Firefox 57 Brings Better Sandboxing on Linux (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Firefox 57 Brings Better Sandboxing on Linux (bleepingcomputer.com)

Posted by msmash on Monday November 13, 2017 @08:05AM from the what-to-know dept.

Catalin Cimpanu, writing for BleepingComputer: Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. The Firefox sandboxing feature isolates the browser from the operating system in a way to prevent web attacks from using a vulnerability in the browser engine and its legitimate functions to attack the underlying operating system, place malware on the filesystem, or steal local files. Chrome has always run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox -- such as Flash, DRM, and other multimedia encoding plugins.

14 of 124 comments (clear)

Min score:

Reason:

Sort:

Firefoxalypse by freeze128 · 2017-11-13 08:08 · Score: 5, Insightful

I dread updating to Firefox 57, because it will break all of my plugins.
1. Re: Firefoxalypse by Anonymous Coward · 2017-11-13 08:18 · Score: 3, Insightful
  
  The Firefox develops gave plenty of notice of this change, allowing add-on developers lots of time to upgrade and ensure their add-ons still work. This increases the speed of the browser dramatically. Don't blame the Firefox developers who are creating a better product. Blame the lazy add-on developers who haven't upgraded their add-ons. Alternatively, use an ESR release. Regardless, stop whining.
2. Re:Firefoxalypse by serviscope_minor · 2017-11-13 08:32 · Score: 3, Informative
  
  then run the LTS for a while. AFAICT, the plan is they're going to increase the featureset available to plugins afer 57.0. with luck what you want will mostly be available by the time the LTS expires.
  
  --
  SJW n. One who posts facts.
3. Re: Firefoxalypse by Anonymous Coward · 2017-11-13 08:50 · Score: 3, Insightful
  
  The Firefox develops gave plenty of notice of this change, allowing add-on developers lots of time to upgrade and ensure their add-ons still work. ...
  The amount of advance notice is irrelevant. The fact that the switch to Web Extensions is being driven by the calendar rather than the readiness of the software is the problem.
  The new add-on interface still lacks functionality. There are many things that a Web Extension simply can't do, but that can be done by traditional Firefox add-ons. To add insult to injury, the Mozilla team isn't treating these gaps as a high priority. Their attitude seems to be "tell us what you're missing and maybe we'll add it later."
  
  Alternatively, use an ESR release.
  That would be a more useful suggestion if Firefox 56 was the ESR. But it's not -- they're using an older version. I may be willing to stand still, but I'm not interested in going backwards.
4. Re:Firefoxalypse by Anonymous Coward · 2017-11-13 09:03 · Score: 4, Insightful
  
  I've heard this so many times it seems like Chrome/Edge propaganda now. Why so negative on the visuals of the browser? WHO GIVES A FLIPPITY DO DAH what the browser looks like? Is that REALLY the criteria you judge software on? The shape of the buttons and tabs?
  Fine, quit Firefox, but they are adding more and more support for privacy while all the other browsers are removing it or don't give to diddly flips about it. Hand over your data to GOOGLE using a chrome WHICH LOOKS LIKE AUSTRALIS ANYWAYS!
  *Caps for emphasis on the total idiocy of these kinds of remarks.
  Repeat after me, ditching software A because it's ugly for software B that is also ugly is stupid logic.
5. Re: Firefoxalypse by KiloByte · 2017-11-13 09:18 · Score: 4, Informative
  
  Out of 37 extensions I use, there are WebExt equivalents for, *drumroll* 11. That much only because I spent some time looking for replacements.
  APIs that would be required to reimplement those extensions aren't even coded yet, and any code that gets merged (which usually takes months) needs additional 18 weeks to percolate into an unstable ("non-ESR") release. With Firefox 52 EOL in June, the chances enough of extensions required for sane use will be ready by then are about nil. And the default, with nothing for privacy but tons of junk like Pocket or Telemetry, is almost as far from sanity as Chromium.
  I guess it's time to look into packaging Waterfox or another fork.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
6. Re:Firefoxalypse by theweatherelectric · 2017-11-13 09:49 · Score: 3, Informative
  
  There's an Adblock Plus XUL-based fork for Pale Moon
  Adblock Plus works in Firefox 57. Personally, I use uBlock Origin.
7. Re:Firefoxalypse by DarkOx · 2017-11-13 09:52 · Score: 3, Informative
  
  Why don't you just go back to the still maintained Seamonkey suite? It supports all the best FF extensions.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
8. Re: Firefoxalypse by Anonymous Coward · 2017-11-13 10:17 · Score: 5, Insightful
  
  That's great, except for the part where some plugins CANNOT be implemented under the new API.
  And the part where a whole ecosystem of perfectly good extensions created by volunteers for free is being discarded without a viable replacement for many of them.
9. Re: Firefoxalypse by doom · 2017-11-13 15:52 · Score: 3, Insightful
  
  Blame the lazy add-on developers who haven't upgraded their add-ons.
  Let me enlighten you about a secret of software projects: if you want to be taken seriously as a platform for third-party developers, breakage-on-upgrade is never acceptable. And accusing them of being lazy is an excellent way of driving them away.
  
  Alternatively, use an ESR release.
  
  Which staves off the problem only temporarily. I would suggest the waterfox fork, or possibly palemoon.
  
  Regardless, stop whining.
  
  You first.
Download Link... by unique_parrot · 2017-11-13 08:29 · Score: 4, Informative

http://ftp.mozilla.org/pub/fir...
A question for Mozilla by hyades1 · 2017-11-13 08:35 · Score: 5, Funny

Is it called "Firefox 57" because that's how many users are left?

--
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Why Chrome and not Chromium? by short · 2017-11-13 08:47 · Score: 3, Interesting

Why does Slashdot always compare Firefox with proprietary Chrome when all the mentioned features does provide already Free Chromium?
Re:How about giving users a choice? by theweatherelectric · 2017-11-13 09:10 · Score: 4, Informative

including some used for security
Like what? uBlock Origin works in Firefox 57, so does Adblock Plus, so does Ghostery, so does Privacy Badger, so does HTTPS Everywhere, etc. The only one missing from AMO at the moment is NoScript but that will be released soon.