Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Let's Encrypt Root to be Trusted by Mozilla

Filed under
Moz/FF
Security

The Let’s Encrypt root key (ISRG Root X1) will be trusted by default in Firefox 50, which is scheduled to ship in Q4 2016. Acceptance into the Mozilla root program is a major milestone as we aim to rely on our own root for trust and have greater independence as a certificate authority (CA).

Public CAs need their certificates to be trusted by browsers and devices. CAs that want to issue independently under their own root accomplish this by either buying an existing trusted root, or by creating a new root and working to get it trusted. Let’s Encrypt chose to go the second route.

Read more

Mozilla Firefox 48.0 Lands in All Supported Ubuntu OSes, Solus and Arch Linux

Filed under
Moz/FF

It took them a couple of days, but the maintainers of the most popular GNU/Linux distributions have pushed the final release of the Mozilla Firefox 48.0 web browser to the stable channels, for users to upgrade from Mozilla Firefox 47.0.1.

Read more

Mozilla News

Filed under
Moz/FF

Early Firefox 48 Coverage

Filed under
Moz/FF
  • Firefox 48 ships, bringing Rust mainstream and multiprocess for some

    Firefox 48 shipped today with two long-awaited new features designed to improve the stability and security of the browser.

    After seven years of development, version 48 is at last enabling a multiprocess feature comparable to what Internet Explorer and Google Chrome have offered as stable features since 2009. By running their rendering engines in a separate process from the browser shell, IE and Chrome are more stable (a Web page crash does not take down the entire browser) and more secure (those separate processes can run with limited user privileges). In order to bring the same multiprocess capability to Firefox, Mozilla started the Electrolysis project in 2009. But the organization has taken substantially longer than Microsoft, Google, and Apple to ship this feature.

  • Firefox 48 Finally Available For Download, Comes With Electrolysis And Rust

    Mozilla has finally debuted the long-awaited Firefox 48 web browser.

  • Good News From Mozilla

Mozilla Firefox 48 Released

Filed under
Moz/FF
  • Firefox 48 Released, This Is What’s New (Updated)

    Mozilla Firefox 48 features new security settings, improves WebRTC, and makes it easier to find bookmarked content from the Awesome bar.

  • Mozilla Firefox 48.0 Now Officially Available

    Firefox 48 takes the first Rust code into production within this web browser, Electrolysis is beginning to be turned on by default, a variety of WebRTC improvements, improved Linux Canvas support, various security improvements, enforcing that add-ons be signed/verified through Mozilla, and more.

Mozilla News

Filed under
Moz/FF
  • Exciting Improvements Delivered Today in Firefox for Desktop and Android

    Today we’re proud to announce the initial rollout of multi-process Firefox for Desktop to our general audience. With this, we’re taking a major step forward in improving Firefox for Desktop. Users should experience a Firefox that is less susceptible to freezing and is generally more responsive to input, while retaining the experience and features that users love.

    In Firefox 48, we aim to slowly enable multi-process Firefox (also known as Electrolysis or e10s) for release users, starting with one percent and ramping up to nearly half the Firefox Release if things go as expected. e10s promises to offer a major improvement to your browsing experience by separating Web content and Firefox UI processes. This means when a web page is consuming a large part of your computer’s processing power, your tabs, buttons and menus won’t lock up. Wondering if your Firefox instance has enabled e10s? Type “about:support” into the URL bar. If e10s is active, you’ll see “1/1 (Enabled by default)” under the Multiprocess Windows line item.

  • Announcing the Second Cohort of Ford-Mozilla Open Web Fellows

    That’s why Ford Foundation and Mozilla launched the Open Web Fellows program two years ago: To empower a network of leaders capable of defending the open web. The Open Web Fellows program places bright technologists and activists on the front lines of the open internet movement. Last year, Ford and Mozilla placed six fellows at leading NGOs like Amnesty International and the ACLU, where they used their tech savvy to fight for issues like freedom of expression and gender equality online.

Future of Mozilla

Filed under
Moz/FF
  • Servo Is Planning For More GPU-Accelerated WebRender Improvements

    As mentioned in today's This Week in Servo newsletter, their Q3 roadmap plans have been published.

    Among the work to be tackled by Mozilla developers working on the next-generation Servo layout engine this quarter includes finishing the development of WebRender, experiments around WebRender 2, Stylo as the sryle system in Gecko integration work, and continuing with the Servo nightly builds support. There's also work around Promise API, Autolander migration, Android work, auto-updating, JavaScript error reporting, Web Font loading, performance improvements, correcting more layout bugs, etc. You can see the current road-map via this GitHub page.

  • What Happens to Mozilla and its Deal with Yahoo?

    In late 2014, many observers were flummoxed to see that Yahoo and Mozilla had announced a "strategic five-year partnership" agreement which would make Yahoo the primary search option for Firefox. Mozilla was up for renewal negotiations for its deal with Google, which had historically subsidized more than 90 percent of Mozilla's revenues, to the tune of more than $300 million per year at times. In return, for lots of money, Google got primary search placement in the Firefox browser over the years.

    Last week, though, Verizon,announced its intention to purchase Yahoo for $4.8 billion. What are the implications for Mozilla and its deal? Here are the details.

Firefox vs. Flash

Filed under
Moz/FF
  • Firefox to start blocking Flash content in August

    In Firefox 48, Mozilla will enable a new Firefox plug-in blocklist by default. Initially the blocklist will be small, mostly containing URLs of Flash SWF files that have been identified by Mozilla as supercookies (i.e. cookies that are very hard to shake off) or fingerprinting files (i.e. they scan your system and create a unique fingerprint, again usually for tracking purposes).

  • Firefox sets kill-Flash schedule

    Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month.

    The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website.

    As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.

Mozilla News

Filed under
Moz/FF
  • Firefox is latest browser to kill off Adobe Flash support

    MOZILLA HAS become the latest browser company to turn off the ageing Adobe Flash plug-in.

    The Firefox browser will turn off "not essential" Flash content by default starting in August, but sites that require the plug-in for heritage functionality will be excepted.

    "These and future changes will bring Firefox users enhanced security, improved battery life, faster page load and better browser responsiveness," said Mozilla in a blog post.

  • Mozilla’s Dave Herman on Building an Open Source Research Lab

    Listen to a very interesting talk by Dave Herman, Director of Strategy at Mozilla Research, explaining how research and practice can better talk to each other. Among other things, Dave is the author of the popular book “Effective JavaScript: 68 Specific Ways to Harness the Power of JavaScript.”

    His thesis for this talk is: “An open research lab is a research group that engages directly with the market and works via open collaboration to close the feedback loop between ideas and practice.”

Rust Spreading

Filed under
Development
Moz/FF
  • Fedora 25 Planning For Proper Rust Support

    There are some new feature proposals to talk about for Fedora 25, which will be officially released around November.

    The latest self-contained change that is proposed for Fedora 25 is Rust compiler support. In particular, the hope is to package up the LLVM-based Rust compiler and its Cargo build system and offer them via the main Fedora repository. The current plan is for packaging Rust 1.10 and Cargo 0.11.

  • Mozilla Will Begin “Rusting” Of Its Firefox Browser On August 2

    Mozilla is all set to launch multi-processing functionality in the new update. The new version–Firefox 48–is scheduled for a release on August 2. Firefox 48 will have some of its components coded in Rust, a programming language developed by Mozilla.

Syndicate content

More in Tux Machines

OpenShift and Google

  • Red Hat launches 'OpenShift' dedicated on Google Cloud Platform
    World's leading provider of open source solutions Red Hat has announced the general availability of OpenShift Dedicated on Google Cloud Platform.
  • Red Hat and Google join forces on containers
    Red Hat and Google are set to offer enterprise customers a managed OpenShift service hosted on Google's cloud to make the build, launch and management of applications a less time-consuming process. OpenShift Dedicated on Google Cloud Platform will speed up the adoption of containers, according to Red Hat, giving developers the guidance they need to create applications and deploy them faster.
  • Red Hat’s Container Platform Lands on Google Cloud
    Red Hat’s OpenShift Dedicated container platform will now be available on Google Cloud Platform, the companies announced yesterday. OpenShift Dedicated is a managed version of Red Hat’s OpenShift container platform, targeting enterprises. Launched in December, the Dedicated version puts Red Hat in the role of a service provider, taking care of infrastructure and operations.

Security News

  • A 'mystery device' is letting thieves break into cars and drive off with them, insurance group says
    Insurance crime investigators are raising alarms over a device that not only lets thieves break into cars that use keyless entry systems but also helps start and steal them. Investigators from the National Insurance Crime Bureau, a not-for-profit organization, said in an interview they obtained what they called the “mystery device” from a third-party security expert at an overseas company. So far, the threat here may be mostly theoretical. The crime bureau said it heard of the device being used in Europe and had reports that it had entered the U.S., but said there are no law enforcement reports of a car being stolen using it in the United States.
  • Turkish hacking group offers tiered points rewards program for DoS attacks
    A TURKISH HACKING GANG is taking an unusual approach to funding denial of service attacks, and is soliciting for, and offering hackers rewards for taking down chosen pages. This is unusual, as far as we know, and it has led to the creation of comment from the security industry. Often these things do.
  • German judges explain why Adblock Plus is legal
    Last month, Adblock Plus maker Eyeo GmbH won its sixth legal victory in German courts, with a panel of district court judges deciding that ad-blocking software is legal despite German newsmagazine Der Spiegel's arguments to the contrary. Now, the reasoning of the Hamburg-based panel of judges has been made public. According to an unofficial English-translated copy (PDF) of the judgment, Spiegel Online argued it was making a "unified offer" to online consumers. Essentially, that offer is: read the news content for free and view some ads. While Internet users have the freedom "not to access this unified offer," neither they nor Adblock Plus have the right to "dismantle" it. Eyeo's behavior thus amounted to unfair competition, and it could even wipe the offer out, Spiegel claimed. "The Claimant [Spiegel] argues that the Defendant’s [Eyeo's] business model endangers the Claimant’s existence," reads the judgment, which isn't final because it can be appealed by Spiegel. Because users aren't willing to pay for editorial content on the Web, "it is not economically viable for the Claimant to switch to this business model." Spiegel asked for an accounting of all the blocked views on its website and a fine to be paid—or even for managers Wladimir Palant and Till Faida to be placed in "coercive detention" of up to two years.
  • Op-ed: I’m throwing in the towel on PGP, and I work in security [Ed: Onlya tool would drop PGP for Facebook-controlled Whatsapp. The company back-doors everything under gag orders.]
    In the coming weeks I'll import all signatures I received, make all the signatures I promised, and then publish revocations to the keyservers. I'll rotate my Keybase key. Eventually, I'll destroy the private keys.
  • 90 per cent of NHS Trusts are still running Windows XP machines
    90 PER CENT of the NHS continues to run Windows XP machines, two and a half years after Microsoft ditched support for the ageing OS. It's Citrix who is ringing the alarm bells, having learnt that 90 per cent of NHS Trusts are still running Windows XP PCs. The firm sent Freedom of Information (FoI) requests to 63 NHS Trusts, 42 of which responded. The data also revealed that 24 Trusts are still not sure when they'll migrate from Windows XP to a newer version of Microsoft's OS. 14 per cent said they would be transitioning to a new operating system by the end of this year, while 29 per cent pledged to make the move sometime next year.
  • Ransomware blamed for attack that caused Lincolnshire NHS Trust shutdown
    RANSOMWARE is to blame for an attack which saw an NHS Trust in Lincolnshire that forced to cancel operations for four days in October. In a statement, Northern Lincolnshire and Goole NHS Foundation Trust said that a ransomware variant called Globe2 was to blame for the incident.
  • Researchers Find Fresh Fodder for IoT Attack Cannons
    New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.
  • Your data is not safe. Here's how to lock it down
    But some people worry that government surveillance will expand under a Donald Trump presidency, especially because he tapped Mike Pompeo, who supports mass surveillance, for CIA chief.
  • Tor at the Heart: Library Freedom Project
    Library Freedom Project is an initiative that aims to make real the promise of intellectual freedom in libraries by teaching librarians and their local communities about surveillance threats, privacy rights and responsibilities, and privacy-enhancing technologies to help safeguard digital freedoms.
  • PowerShell security threats greater than ever, researchers warn
    Administrators should upgrade to the latest version of Microsoft PowerShell and enable extended logging and monitoring capabilities in the light of a surge in related security threats, warn researchers [...] Now more than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell.
  • Five-Year-Old Bait-and-Switch Linux Security Flaw Patched
    Maintainers of the Linux Kernel project have fixed three security flaws this week, among which there was a serious bug that lingered in the kernel for the past five years and allowed attackers to bypass some OS security systems and open a root shell.
  • The Internet of Dangerous Auction Sites
    Ok, I know this is kind of old news now, but Bruce Schneier gave testimony to the House of Representatives’ Energy & Commerce Committee about computer security after the Dyn attack. I’m including this quote because I feel it sets the scene nicely for what follows here. Last week, I was browsing the popular online auction site eBay and I noticed that there was no TLS. For a moment, I considered that maybe my traffic was being intercepted deliberately, there’s no way that eBay as a global company would be deliberately risking users in this way. I was wrong. There is not and has never been TLS for large swathes of the eBay site. In fact, the only point at which I’ve found TLS is in their help pages and when it comes to entering card details (although it’ll give you back the last 4 digits of your card over a plaintext channel).

Android Leftovers

Linux 4.8.14

Turns out I'm going to be on a very long flight early tomorrow morning, so I figured it would be good to get this kernel out now, instead of delaying it by an extra day. So, I'm announcing the release of the 4.8.14 kernel. All users of the 4.8 kernel series must upgrade. The updated 4.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.8.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.38 Linux Kernel 4.8.14 Hits the Streets with Numerous Networking Improvements, More