Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Mozilla News

Filed under
Moz/FF
  • Memory Usage of Firefox with e10s Enabled
  • A WebAssembly Milestone: Experimental Support in Multiple Browsers

    WebAssembly is an emerging standard whose goal is to define a safe, portable, size- and load-time efficient binary compiler target which offers near-native performance—a virtual CPU for the Web. WebAssembly is being developed in a W3C Community Group (CG) whose members include Mozilla, Microsoft, Google and Apple.

  • Advantages of WebExtensions for Developers

    Presently, Firefox supports two main kinds of add-ons. First were XUL or XPCOM add-ons, which interface directly with the browser’s internals. They are fabulously powerful, as powerful as the browser itself. However, with that power comes security risk and the likelihood that extensions will break as the browser changes.

Mozilla Firefox 45.0 Gets Its First Point Release, Brings Back Non-Standard JAR

Filed under
Moz/FF

Today, March 17, 2016, Mozilla unveiled the first point release of the recently announced Firefox 45.0 web browser for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows.

Read more

Mozilla News

Filed under
Moz/FF

Mozilla will emit 'first version' of Servo-based Rust browser in June

Filed under
Moz/FF
Web

Servo is a cross-platform browser engine that will run on ARM operating systems (including Android) as well as on x64 platforms including Linux, OS X and Windows. It is designed to take advantage of parallelism in order to achieve optimum performance on today's multi-core systems.

Servo is coded in Rust, a language designed to ensure thread-safe concurrency and with a greater emphasis on security and safety than C++ – a language Mozilla says is poorly suited to preventing problems like memory bugs and data races.

Read more

Mozilla News (Servo and Virtual Reality)

Filed under
Moz/FF
  • Initial Servo+Browser.html Release Planned For June

    Paul Rouget of Mozilla has shared plans for making an initial alpha release of their next-generation Servo Engine and Servo-based Browser.html web browser release for this summer.

    The first version of Servo and Browser.html is planned for release in June. Browser.html is Mozilla's experimental web browser built atop Servo where the UI itself is built in HTML. While a Servo Alpha release was originally expected in 2015, it's great to see a release now planned in a few months.

  • Mozilla A-Frame Powers New Amnesty International Virtual Reality Website #360Syria

    Amnesty International today announced a new #360Syria “virtual tour” website showing the devastation brought by Syrian government barrel bombing of the besieged city of Aleppo. The website demonstration, called “Fear of the Sky” (www.360Syria.com), is built using Mozilla A-Frame technology.

    Websites like #360Syria, that allow viewers to take a virtual tour of the devastated city of Aleppo, are a significant new use case for WebVR. Technology gives people a voice where otherwise there is none. It brings a new level of visibility and greater levels of empathy to real-life situations.

Features Of Mozilla's Firefox 46 Beta Include GTK3 On Linux

Filed under
Moz/FF

For those sticking to Mozilla's stable channel, following this week's release of Firefox 45 was the public beta of Firefox 46.0.

The Firefox 46.0 Beta marks HTTP sites with login forms as insecure, the JavaScript JIT compiler features greater security, GTK3 integration is again being tried by default for Firefox on Linux, WebRTC performance/stability fixes, HKDF support for the Web Crypto API, and other changes.

Read more

Mozilla Teases Linux Users Again with the GTK3 Integration, Now for Firefox 46.0

Filed under
Moz/FF

Now that everyone's happy enjoying the latest Firefox 45.0 web browser, which once again failed to deliver the GTK3 integration on the Linux platform, bleeding-edge users can jump again into the Beta bandwagon, this time for Firefox 46.0.

Read more

Mozilla News

Filed under
Moz/FF

State of Embedding in Gecko

Filed under
Moz/FF
Web

Following up from my last post, I’ve had some time to research and assess the current state of embedding Gecko. This post will serve as a (likely incomplete) assessment of where we are today, and what I think the sensible path forward would be. Please note that these are my personal opinions and not those of Mozilla. Mozilla are gracious enough to employ me, but I don’t yet get to decide on our direction.

The TLDR; there are no first-class Gecko embedding solutions as of writing.

Read more

Syndicate content

More in Tux Machines

Proxmox VE 4.3 released

Proxmox Server Solutions GmbH today announced the general availability of Proxmox Virtual Environment 4.3. The hyper-converged open source server virtualization solution enables users to create and manage LXC containers and KVM virtual machines on the same host, and makes it easy to set up highly available clusters as well as to manage network and storage via an integrated web-based management interface. The new version of Proxmox VE 4.3 comes with a completely new comprehensive reference documentation. The new docu framework allows a global as well as contextual help function. Proxmox users can access and download the technical documentation via the central help-button (available in various formats like html, pdf and epub). A main asset of the new documentation is that it is always version specific to the current user’s software version. Opposed to the global help, the contextual help-button shows the user the documentation part he currently needs. Read more

Games for GNU/Linux

Security News

  • Tuesday's security updates
  • New Open Source Linux Ransomware Divides Infosec Community
    Following our investigation into this matter, and seeing the vitriol-filled reaction from some people in the infosec community, Zaitsev has told Softpedia that he decided to remove the project from GitHub, shortly after this article's publication. The original, unedited article is below.
  • Fax machines' custom Linux allows dial-up hack
    Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection. The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line. The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected. Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.
  • Google just saved the journalist who was hit by a 'record' cyberattack
    Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs. Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks. Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists' websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.
  • Krebs DDoS aftermath: industry in shock at size, depth and complexity of attack
    “This attack didn’t stop, it came in wave after wave, hundreds of millions of packets per second,” says Josh Shaul, Akamai’s vice president of product management, when Techworld spoke to him. “This was different from anything we’ve ever seen before in our history of DDoS attacks. They hit our systems pretty hard.” Clearly still a bit stunned, Shaul describes the Krebs DDoS as unprecedented. Unlike previous large DDoS attacks such as the infamous one carried out on cyber-campaign group Spamhaus in 2013, this one did not use fancy amplification or reflection to muster its traffic. It was straight packet assault from the old school.
  • iOS 10 makes it easier to crack iPhone back-ups, says security firm
    INSECURITY FIRM Elcomsoft has measured the security of iOS 10 and found that the software is easier to hack than ever before. Elcomsoft is not doing Apple any favours here. The fruity firm has just launched the iPhone 7, which has as many problems as it has good things. Of course, there are no circumstances when vulnerable software is a good thing, but when you have just launched that version of the software, it is really bad timing. Don't hate the player, though, as this is what Elcomsoft, and what Apple, are supposed to be doing right. "We discovered a major security flaw in the iOS 10 back-up protection mechanism. This security flaw allowed us to develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) back-ups made by iOS 10 devices," said Elcomsoft's Oleg Afonin in a blog post.
  • After Tesla: why cybersecurity is central to the car industry's future
    The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security. This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production. This leads to a ‘fire brigade approach’ to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.

Ofcom blesses Linux-powered, open source DIY radio ‘revolution’

Small scale DAB radio was (quite literally) conceived in an Ofcom engineer’s garden shed in Brighton, on a Raspberry Pi, running a full open source stack, in his spare time. Four years later, Ofcom has given the thumbs up to small scale DAB after concluding that trials in 10 UK cities were judged to be a hit. We gave you an exclusive glimpse into the trials last year, where you could compare the specialised proprietary encoders with the Raspberry Pi-powered encoders. “We believe that there is a significant level of demand from smaller radio stations for small scale DAB, and that a wider roll-out of additional small scale services into more geographic areas would be both technically possible and commercially sustainable,” notes Ofcom. Read more