Language Selection

English French German Italian Portuguese Spanish


Latest Firefox 43.0.4 Now Available for All Ubuntu OSes

Filed under

Canonical has announced that the latest Firefox 43.0.4 version has been made available in the repositories for the users of Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.

Read more

Mozilla Security

Filed under
  • Mozilla Releases Thunderbird 38.5 with Address Book Improvements, Security Fixes

    Today, January 7, 2016, Mozilla has announced the immediate availability for download of the Mozilla Thunderbird 38.5.0 email, news and chat client for all supported platforms, including Microsoft Windows, Mac OS X, and GNU/Linux.

  • Mozilla Re-enables SHA-1 Certificate Support in Firefox

    SHA-1 does still matter as Mozilla backtracks on support. However, don't expect the company to support SHA-1 for the long term.

  • Man-in-the-Middle Interfering with Increased Security

    According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm. For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren’t that many new SHA-1 certs being used. However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites. When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server.

Meet Chirimen, a Firefox OS-Powered IoT Single-Board Computer Developed by Mozilla

Filed under

Today we would like to introduce you guys to an upcoming development SBC (Single-board computer) called Chirimen, which is currently developed by Mozilla, the company behind the world's famous Firefox and Thunderbird software products.

Read more

Mozilla Firefox News

Filed under
  • Mozilla hastily backpedals on SHA-1 ban after impact larger than thought

    The impact of Mozilla's decision to depreciate SHA-1 at the start of 2016 with the release of Firefox 43 turned out to be larger than it anticipated. As a result, Mozilla hastily released an update on Wednesday that re-enabled support for SHA-1 certificates as it seeks to better evaluate how many users might be affected.

    Firefox 43 was supposed to ratchet up security for its users as part of Mozilla's roadmap by dropping support only for new SHA-1 certificates, while continuing to support older SHA-1. The rationale behind this move was to present a clear disincentive for certificate providers to move away from SHA-1 without penalizing – as yet – existing SHA-1 certificates that are already in use.

  • Firefox’s ban of SHA-1 certs causing some security issues, Mozilla warns

    Mozilla has warned Firefox users that its decision to reject SHA-1 certificates has caused an unfortunate side effect: some man-in-the-middle devices, such as security scanners and antivirus products, are failing to connect to HTTPS sites.

    The browser maker advised any netizens affected by the interference to install the latest version of Firefox, which reinstates support for SHA-1.

  • Firefox 43.0.4 Fixes Folder Creation on Linux and Brings Back SHA-1

    Mozilla has released a new version of Firefox, 43.0.4, which is just a maintenance release that happens to have an important fix for the Linux platform.

  • Mozilla: 40 Percent of Firefox Users Don't Have Add-Ons Installed

    According to an internal analysis, Mozilla staff estimates, based on anonymous telemetry data, that around 40% of its userbase does not have add-ons installed on their browser.

CES 2016: Firefox OS Still Alive, Powering New Panasonic UHD TV

Filed under

The open source Firefox OS will be used to power new Panasonic DX900 UHD TVs, Mozilla and Panasonic have announced.

Read more

Firefox OS will Power New Panasonic UHD TVs Unveiled at CES

Filed under

Panasonic announced that Firefox OS will power the new Panasonic DX900 UHD TVs, the first LED LCD TVs in the world with Ultra HD Premium specification, unveiled today at CES 2016.

Panasonic TVs powered by Firefox OS are already available globally, enabling consumers to find their favorite channels, apps, videos, websites and content quickly and pin content and apps to their TV’s home screen.

Read more

Mozilla News

Filed under
  • The Ghacks user.js Firefox privacy and security list has been updated

    Pants has created a light and dark version, and both are included in the archive that you can download so that you can access both HTML documents locally on your system.

  • News: Tutorials with node.js and jpm.
  • OpenBSD and Nightly Mozilla Firefox security.

    W^X ("Write XOR Execute"; spoken as W xor X[1]) is the name of a security feature present in the OpenBSD operating system. It is a memory protection policy whereby every page in a process' address space is either writable or executable, but not both simultaneously. from wikipedia.

  • Write XOR Execute JIT Support Lands For Mozilla Firefox

    As another recent Firefox Nightly change besides enabling WebGL 2 by default is that Firefox's just-in-time compiler supports W^X protection.

    OpenBSD has been leading the charge on using W^X by default -- Write XOR Execute. As explained in that earlier article, W^X implies "a memory policy of W^X -- write xor execute where memory can be marked as writable or executable but not both, in order to fend off potential exploits." One of the biggest roadblocks that OpenBSD faced enabling W^X were JIT engines of web browsers.

Mozilla News

Filed under
  • Exclusive: Mozilla working on a tablet a stickTV, an intelligent keyboard and a router

    We mentioned earlier that Mozilla’s Firefox os isn’t dead. Mozilla has some great plans for firefox os. These internal documents obtained by Hypertext shows the future of Mozilla Firefox preparing detailed OS beyond smartphones and include Panasonic TVs & these documents detail the new plans of Mozilla.

  • Adding Community-Driven Wayland Support to Servo

    It’s been some time since the last Servo article on the OSG blog, but this has no relation to the speed at which the browser engine’s development has been progressing.

    In the last post, the Offscreen Rendering (OSR) integration status was explored, culminating in both some code snippets as well as videos of an embedded browser application. That post can be considered the foundation for the recently-tweeted screenshot of Servo running with Wayland support.

  • The next 12 months will change Firefox’s add-on landscape fundamentally

    A lot is going on at Mozilla, makers of the popular Firefox web browser. In the next 12 months, the organization plans to make fundamental changes to the Firefox web browser which affect core features of the browser including its add-on ecosystem.

  • Divergent News on FirefoxOS

    I said good-bye to my FirefoxOS phone because of Mozilla's decision to stop the distribution of the devices.

Mozilla 2016 Outlook: Promising Despite Funding, Competitive Woes

Filed under

For Mozilla, 2015 has been a year of large challenges, with a shift in funding sources and increasing competitive pressures across the desktop and mobile markets. The biggest challenges for Mozilla, however, are likely yet to come in 2016.

Read more

Syndicate content

More in Tux Machines


  • New features in GNOME To Do
    Some of you might have noticed that GNOME To Do wasn’t released with GNOME 3.22. There is a reason for that: I didn’t have enough time to add new features, or fix any bugs. But that changed, and in fact big things happened.
  • CUDA 8, cuDNN, Nvidia drivers and GNOME Software metadata
    The Nvidia driver repository has been updated with AppStream metadata. From Fedora 25 onward, you will be able to search for Nvidia, CUDA, GeForce or Quadro to make the driver, control panel and other programs appear in the Gnome Software window. As far as I know, this should be enabled by default on Fedora 25.
  • Builder Rust
    With Federico’s wonderful post on Rust’ifying librsvg I guess it makes sense to share what I’ve been doing the last couple of days. I’ve been keeping my eye on Rust for quite a while. However, I’ve been so heads down with Builder the last two years that I haven’t really gotten to write any or help on integration into our platform. Rust appears to take a very pragmatic stance on integration with systems code (which is primarily C). The C calling convention is not going anywhere, so at some point, you will be integrating with some part of a system that is “C-like”. Allowing us to piecemeal upgrade the “Safety” of our systems is much smarter than rewrite-the-universe. This pragmatism is likely due to the realities of Rust’s birth at Mozilla. It’s a huge code-base, and incrementally modernizing it is the only reality that is approachable.
  • Librsvg gets Rusty
    I've been wanting to learn Rust for some time. It has frustrated me for a number of years that it is quite possible to write GNOME applications in high-level languages, but for the libraries that everything else uses ("the GNOME platform"), we are pretty much stuck with C. Vala is a very nice effort, but to me it never seemed to catch much momentum outside of GNOME. After reading this presentation called "Rust out your C", I got excited. It *is* possible to port C code to Rust, small bits at a time! You rewrite some functions in Rust, make them linkable to the C code, and keep calling them from C as usual. The contortions you need to do to make C types accessible from Rust are no worse than for any other language.

Leftovers: Software

  • Rblpapi 0.3.5
    A new release of Rblpapi is now on CRAN. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg Labs (but note that a valid Bloomberg license and installation is required).
  • Flatpak 0.6.13
    These used to take an application id and an optional branch name as two arguments. This meant you could not specify multiple apps to install in a single command. So, instead of having the branch as a separate argument we now support partial references. If you only specify an id we try to match the rest as best we can depending on what is installed/available, but if this matches multiple things you have to specify more details.
  • New features on Hosted Weblate
    Today, new version has been deployed on Hosted Weblate. It brings many long requested features and enhancements.
  • A Wild Desktop Reddit App for Linux Appears
    Reddit is …Well it’s Reddit: there’s little else like it on the internet. Thos of us who use Reddit probably do so a tab, in a browser, because that’s how the site works best. Many desktop Reddit apps exist, but few translate the unique experience of using the service to the desktop in a way that really works.
  • Opera 41 Browser Brings Performance Improvements
    For those still using the Opera web-browser, Opera 41 is now available as the latest stable release and seems primarily focused on performance improvements.
  • Faster and better browsing – Welcome Opera 41
    We all know the feeling. You want to check out your favorite website, but when you open your laptop or turn on your computer, you realize the browser is closed. You click on the browser icon and then have to wait while the browser opens all your previously opened sites… We have a solution for you that makes your browsing faster: Opera 41 includes a new, smarter startup sequence that cuts away almost all the wait time, no matter how many tabs you open on startup.

today's howtos

Security News

  • Tuesday's security updates
  • We Got Phished
    She logged into her account but couldn’t find the document and, with other more urgent emails to deal with, she quickly moved on and put this brief event out of mind. This staff member will henceforth be known as PZ, or “patient zero.” The login page wasn’t really a login page. It was a decoy webpage, designed to look legitimate in order to trick unsuspecting recipients into typing in their private login credentials. Having fallen for the ruse, PZ had effectively handed over her email username and password to an unknown party outside the Exploratorium. This type of attack is known as “phishing.” Much like putting a lure into a lake and waiting to see what bites, a phishing attack puts out phony prompts, such as a fake login page, hoping that unwitting recipients can be manipulated into giving up personal information.
  • DDoS attacks against Dyn the work of 'script kiddies'
    Last week's distributed denial of service attack in the US against domain name services provider Dynamic Network Services are more likely to have been the work of "script kiddies", and not state actors. Security researchers at threat intelligence firm Flashpoint dismissed reports that linked the attack to WikiLeaks, the Russian government or the New World Hackers group. Instead, Flashpoint said, it was "moderately confident" that the Hackforums community was behind the attack which led to well-known sites like Twitter, Spotify, Netflix and Paypal being inaccessible on 21 October (US time).
  • How one rent-a-botnet army of cameras, DVRs caused Internet chaos
    Welcome to the Internet of Evil Things. The attack that disrupted much of the Internet on October 21 is still being teased apart by investigators, but evidence thus far points to multiple "botnets" of Internet-connected gadgets being responsible for blocking access to the Domain Name Service (DNS) infrastructure at DNS provider Dyn. Most of these botnets—coordinated armies of compromised devices that sent malicious network traffic to their targets—were controlled by Mirai, a self-spreading malware for Internet of Things (IoT) devices. in a blog post on the attack, Dyn reported "tens of millions" of devices were involved in the attack But other systems not matching the signature of Mirai were also involved in the coordinated attack on Dyn. "We believe that there might be one or more additional botnets involved in these attacks," Dale Drew, CSO of Level 3 Communications, told Ars. "This could mean that they are 'renting' several different botnets to launch an attack against a specific victim, in which multiple other sites have been impacted." The motive may have been blackmail, since the attacker sought a payout by Dyn to stop. But Drew warned that the huge disruption caused by the attack "could result in large copycat attacks, and [a] higher [number of] victim payouts [so] as to not be impacted in the same way. It could also be a signal that the bad guy is using multiple botnets in order to better avoid detection since they are not orchestrating the attack from a single botnet source."
  • ARM builds up security in the tiniest Internet of Things chips
    IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge. On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust. It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.
  • Antique Kernel Flaw Opens Door to New Dirty Cow Exploit