Language Selection

English French German Italian Portuguese Spanish

Moz/FF

Is your open source community optimized for contributors?

Filed under
Interviews
Moz/FF
OSS

Josh Matthews is a platform developer at Mozilla. He's a programmer who writes Rust code and is active in the development of Firefox. His development experience has led him to enjoy mentoring new contributors in open source projects.

Read more

Safety/Privacy in Firefox

Filed under
Moz/FF
Security
  • Firefox and cookie micromanagement

    For most of its existence, Firefox has provided users with the ability to manage how cookies are stored with a rather high degree of granularity: users can block specific cookies, create site-wide exceptions to the accept/block policy, and configure behavior for third-party cookies. Up until Firefox 44, there was an additional option as well, one that allowed users to choose the expiration point (that is, expiring them at the end of the session or letting them persist) for every cookie they encounter. That option was removed in the Firefox 44 release, which has made some users rather unhappy.

    The option in question was found in the Privacy preferences screen, labeled "Ask me every time" on the "Keep until:" selector. When enabled, the option raised a dialog box asking the user to accept or reject each cookie encountered, with a "accept for this session only" choice provided. Removing the option was proposed in 2010, although the patch to perform the removal did not land until 2015. It was released in Firefox 44 in January 2016.

  • How Safe Browsing works in Firefox

    If you want to learn more about how Safe Browsing works in Firefox, you can find all of the technical details on the Safe Browsing and Application Reputation pages of the Mozilla wiki or you can ask questions on our mailing list.

  • Decentraleyes Addon Fixes Browser Privacy, Circumvents CDNs

    Widespread CDN acceptance has been a security flaw that sacrifices privacy simply because it breaks web pages on anything put a text-based browser, which is a sacrifice few are willing to make for the sake of their information remaining local.

Mozilla News

Filed under
Moz/FF
  • Memory Usage of Firefox with e10s Enabled
  • A WebAssembly Milestone: Experimental Support in Multiple Browsers

    WebAssembly is an emerging standard whose goal is to define a safe, portable, size- and load-time efficient binary compiler target which offers near-native performance—a virtual CPU for the Web. WebAssembly is being developed in a W3C Community Group (CG) whose members include Mozilla, Microsoft, Google and Apple.

  • Advantages of WebExtensions for Developers

    Presently, Firefox supports two main kinds of add-ons. First were XUL or XPCOM add-ons, which interface directly with the browser’s internals. They are fabulously powerful, as powerful as the browser itself. However, with that power comes security risk and the likelihood that extensions will break as the browser changes.

Mozilla Firefox 45.0 Gets Its First Point Release, Brings Back Non-Standard JAR

Filed under
Moz/FF

Today, March 17, 2016, Mozilla unveiled the first point release of the recently announced Firefox 45.0 web browser for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows.

Read more

Mozilla News

Filed under
Moz/FF

Mozilla will emit 'first version' of Servo-based Rust browser in June

Filed under
Moz/FF
Web

Servo is a cross-platform browser engine that will run on ARM operating systems (including Android) as well as on x64 platforms including Linux, OS X and Windows. It is designed to take advantage of parallelism in order to achieve optimum performance on today's multi-core systems.

Servo is coded in Rust, a language designed to ensure thread-safe concurrency and with a greater emphasis on security and safety than C++ – a language Mozilla says is poorly suited to preventing problems like memory bugs and data races.

Read more

Mozilla News (Servo and Virtual Reality)

Filed under
Moz/FF
  • Initial Servo+Browser.html Release Planned For June

    Paul Rouget of Mozilla has shared plans for making an initial alpha release of their next-generation Servo Engine and Servo-based Browser.html web browser release for this summer.

    The first version of Servo and Browser.html is planned for release in June. Browser.html is Mozilla's experimental web browser built atop Servo where the UI itself is built in HTML. While a Servo Alpha release was originally expected in 2015, it's great to see a release now planned in a few months.

  • Mozilla A-Frame Powers New Amnesty International Virtual Reality Website #360Syria

    Amnesty International today announced a new #360Syria “virtual tour” website showing the devastation brought by Syrian government barrel bombing of the besieged city of Aleppo. The website demonstration, called “Fear of the Sky” (www.360Syria.com), is built using Mozilla A-Frame technology.

    Websites like #360Syria, that allow viewers to take a virtual tour of the devastated city of Aleppo, are a significant new use case for WebVR. Technology gives people a voice where otherwise there is none. It brings a new level of visibility and greater levels of empathy to real-life situations.

Features Of Mozilla's Firefox 46 Beta Include GTK3 On Linux

Filed under
Moz/FF

For those sticking to Mozilla's stable channel, following this week's release of Firefox 45 was the public beta of Firefox 46.0.

The Firefox 46.0 Beta marks HTTP sites with login forms as insecure, the JavaScript JIT compiler features greater security, GTK3 integration is again being tried by default for Firefox on Linux, WebRTC performance/stability fixes, HKDF support for the Web Crypto API, and other changes.

Read more

Mozilla Teases Linux Users Again with the GTK3 Integration, Now for Firefox 46.0

Filed under
Moz/FF

Now that everyone's happy enjoying the latest Firefox 45.0 web browser, which once again failed to deliver the GTK3 integration on the Linux platform, bleeding-edge users can jump again into the Beta bandwagon, this time for Firefox 46.0.

Read more

Mozilla News

Filed under
Moz/FF
Syndicate content

More in Tux Machines

OpenShift and Google

  • Red Hat launches 'OpenShift' dedicated on Google Cloud Platform
    World's leading provider of open source solutions Red Hat has announced the general availability of OpenShift Dedicated on Google Cloud Platform.
  • Red Hat and Google join forces on containers
    Red Hat and Google are set to offer enterprise customers a managed OpenShift service hosted on Google's cloud to make the build, launch and management of applications a less time-consuming process. OpenShift Dedicated on Google Cloud Platform will speed up the adoption of containers, according to Red Hat, giving developers the guidance they need to create applications and deploy them faster.
  • Red Hat’s Container Platform Lands on Google Cloud
    Red Hat’s OpenShift Dedicated container platform will now be available on Google Cloud Platform, the companies announced yesterday. OpenShift Dedicated is a managed version of Red Hat’s OpenShift container platform, targeting enterprises. Launched in December, the Dedicated version puts Red Hat in the role of a service provider, taking care of infrastructure and operations.

Security News

  • A 'mystery device' is letting thieves break into cars and drive off with them, insurance group says
    Insurance crime investigators are raising alarms over a device that not only lets thieves break into cars that use keyless entry systems but also helps start and steal them. Investigators from the National Insurance Crime Bureau, a not-for-profit organization, said in an interview they obtained what they called the “mystery device” from a third-party security expert at an overseas company. So far, the threat here may be mostly theoretical. The crime bureau said it heard of the device being used in Europe and had reports that it had entered the U.S., but said there are no law enforcement reports of a car being stolen using it in the United States.
  • Turkish hacking group offers tiered points rewards program for DoS attacks
    A TURKISH HACKING GANG is taking an unusual approach to funding denial of service attacks, and is soliciting for, and offering hackers rewards for taking down chosen pages. This is unusual, as far as we know, and it has led to the creation of comment from the security industry. Often these things do.
  • German judges explain why Adblock Plus is legal
    Last month, Adblock Plus maker Eyeo GmbH won its sixth legal victory in German courts, with a panel of district court judges deciding that ad-blocking software is legal despite German newsmagazine Der Spiegel's arguments to the contrary. Now, the reasoning of the Hamburg-based panel of judges has been made public. According to an unofficial English-translated copy (PDF) of the judgment, Spiegel Online argued it was making a "unified offer" to online consumers. Essentially, that offer is: read the news content for free and view some ads. While Internet users have the freedom "not to access this unified offer," neither they nor Adblock Plus have the right to "dismantle" it. Eyeo's behavior thus amounted to unfair competition, and it could even wipe the offer out, Spiegel claimed. "The Claimant [Spiegel] argues that the Defendant’s [Eyeo's] business model endangers the Claimant’s existence," reads the judgment, which isn't final because it can be appealed by Spiegel. Because users aren't willing to pay for editorial content on the Web, "it is not economically viable for the Claimant to switch to this business model." Spiegel asked for an accounting of all the blocked views on its website and a fine to be paid—or even for managers Wladimir Palant and Till Faida to be placed in "coercive detention" of up to two years.
  • Op-ed: I’m throwing in the towel on PGP, and I work in security [Ed: Onlya tool would drop PGP for Facebook-controlled Whatsapp. The company back-doors everything under gag orders.]
    In the coming weeks I'll import all signatures I received, make all the signatures I promised, and then publish revocations to the keyservers. I'll rotate my Keybase key. Eventually, I'll destroy the private keys.
  • 90 per cent of NHS Trusts are still running Windows XP machines
    90 PER CENT of the NHS continues to run Windows XP machines, two and a half years after Microsoft ditched support for the ageing OS. It's Citrix who is ringing the alarm bells, having learnt that 90 per cent of NHS Trusts are still running Windows XP PCs. The firm sent Freedom of Information (FoI) requests to 63 NHS Trusts, 42 of which responded. The data also revealed that 24 Trusts are still not sure when they'll migrate from Windows XP to a newer version of Microsoft's OS. 14 per cent said they would be transitioning to a new operating system by the end of this year, while 29 per cent pledged to make the move sometime next year.
  • Ransomware blamed for attack that caused Lincolnshire NHS Trust shutdown
    RANSOMWARE is to blame for an attack which saw an NHS Trust in Lincolnshire that forced to cancel operations for four days in October. In a statement, Northern Lincolnshire and Goole NHS Foundation Trust said that a ransomware variant called Globe2 was to blame for the incident.
  • Researchers Find Fresh Fodder for IoT Attack Cannons
    New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.
  • Your data is not safe. Here's how to lock it down
    But some people worry that government surveillance will expand under a Donald Trump presidency, especially because he tapped Mike Pompeo, who supports mass surveillance, for CIA chief.
  • Tor at the Heart: Library Freedom Project
    Library Freedom Project is an initiative that aims to make real the promise of intellectual freedom in libraries by teaching librarians and their local communities about surveillance threats, privacy rights and responsibilities, and privacy-enhancing technologies to help safeguard digital freedoms.
  • PowerShell security threats greater than ever, researchers warn
    Administrators should upgrade to the latest version of Microsoft PowerShell and enable extended logging and monitoring capabilities in the light of a surge in related security threats, warn researchers [...] Now more than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell.
  • Five-Year-Old Bait-and-Switch Linux Security Flaw Patched
    Maintainers of the Linux Kernel project have fixed three security flaws this week, among which there was a serious bug that lingered in the kernel for the past five years and allowed attackers to bypass some OS security systems and open a root shell.
  • The Internet of Dangerous Auction Sites
    Ok, I know this is kind of old news now, but Bruce Schneier gave testimony to the House of Representatives’ Energy & Commerce Committee about computer security after the Dyn attack. I’m including this quote because I feel it sets the scene nicely for what follows here. Last week, I was browsing the popular online auction site eBay and I noticed that there was no TLS. For a moment, I considered that maybe my traffic was being intercepted deliberately, there’s no way that eBay as a global company would be deliberately risking users in this way. I was wrong. There is not and has never been TLS for large swathes of the eBay site. In fact, the only point at which I’ve found TLS is in their help pages and when it comes to entering card details (although it’ll give you back the last 4 digits of your card over a plaintext channel).

Android Leftovers

Linux 4.8.14

Turns out I'm going to be on a very long flight early tomorrow morning, so I figured it would be good to get this kernel out now, instead of delaying it by an extra day. So, I'm announcing the release of the 4.8.14 kernel. All users of the 4.8 kernel series must upgrade. The updated 4.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.8.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.4.38 Linux Kernel 4.8.14 Hits the Streets with Numerous Networking Improvements, More