firefox add-on. This particular memory issue was brought up in May 2014 by Mozilla and by Adblock Plus. But one of the bugs that contributed to the problem was actually first reported on Bugzilla in April 2001 (bug 77999).

darthcamaro writes: Mozilla today publicly announced that secured areas of bugzilla, where non-public zero days are stored, were accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. They say, "We believe they used that information to attack Firefox users." The whole hack raises the issue of Mozilla's own security, since it was a user password that was stolen and the bugzilla accounts weren't using two-factor authentication. According to Mozilla's FAQ about the breach (PDF), "The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013."

BrianFagioli tips news that Mozilla, Microsoft, Google, Cisco, Intel, Amazon, and Netflix are teaming up to create the Alliance for Open Media, "an open-source project that will develop next-generation media formats, codecs and technologies in the public interest." Several of these companies have been working on this problem alone: Mozilla started Daala, Google has VP9 and VP10, and Cisco just recently announced Thor. Amazon and Netflix, of course, are major suppliers of online video streaming, so they have a vested interested in royalty-free codecs. They're inviting others to join them — the more technology and patents they get on their side, the less likely they'll run into the issues that Microsoft's VC-1 and Google's VP8 struggled with. "The Alliance will operate under W3C patent rules and release code under an Apache 2.0 license. This means all Alliance participants are waiving royalties both for the codec implementation and for any patents on the codec itself."

Mozilla announced yesterday a few high-level changes to the way Firefox and Firefox extensions will be developed; among them, the introduction of "a new extension API, called WebExtensions—largely compatible with the model used by Chrome and Opera—to make it easier to develop extensions across multiple browsers." (Liliputing has a nice breakdown of the changes.) ZDNet reports that at the same time, "Mozilla will be deprecating XPCOM and XUL, the foundations of its extension system, and many Firefox developers are ticked off at these moves."

An anonymous reader writes: Today Mozilla announced some big changes to its extension support. Their new addon API, WebExtensions, is mostly compatible with the extension model used by Chrome and Opera. In short, this means we'll soon see cross-platform browser extensions. They say, "For some time we've heard from add-on developers that our APIs could be better documented and easier to use. In addition, we've noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors."

An anonymous reader writes: Today Mozilla announced some big changes to its extension support. Their new addon API, WebExtensions, is mostly compatible with the extension model used by Chrome and Opera. In short, this means we'll soon see cross-platform browser extensions. They say, "For some time we've heard from add-on developers that our APIs could be better documented and easier to use. In addition, we've noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors."

An anonymous reader writes: Firefox's privacy mode stops your computer from keeping track of where you've browsed, but it doesn't do anything about external tracking. A new feature just rolled out to the Developer Edition and the Aurora channel now actively tries to block online services from tracking you. "Our hypothesis is that when you open a Private Browsing window in Firefox you're sending a signal that you want more control over your privacy than current private browsing experiences actually provide." The feature uses a blocklist maintained by Disconnect.me to stop you from navigating to sites known to log your personal data.

An anonymous reader writes: Firefox's privacy mode stops your computer from keeping track of where you've browsed, but it doesn't do anything about external tracking. A new feature just rolled out to the Developer Edition and the Aurora channel now actively tries to block online services from tracking you. "Our hypothesis is that when you open a Private Browsing window in Firefox you're sending a signal that you want more control over your privacy than current private browsing experiences actually provide." The feature uses a blocklist maintained by Disconnect.me to stop you from navigating to sites known to log your personal data.

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request.' This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too. One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

An anonymous reader writes: Mozilla today launched Firefox 40 for Windows, Mac, Linux, and Android. Notable additions to the browser include official Windows 10 support, added protection against unwanted software downloads, and new navigational gestures on Android. Firefox 40 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Changelogs are here: desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 40 for Windows, Mac, Linux, and Android. Notable additions to the browser include official Windows 10 support, added protection against unwanted software downloads, and new navigational gestures on Android. Firefox 40 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Changelogs are here: desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 40 for Windows, Mac, Linux, and Android. Notable additions to the browser include official Windows 10 support, added protection against unwanted software downloads, and new navigational gestures on Android. Firefox 40 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Changelogs are here: desktop and Android.

An anonymous reader writes: Mozilla today launched Firefox 40 for Windows, Mac, Linux, and Android. Notable additions to the browser include official Windows 10 support, added protection against unwanted software downloads, and new navigational gestures on Android. Firefox 40 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Changelogs are here: desktop and Android.

An anonymous reader writes: Thursday night Mozilla released a Firefox security patch after finding a serious vulnerability that allows malicious attackers to upload files from a user's computer. The update was released about 24 hours after Mozilla learned of the flaw. In a blog post, Mozilla said, "a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1."

An anonymous reader writes: Thursday night Mozilla released a Firefox security patch after finding a serious vulnerability that allows malicious attackers to upload files from a user's computer. The update was released about 24 hours after Mozilla learned of the flaw. In a blog post, Mozilla said, "a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1."

puddingebola writes: Mozilla CEO Chris Beard has sent an open letter to Microsoft CEO Satya Nadella complaining about the default settings in Windows 10. Users who upgrade to 10 will have their default browser automatically changed to the new Edge browser. Beard said, "We appreciate that it’s still technically possible to preserve people’s previous settings and defaults, but the design of the whole upgrade experience and the default settings APIs have been changed to make this less obvious and more difficult. It now takes more than twice the number of mouse clicks, scrolling through content and some technical sophistication for people to reassert the choices they had previously made in earlier versions of Windows. It’s confusing, hard to navigate and easy to get lost. ... We strongly urge you to reconsider your business tactic here and again respect people’s right to choice and control of their online experience by making it easier, more obvious and intuitive for people to maintain the choices they have already made through the upgrade experience.

An anonymous reader writes: Mozilla is reexamining and revamping the way it builds, communicates, and decides features for its browser. In short, big changes are coming to Firefox. Dave Camp, Firefox's director of engineering, sent out two lengthy emails, just three minutes apart: Three Pillars and Revisiting how we build Firefox. Both offer a lot more detail into what Mozilla is hoping to achieve.

An anonymous reader writes: Mozilla is reexamining and revamping the way it builds, communicates, and decides features for its browser. In short, big changes are coming to Firefox. Dave Camp, Firefox's director of engineering, sent out two lengthy emails, just three minutes apart: Three Pillars and Revisiting how we build Firefox. Both offer a lot more detail into what Mozilla is hoping to achieve.

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.

An anonymous reader writes: Last week, Mozilla updated Firefox to add Pocket integration — software that lets you save web articles to read later. Over the weekend, some Firefox users began to voice their displeasure over the move on public forums like Bugzilla, Google Groups, and Hacker News. The complaints center around Pocket being a proprietary third-party service, which already exists as an add-on, and is not a required component for a browser. Integrating Pocket directly into Firefox means it cannot be removed, only disabled. In response, Mozilla has released a statement saying users like the integration and the integration code is open source.

An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."