Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'firefox'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 598 results

  1. Mozilla plans to increase the number of content processes of Firefox's multi-process architecture to four (from one) with the release of Firefox 54. Tip: if you are new to the concept or want to find out more about it, read our extensive Firefox multi-process guide. Firefox Stable users who run a multi-process Firefox copy right now, run it with one content process and one browser process. This system divides the browser's core from the content -- read websites, services and apps -- that the user opens in the web browser. Mozilla announced plans some time ago to increase the content process limit so that multiple content processes would be used by the Firefox web browser. This has been tested in Firefox Nightly for some time, and appears to be ready for rollout to the stable user base of the browser. You can check the number of content processes by opening the system's Task Manager to see how many Firefox processes are listed there. The target for the change is Firefox 54, but late minute issues may delay the change to Firefox 55. Mozilla plans to enable the four content processes of Firefox for 80% of the eligible population. The remaining 20% of users remain on one content process when the switch happens; a control group so to speak to monitor stability, performance and other metrics. Tip: you can increase the number of Firefox content processes manually as well. This enables you to increase the limit, or decrease it. The latter may be useful to reduce the browser's memory usage. Some Firefox installations are still not eligible for Firefox's multi-process architecture. This includes systems with accessibility tools or settings enabled. Multiple processes won't be enabled for users with extensions either, regardless of whether those are legacy add-ons, or WebExtensions. Mozilla ran its memory test again to determine the right number of content processes. An increase in the number of content processes for the browser always goes along with an increase in memory usage. The latest test saw Firefox still using significantly less memory than Chrome on all tested desktop devices. On Windows devices, Chrome used up to 2.4 times the memory than Firefox. One reason for that is that Chrome uses content processes for each site or service opened in the browser. Firefox would use significantly more memory if Mozilla were to enable the same system in the browser so that sites and services would all open up in their own content process. Mozilla's initial estimation was that multi-process Firefox would use about 20% more RAM than the non-multi-process browser. Firefox has no option currently to replicate Chrome's handling of content processes. While you can set a high limit, for instance 50, it would mean that Firefox would use individual content processes for the first 50 sites or apps only, and re-use content processes for anything that is opened afterwards. Mozilla hopes that the increase to four content processes will improve system stability further. Closing Words Mozilla believes that it has found the sweet spot between the number of content processes for Firefox's multi-process architecture and memory usage of the browser. Further optimization may change the number from four to a higher number in the future. I ran a Firefox Nightly copy for months with four content processes, and the browser ran super stable in that time. (via Sören Hentzschel) Article source
  2. Disclaimer: I worked for 7 years at Mozilla and was Mozilla’s Chief Technology Officer before leaving 2 years ago to found an embedded AI startup. Mozilla published a blog post two days ago highlighting its efforts to make the Desktop Firefox browser competitive again. I used to closely follow the browser market but haven’t looked in a few years, so I figured it’s time to look at some numbers: The chart above shows the percentage market share of the 4 major browsers over the last 6 years, across all devices. The data is from StatCounter and you can argue that the data is biased in a bunch of different ways, but at the macro level it’s safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated. Trend I tried a couple different ways to plot a trendline and an exponential fit seems to work best. This aligns pretty well with theories around the explosive diffusion of innovation, and the slow decline of legacy technologies. If the 6 year trend holds, IE should be pretty much dead in 2 or 3 years. Firefox is not faring much better, unfortunately, and is headed towards a 2-3% market share. For both IE and Firefox these low market share numbers further accelerate the decline because Web authors don’t test for browsers with a small market share. Broken content makes users switch browsers, which causes more users to depart. A vicious cycle. Chrome and Safari don’t fit as well as IE and Firefox. The explanation for Chrome is likely that the market share is so large that Chrome is running out of users to acquire. Some people are stuck on old operating systems that don’t support Chrome. Safari’s recent growth is underperforming its trend most likely because iOS device growth has slowed. Desktop market share Looking at all devices blends mobile and desktop market shares, which can be misleading. Safari/iOS is dominant on mobile whereas on Desktop Safari has a very small share. Firefox in turn is essentially not present on mobile. So let’s look at the Desktop numbers only. The Desktop-only graph unfortunately doesn’t predict a different fate for IE and Firefox either. The overall desktop PC market is growing slightly (most sales are replacement PCs, but new users are added as well). Despite an expanding market both IE and Firefox are declining unsustainably. Adding users? Eric mentioned in the blog post that Firefox added users last year. The relative Firefox market share declined from 16% to 14.85% during that period. For comparison, Safari Desktop is relatively flat, which likely means Safari market share is keeping up with the (slow) growth of the PC/Laptop market. Two possible theories are that Eric meant in his blog post that browser installs were added. People often re-install the browser on a new machine, which could be called an “added user”, but it comes usually at the expense of the previous machine becoming disused. It’s also possible that the absolute daily active user count has indeed increased due to the growth of the PC/laptop market, despite the steep decline in relative market share. Firefox ADUs aren’t public so it’s hard to tell. From these graphs it’s pretty clear that Firefox is not going anywhere. That means that the esteemed Fox will be around for many many years, albeit with an ever diminishing market share. It also, unfortunately, means that a turnaround is all but impossible. With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn’t manage to catch up with Android’s explosive growth. Mozilla’s strategic rationale for building Firefox OS was often misunderstood. Mozilla’s founding mission was to build the Web by building a browser. Mobile thoroughly disrupted this mission. On mobile browsers are much less relevant–even more so third party mobile browsers. On mobile browsers are a feature of the Facebook and Twitter apps, not a product. To influence the Web on mobile, Mozilla had to build a whole stack with the Web at its core. Building mobile browsers (Firefox Android) or browser-like apps (Firefox Focus) is unlikely to capture a meaningful share of use cases. Both Firefox for Android and Firefox Focus have a market share close to 0%. The strategic shift in 2014, back to Firefox, and with that back to Desktop, was significant for Mozilla. As Eric describes in his article, a lot of amazing technical work has gone into Firefox for Desktop the last years. The Desktop-focused teams were expanded, and mobile-focused efforts curtailed. Firefox Desktop today is technically competitive with Chrome Desktop in many areas, and even better than Chrome in some. Unfortunately, looking at the graphs, none of this has had any effect on market trends. Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric–who heads Mozilla’s marketing team–uses Chrome every day as he mentioned in the first sentence, it’s not surprising that almost 65% of desktop users are doing the same. What does this mean for the Web? I started Firefox OS in 2011 because already back then I was convinced that desktops and browsers were dead. Not immediately–here we are 6 years later and both are still around–but both are legacy technologies that are not particularly influential going forward. I don’t think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It’s like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted. I left Mozilla because I became curious what the Web looks like once it consists predominantly of devices instead of desktops and mobile phones. At Silk we created an IoT platform built around open Web technologies such as JavaScript, and we do a lot of work around democratizing data ownership through embedding AI in devices instead of sending everything to the cloud. So while Google won the browser wars, they haven’t won the Web. To stick with the transportation metaphor: Google makes the best horses in the world and they clearly won the horse race. I just don’t think that race matters much going forward. Article source
  3. Mozilla is working on a new form autofill system in the Firefox web browser that will replace the current system eventually. Form autofill is a handy feature, as it allows users of the browser to fill out form fields automatically. The current implementation uses frecency (frequency + recency) for that, and has been part of the browser since 2009. Firefox displays suggestions when you type in a form field. It displays a sorted list of options for the field, and filters them once you start typing. The new form autofill that will launch later this year in Firefox changes this mechanic. Basically, what it does is use profiles to fill out all matching fields on the form immediately, instead of just a single field. Instead of having to fill out each field of the form individually, you'd simply pick one of the available profiles to fill out all fields at once. Note: The feature landed in Nightly. It is a work in progress, and things may change. You can give it a try right now if you run Nightly, but some things won't work properly right now. Setting up the new Form Autofill in Firefox The new Form Autofill requires that you set up at least one profile in Firefox. The browser picks those up automatically, and you can select them on a form by form basis if you have added multiple profiles to the browser. Step 1: Open the Privacy options Load about:preferences#privacy in the Firefox address bar. This opens the privacy preferences of the browser. Locate the "forms & passwords" section on the page. Make sure that "enable profile autofill" is enabled. Click on saved profiles to manage the profiles. Step 2: Add or edit profiles Firefox lists all profiles that exist on the page that opens. You can add, remove or edit profiles here. Click on the add button to create a new profile in the Firefox web browser. Step 3: Fill out profile information The next page lists the fields that are currently available for profiles. You can fill out some or all of them. Some restrictions apply currently. Only the United States is supported under Country for instance, some fields are missing, and data transformations for some types are not supported either. Click on the save button once you are done. Firefox takes you back to the list of available profiles. You should see the new profile listed there, and may click on edit at any time to change data, or remove to delete it completely. The future Mozilla notes that the new autofill functionality won't work on most sites right now, as it is currently limited to forms that support the @autocomplete attribute on <input> elements. This will change soon when heuristics are added to determine the right field types when @autocomplete is not supported. Mozilla plans to ship improvements soon. These include, among others, options to save data to profiles when you fill out forms, a preview of all data when you highlight a profile, and support for select dropdown fields. Closing Words I'm looking forward to this new autofill functionality of the Firefox web browser. I wish Mozilla would add support for custom fields as well, to make the system even more flexible than it is right now. You can follow development on the official Form Autofill Wiki page on the Mozilla website. Article source
  4. One of the latest milestones being worked on for making the Servo browser engine more usable is WebGL support. While Gecko/Firefox has long had working WebGL capabilities, the Servo WebGL support is now being brought up and some more code for it has recently landed. This pull now honored provides the base for implementing WebGL extensions in Servo. OES_texture_float* and OES_vertex_array_object are among the extensions implemented so far and passing the necessary conformance tests. Support for other WebGL extensions for Servo are still being worked on. See that thread for more details. There is this meta bug tracking blockers for full WebGL 1.0 support in Servo. There's still a fair amount of work left before WebGL 1.0 will be fully ready in Servo for accelerated OpenGL ES 2.0 derived graphics for the web. Of course, after that is the recently ratified WebGL 2.0 still to be accomplished by Servo -- WebGL 2.0 was added to Firefox 51 for reference. Article source
  5. Mozilla plans to implement a change in Firefox 55 that restricts plugins -- read Adobe Flash -- to run on HTTP pr HTTPS only. Adobe Flash is the only NPAPI plugin that is still supported by release versions of the Firefox web browser. Previously supported plugins such as Silverlight or Java are no longer supported, and won't be picked up by the web browser anymore. Flash is the only plugin left standing in Firefox. It is also still available for Google Chrome, Chromium-based browsers, and Microsoft Edge, but the technology used to implement Flash is different in those web browsers. Adobe Flash causes stability and security issues regularly in browsers that support it. If you check the latest Firefox crash reports for instance, you will notice that many top crashes are plugin-related. Security is another hot topic, as Flash is targeted quite often thanks to new security issues coming to light on a regular basis. Mozilla's plan to run Flash only on HTTP or HTTPS sites blocks execution of Flash on any non-HTTP non-HTTPS protocol. This includes among others FTP and FILE. Flash content will be blocked completely in these instances. This means that users won't get a "click to play" option or something similar, but just resources blocked from being loaded and executed by the Firefox web browser. Mozilla provides an explanation for the decision on the Firefox Site Compatibility website: Firefox 55 and later will prevent Flash content from being loaded from file, ftp or any other URL schemes except http and https. This change aims to improve security, because a different same-origin policy is applied to the file protocol, and loading Flash content from other minor protocols is usually not well-tested. Mozilla is also looking into extending the block to data: URIs. The change should not affect too many Firefox users and developers, but it will surely impact some. Mozilla implemented a new preference in Firefox that allows users to bypass the new restriction: Type about:config in the browser's address bar and hit the Enter-key. Confirm that you will be careful if the warning prompt appears. Search for the preference plugins.http_https_only. Double-click on it. A value of True enables the blocking of Flash content on non-HTTP/HTTPS pages, while a value of False restores the previous handling of Flash so that it runs on any protocol. Mozilla suggests however that developers set up a local web server instead for Flash testing if that is the main use case. (via Sören) Article source
  6. This is a continuation of my Are They Slim Yet series, for background see my previous installment. With Firefox’s next release, 54, we plan to enable multiple content processes — internally referred to as the e10s-multi project — by default. That means if you have e10s enabled we’ll use up to four processes to manage web content instead of just one. My previous measurements found that four content processes are a sweet spot for both memory usage and performance. As a follow up we wanted to run the tests again to confirm my conclusions and make sure that we’re testing on what we plan to release. Additionally I was able to work around our issues testing Microsoft Edge and have included both 32-bit and 64-bit versions of Firefox on Windows; 32-bit is currently our default, 64-bit is a few releases out. The methodology for the test is the same as previous runs, I used the atsy project to load 30 pages and measure memory usage of the various processes that each browser spawns during that time. Without further ado, the results: So we continue to see Chrome leading the pack in memory usage across the board: 2.4X the memory as Firefox 32-bit and 1.7X 64-bit on Windows. IE 11 does well, in fact it was the only one to beat Firefox. It’s successor Edge, the default browser on Windows 10, appears to be striving for Chrome level consumption. On macOS 10.12 we see Safari going the Chrome route as well. Browsers included are the default versions of IE 11 and Edge 38 on Windows 10, Chrome Beta 59 on all platforms, Firefox Beta 54 on all platforms, and Safari Technology Preview 29 on macOS 10.12.4. Note: For Safari I had to run the test manually, they seem to have made some changes that cause all the pages from my test to be loaded in the same content process. Article source
  7. The following article gives you a glimpse of the upcoming Photon design of the Firefox web browser which will come out later this year. Mozilla plans to make Firefox 57 a milestone release. It is the version of Firefox in which the cut is made that leaves legacy add-ons behind, and also the Firefox version that will feature a design update. This design update is called Photon, and we talked about this previously already here on Ghacks Technology News. Mozilla released a batch of new mockup screenshots of the upcoming design in the past week. Sören Hentzschel was nice enough to collect those and publish them on his blog, so, thanks to him for making those available to a larger audience. Note: The following design screenshots are mockups, and not necessarily the final product. Firefox 57: new Photon design screenshots We have talked about the new main menu of the Photon-enabled Firefox browser already. Mozilla moves away from the icon-focused menu to one that looks almost like a right-click context menu instead. It features more options, some with, others without icons, and also a touch-variant that users may use when they work on touch-enabled devices. The touch menu of Firefox Photon may look like the following one: The core change is that the space between menu items is larger for easier selection of options displayed in the menu. The entries look identical right now, we will see if that will be the case when Photon is released in a future version of the Firefox web browser. One new feature of Firefox 57 will be that you can display the browser's sidebar on the right side. Current versions of Firefox support it only on the left, but with the new version comes an option to display it on the right instead. The following screenshot shows that, and the new design of the sidebar as well. The three dots menu in the Firefox address bar is new as well. It lists several options in the mockups, among them options to copy the URL, send the URL to a device, take a screenshot, or to share the page. This new share functionality taps right into the Share functionality of the operating systems if it ships with one. On Windows 10, selecting Share would open the operating system's Share window, and the same will happen on Mac OS X. It is unclear how Share will look like on devices that run operating systems that don't come with native Share functionality. The error pages that the browser displays are redesigned as well. The mockups released in the last week show a less flashy design with fewer colors. Here are the error pages that highlight the changes: Mozilla, on top of that, released mockups for various internal pages of the Firefox browser. This includes the private browsing start window, the page that comes up when Firefox blocks a web page, and the HTTPS error page. Last but not least, some internal about pages may get redesigns as well when Firefox 57 hits. These are the pages about:credit, about:license, and about:rights. Firefox Nightly users may do the following to enable some Photon design elements in the browser already. Please note that this is a work in progress, and that some things may not work as intended at that point in time. Type about:config in the browser's address bar and hit the Enter-key on the keyboard. Search for browser.photon.structure.enabled. Double-click the preference to set it to true, and enable the bits that are already in the browser. Restart the web browser. Article source
  8. Mozilla plans to add a feature to Firefox 57 which enables users to find replacements for extensions that are no longer supported by the browser. The release of Firefox 57 will make major changes to the browser's add-on system. Legacy add-ons, those that are not WebExtensions, won't be supported anymore as Mozilla plans to focus solely on WebExtensions, a technology used by browsers such as Google Chrome as well. One effect of the change is that part of Firefox's user base will end up with incompatible add-ons. That's a usability issue obviously as users will end up without functionality provided by these add-ons. Note: Mozilla marks those add-ons as legacy in Firefox Nightly already. This will come to Firefox Stable as well in time as an indicator that these add-ons will stop working in Firefox 57. Up until now it was not really clear if and how Mozilla wanted to address the issue. It appears, that the organization has found a way. Find a replacement Mozilla plans to add a new unsupported listing to the add-ons manager. You can load the add-ons manager by entering about:addons directly, or with a click on the main Firefox menu button. All extensions that are no longer compatible when the change hits the browser are moved to that section. This means, that they are not removed right away from Firefox either, but kept for the time being. 40% of Firefox users don't use add-ons according to a 2016 Mozilla study. Those won't notice the change at all. Tip: Check out Top Firefox add-ons and their WebExtensions status for an overview of what is compatible already, and what is not. Also, find out which Chrome extensions will run in Firefox, This is good for two reasons: first, because users may notice that the extensions are unsupported. This would not be the case if Mozilla would just delete the add-ons, as users would be left puzzling what happened to them. Second, because it allows Mozilla to add the recommendation feature to the unsupported extensions listing. The main idea of the feature is to suggest supported extensions -- read WebExtensions -- as alternatives to unsupported legacy add-ons. All that users need to do is click on the "find a replacement" link, to get suggestions for comparable add-ons. The feature is not live yet, but a click on the link will redirect the request to the Mozilla Add-ons website where replacements are then listed on a page. A couple of things may happen when users click on the button: A WebExtensions alternative that replicates all, or most of the add-ons functionality is suggested. Suggestions match some functionality only. No alternatives are available because a) no one created one, or b) the APIs don't support it anymore. You probably wonder how many extensions will remain compatible with Firefox. You can find that out here. Closing Words The cut that Mozilla makes in Firefox 57 impacts part of Firefox's user base. While there is no study about that, at least none that got published, I'd estimate that it will hurt veteran Firefox users more than it will hurt new users of the browser. It is clear already that functionality that some legacy add-ons or themes provided won't be supported by WebExtensions, and that these add-ons or themes won't be available anymore, nor will any alternatives to those because of this. The find a replacement feature will certainly help some users provided that it works correctly, and that is a good thing. (via Sören) Article source
  9. Mozilla plans to add a permissions section to the Firefox settings that allows users to manage certain permissions globally from the location. If you have used Firefox for more than a year or so, you may remember that the browser shipped with a permissions management system before. All you had to do was load about:permissions in the browser's address bar to open the management page, and manage permissions for all sites and services in that central location. It was a handy thing to have, considering that it allowed you to check and change permissions for multiple sites quickly using it. Mozilla dropped the whole thing back when Firefox 45 was released, and Firefox users had to live without it up until now. I'm still puzzled as to why it was removed, as it was quite the handy feature to have. While it is still possible to manage permissions of the active site, it is obviously more time consuming if you need to manage permissions for a number of sites, as you'd have to open them all one after the other to do so. Mozilla did improve the visibility of custom page permissions in Firefox 50, but that did nothing to the underlying management issue. Firefox Permissions Management With the update of the Settings page (about:preferences) that is still ongoing but already part of Firefox Nightly, comes a new initiative to re-introduce permissions management to Firefox. Mozilla plans to integrate the new management options in the Firefox Settings this time. Note: The screenshots are mockups, and development is ongoing. This means that there is a chance that things may change along the way. Permissions will be added to the privacy & security part of the new Preferences page of the Firefox browser. The first mockup screenshot that you see above lists the four permissions location, camera, microphone and notifications. Each has a settings button next to it which you may activate to manage all custom permissions of that particular type. The click on settings opens the list of sites for which that permission has been set (either allowed or disallowed). It features a search to filter sites quickly, and lists sites with their URLs in the listing. To change a permission, simply click on the status and switch it to allowed or blocked, or use the "forget" options instead to remove the custom permission for that site completely. Comparison to about:permissions So how does the new permissions manager compare to the old? The first thing that you may notice when you compare the two is that it takes more clicks in the new to manage permissions for individual sites. If you wanted to remove all permissions of a site, you'd not only have to click on all four settings buttons, you'd also realize that you have to do so even if it turns out that a particular permission has not been granted. The new permissions manager, at least in the current state of development, lists fewer management options on top of that. While you may manage locations, camera, microphone, notifications, pop-up windows, and add-on installations, it does not list options to maintain offline storage, cookies, or several other permissions yet. Firefox users may find some of those elsewhere, cookies and password permissions are managed under Privacy & Security as well for instance. Still, this means even more browsing and clicking to manage all permission. The moving of the permissions system to the preferences is a welcome change however, as it gives the manager a dedicated home in Firefox. You may remember that about:permissions was never integrated into Firefox through links in the UI, and that users had to know about the resource to make use of it. Closing Words The return of global permissions management in Firefox is a welcome, overdue, change. I wish Mozilla would reconsider using a site-focused approach, and not one that focuses on particular permissions for managing these permissions though. (via Sören) Article source
  10. Winner of the "PC World World Class Award", this tool gives you with the best available protection on the web. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default, see https://hackademix.net/2010/12/28/x-do-not-track-support-in-noscript/. Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality... Experts do agree: Firefox is really safer with NoScript ;-) Homepage FAQ: https://noscript.net/faq Forum: https://noscript.net/forum Release Notes: version 5.0.4 v 5.0.4 ============================================================= + [XSS] Added countermeasures against several vectors exploiting client-side JavaScript templating frameworks (thanks Krzysztof Kotowicz and Sebastian Lekies for their research) x [XSS] Fixed e10s-related regression in window.name sanitization (thanks Krzysztof Kotowicz for reporting) x Fixed "Allow local links" breaking file:/// URL loading in Gecko 53 and above x Fixed JSON viewer working only on JavaScript-enabled URLs Install for Firefox https://secure.informaction.com/download/releases/noscript-5.0.4.xpi
  11. Dear Mailvelope users, We have a security notice for anyone who uses the encryption add-on Mailvelope with Firefox. We have had a current security audit of Mailvelope undertaken, in which a critical vulnerability was found in the interaction between Mailvelope and Firefox. Under certain circumstances, Firefox’s security architecture allows attackers to access users’ private keys via compromised add-ons. We therefore ask all users of Mailvelope in Firefox to carefully read our security recommendations found in this article, below. This also affects Mailvelope users with all other providers such as Gmail, Outlook.com, Yahoo!Mail, etc. Firefox’s architecture does not sufficiently compartmentalise add-ons from each other – this has been known for years. The fact that a Mailvelope user’s private keys could be compromised via targeted attacks in Firefox was not proven until now, however. The security engineers that we engaged from Cure53 have now proved this. In their investigative report, they conclude that Firefox does not currently constitute a suitable environment for Mailvelope. They write, “At the end of the day, the Cure53 testing team cannot in good conscience recommend the use of Mailvelope on Firefox.” Weakness expected to last until November 2017 We informed Thomas Oberndörfer, the developer of Mailvelope, after the security audit. He is unable to fix the weakness, however, as it has to do with Firefox’s architecture. New architecture is already being developed at Firefox. Mozilla is planning to conclude this work with the release of Firefox 57 in November 2017. Oberndörfer is also working on a version of Mailvelope for the new and improved Firefox architecture. We would like to thank him for his development work. Until Mozilla has updated the architecture, the following security recommendations apply: Option 1.) In the interim, switch to different software. Either use Mailvelope in a different browser, or use PGP with a local email program. You can find various instructions for these options in the Posteo help section. Option 2.) Alternatively, using an independent Firefox profile for Mailvelope minimises the risk in the interim. In the Posteo help section, we have published step-by-step instructions for the creation of Firefox profiles on Mac and on Windows. Mailvelope users with other providers can also follow these instructions. Please be sure to note the following security recommendations in order to effectively minimise the risk of a fruitful attack: Do not install any further add-ons in the newly-created browser profile Use the Firefox profile exclusively for your encrypted Mailvelope communication. Only access your provider’s webmail interface and never visit other websites using this profile. In addition, use a password for your PGP key that is as secure as possible Be careful not to accidentally install any add-ons via phishing, through which you could be attacked Due to the problems with the Firefox architecture, we additionally recommend: Restrict the use of add-ons in the Firefox browser to a minimum, until Mozilla has updated the architecture You can further protect yourself from potential attackers by setting up an additional user on your operating system for end-to-end encrypted communication Here are the recommendations from the Cure53 report once again, for transparency reasons: “Two paths can be recommended for the users who rely on Mailvelope for encryption and decryption of highly sensitive data. First, they could use Mailvelope on a browser profile that hosts only and exclusively Mailvelope with no other extensions. Secondly, they would need to rely on a different software solution, for instance Thunderbird with Enigmail.” “At present, any users working with Mailvelope on Firefox are encouraged to export their settings, delete the extension and migrate their setup to a Mailvelope installation running on Google Chrome. Alternatively, a separate browser profile running Mailvelope only could be used, with the caveat that one must not have any other extensions installed in order to minimize the risk of key material leakage.” Security engineers engaged by Posteo found the weakness In their daily activities, our customers use various devices, browsers and add-ons in their local environments. Our users’ communication security is very important to us – we therefore also continually have external standard components checked for weaknesses. Among others, we work together to this end with independent IT security experts at Cure53. They have now made a find with Mailvelope in Firefox. Dr Mario Heiderich from Cure53 explains, “the problem is currently located in the architecture. There is therefore no easy fix. Mozilla knows this, but also has to keep a difficult balance between radical changes and ones that are prudent but are often decisions that are slow to take effect. Things are going in the right direction, however, which is definitely something positive for more complex software.” Thomas Oberndörfer of Mailvelope states, “Mailvelope is naturally dependent on the security of the underlying browser. Weaknesses in Firefox’s add-on system have been known of for some time, so Mozilla’s improvement should be welcomed. Security audits such as the one undertaken by Posteo are important indicators for us to see how we can further improve Mailvelope.” Report to be published after weakness is overcome The weakness outlined above is expected to be overcome by Mozilla in November 2017. Out of consideration for security, we will therefore first publish the report at a later point. In it, the method of attack will be described in detail. The report is already available to Mailvelope and the BSI (German Federal Office for Information Security). The security audit has also yielded some positive results for Mailvelope, which we would like to outline here: There was a check made as to whether email providers for which Mailvelope is used could access a Mailvelope user’s private keys saved in the browser – this was not possible. All other attempts made by the security engineers to access private keys saved in Mailvelope, such as operating third party websites or man-in-the-middle attacks, were also unsuccessful. Weakness shows that open source increases security For security reasons, we exclusively support open source components with transparent code – such as the encryption plug-in Mailvelope. In our view, transparent code is essential for the security and democratic control of the internet: Independent experts can at any time identify weaknesses or backdoors via code analysis, as happened here. A provider or developer’s security claims do not need to be trusted. With the security audits that we commission, we want to contribute to further increasing the security of established open source components and genuine end-to-end encryption. Best regards, The Posteo Team Article source
  12. For a while now, malware distributors have been using a social engineering attack against Chrome users that entails a website showing an alert stating that a font needed to view the web page was not found. This attack then prompts the Chrome user to download a Chome Font Pack in order to properly view the site. Today, ProofPoint exploit expert Kafeine discovered that attackers have modified this attack to target Firefox users as well. Now when a visitor goes to a page that has this attack, the script will determine the browser and display the appropriate attack for either Chrome or Firefox. This attack campaign is currently pushing the Zeus Panda banking Trojan. Examining the Firefox HoeflerText Attack The attack entails tricking a target into going to a specific URL that is hosting javascript code that starts the attack. It is not currently known if the user is going to this URL through malspam, malvertising, or exploit kits. Once a Firefox user visits the site, they will be shown an alert stating that "The "HoeflerText" font was not found." and that they need to update the "Mozilla Font Pack" Caption Once a user clicks on the Update button, a download for a ZIP file called Mozilla_Font_v7.87.zip will be initiated. The downloaded zip file contains a JScript file called Mozilla_Font_v7.87.js. Mozilla_Font_v7.87.zip When the download is initiated, the alert on the web site will change to instructions on how a victim should install the "Mozilla Font Pack". Instructions on how to Install the HoeflerText Font These instructions inform the victim to double-click on the JS file in order to begin the update process. The contents of this script can be seen below. Mozilla_Font_v7.87.js File When the script is launched it will download a file called Mozilla_Font_v7.87.exe, which currently has 30/62 detections at VirusTotal, and saves it to the C:\ folder. Once saved, the script will execute the downloaded file. When the download is executed it will inject the Zeus Panda banking Trojan into two svchost.exe processes as shown below. Injected Processes A autostart will also be configured so that Zeus Panda launches when the user logs into Windows. As you can see, social engineering attacks are becoming more sophisticated and expanding to increase the range of available targets. It is therefore important to only install updates for a browser that are downloaded directly from the developer. Mozilla Firefox HoeflerText Attack Alert: The "HoeflerText" font was not found. The web page you are trying to load is displayed incorrectly, as it uses the "HoeflerText" font. To fix the error and display the next, you have to update the "Mozilla Font Pack". Manufacturer: Mozilla Corporation. Current version: Mozilla Font Pack 53.0.2785.89 Latest version: Mozilla Font Pack 57.2.5284.21 Mozilla Firefox HoeflerText Attack Instructions: The "HoeflerText" font was not found. To install "HoeflerText" font for your PC: Download the .js file. If prompted, click Run or Save. If you chose Save, double-click the .js file to start the installation process. We will automatically import your home page settings and browser history for you. Reboot Mozilla: Windows 7: A Mozilla window opens once everything is set up. Windows 8 and 8.1: A welcome dialogue appears, click Next to select your default browser. Windows 10: A Mozilla window opens once everything is set up. You can then make Mozilla your default browser. Article source
  13. Firefox Gets “Always Open In Container” Option Mozilla updated the Containers Test Pilot experiment recently. It features a new "always open in container" option now that users may utilize. Containers is a new feature of the Firefox web browser that is currently being tested and in active development. The feature allows you to launch websites and services in containers to separate them from one another in various ways. You may use the feature to separate work from entertainment sites for instance. Some browsing data is restricted to the container it is generated in. This is the case for cookies for instance, so that you may open the same site in different containers to sign in to different accounts at the same time without having to use different profiles or other means for that. Since cookies are separated, it reduces the tracking impact of cookies as sites cannot access cookies in different containers anymore. Mozilla launched Containers back in mid 2016 (in Nightly), and runs a Firefox Test Pilot experiment currently that brings Containers to all versions of Firefox. Always open in Container in Firefox When Mozilla launched Containers in Firefox Nightly in mid 2016, it revealed plans to improve the functionality of containers over time. One of the features on that list was an option to launch sites always in specific containers. The feature made a lot of sense, considering that you may want to launch news sites always in news containers, your bank's website in the banking container, or entertainment sites in the entertainment container to separate them always from anything that is not run in the container. The feature has launched as an update for the Test Pilot Containers add-on for Firefox. If you have not already, you may download Test Pilot and the Containers experiment to get the full functionality. The current work flow requires that you open a site in a container, and assign it to the container afterwards. You can launch sites by right-clicking on links for instance to select "Open Link in new Container Tab" to launch it in one of the available containers. Once the site has been launched in the container, right-click anywhere in the content area, and select the "Always open in this container" option from the context menu. A prompt is displayed the next time you open the site, be it with a click on a link that points to it, or by typing the address manually in Firefox's address bar. To open the site in a container, click on the take me there button. You may check the "remember my decision for this site" option to always open it in the container without the prompt being displayed again to you. Note: Site means entire domain in this regard. Any page on the domain will be launched in the container if you select that option. You may remove the assignment at any time by repeating the process. In short: open the site in the container, right-click on the content area, and remove the checkbox from "always open in this container". Firefox displays a desktop notification each time you add or remove sites to or from containers. Closing Words The option to link sites to containers so that they are opened in the linked containers is a welcome addition to the feature. The main reason for that is that it ensures that a site will be opened in a selected container, and not anywhere else. You get added benefits from this. Phishing sites won't be opened in the same container by default for instance, as they use a different domain than the copied site. You ensure as well that the site's cookies stay in that one container. Source
  14. Firefox Nightly Marks Legacy Add-ons The most recent version of Firefox Nightly, the browser's cutting edge version, highlights the add-ons that are not WebExtensions with the Legacy tag. One of the concerns that Firefox users who run one or multiple add-ons in the browser have currently is whether their add-ons will make the cut when Firefox 57 comes along. It is in this version of Firefox, out November 2017, that Mozilla plans to drop support for so-called legacy add-ons. The move blocks any non-WebExtension add-ons from working in the browser. In fact, users won't be able to install legacy add-ons when Firefox 57 hits, and the add-ons that they had installed before the upgrade to the new version of the browser won't be there anymore after the upgrade. It is a clear cut that Mozilla plans, one that is welcome by some and disliked by others. For Mozilla, moving Firefox's extensions system to WebExtension exclusively means a reduction in extension caused crashes and performance issues, the freeing up of development time because extension compatibility is less of an issue, and that users won't face that many issues anymore caused by add-ons. The naysayers of the move point out that Firefox will lose part of its add-on ecosystem, and with it add-ons. Extension won't be as powerful anymore, and are restricted in what they can do as they rely solely on the APIs that Mozilla creates. Some features that legacy add-ons offered are simply not implementable with the new WebExtensions system. Firefox users who run add-ons currently are also concerned when it comes to the add-ons that they are using in the browser. Will those make the cut, or won't they? It was quite difficult up until now to come up with an answer. The release of the latest Firefox Nightly version changes that, as legacy add-ons are tagged as that in the browser's add-on manager. If you want to verify whether your add-ons will make the cut if the cut would happen today, do the following (only in Firefox Nightly currently): Load about:addons in the Firefox address bar. Firefox should highlight all legacy add-ons right in the interface. Note: If you run Classic Theme Restorer, or another add-on that modifies the browser UI, you may not see the legacy tag there. You may see it with a click on the more link though. Click on the "more" link next to an add-on. Firefox displays Legacy next to the add-on if it is a legacy add-on. Please note that some developers are working on porting their extensions to the WebExtensions system. While these may be listed as legacy currently, they may be released as WebExtensions before the cut so that you may continue using them. Still, the tagging of add-ons as legacy makes a whole lot of sense. Mozilla should, and probably will, move the tagging to Beta and Stable versions of Firefox in the near future. Now Read: If Firefox 57 would be released today, these extensions would be compatible Source
  15. If Firefox 57 Would Be Released Today, 2273 Add-ons Would Be Compatible When Firefox 57 gets released in November 2017, Firefox will drop its old add-on system in favor of the relatively new WebExtensions system. The Firefox web browser is in a bit of a moving state right now in regards to the browser's add-on system and add-ons that are available for it. Mozilla plans to make Firefox 57 the first version of the browser that supports only WebExtensions. WebExtensions in plain old English are very similar to Google Chrome extensions, only that the Firefox version supports more powerful add-ons than Google Chrome does once Mozilla reaches feature parity with Chrome. Note that "plans" means that Mozilla may postpone the cut. Development may not be ready when Firefox 57 is going to be released -- on November 14, 2017 if the schedule holds -- or there may be other things that forces Mozilla to postpone the change. When the change happens, legacy add-ons will become incompatible with that version of Firefox. Legacy add-ons are all add-ons that are not WebExtensions. Tip: Legacy add-on or WebExtension? Find out if your add-ons are compatible. Some developers have ported their add-ons to the WebExtensions format already, and those will continue to work. Others are still in the development phase, and some won't port their add-ons for reasons such as that WebExtensions don't support the functionality of the add-on, or of time commitments. It is difficult to assess the situation right now, as WebExtensions functionality is still being worked on. It is unclear right now for instance if Firefox users will end up with thousands, or more than ten thousand extensions after the switch. We tried to shed some light in Top Firefox Add-ons and their WebExtensions status, but even with very popular add-ons, it is sometimes not possible to tell whether they will remain compatible after the switch. As far as the overall number of WebExtensions compatible add-ons is concerned: there is no definitive number, but you can get an approximation of it. What we know is that Firefox 57 is the release target for WebExtensions exclusivity. So, all we have to do is filter the add-ons on Mozilla's AMO website by a special tag to list the WebExtensions add-ons for the browser. So, if you point your browser at https://addons.mozilla.org/en-US/firefox/tag/firefox57 you will get 2273 add-ons right now To put this into perspective: Mozilla AMO lists 18814 add-ons right now. Not all of those are compatible with the current version of Firefox, Firefox 53 at the time of writing. A part of those add-ons will be turned into WebExtensions by their developers, or by users who forked a particular extension so that it remains available for a WebExtensions exclusive Firefox browser. What one has to consider as well is that support for WebExtensions opens up the Chrome Web Store for Firefox. While not all Chrome extensions will work in Firefox, once Mozilla reaches feature parity, a large part will. Source
  16. Issue: Firefox freezes for a few seconds while Internet Download Manager (IDM) automatically catches a download after the user clicks on a downloadable link. Solution: When I updated Firefox to the latest version v53, the IDM integration module for Firefox was not supported anymore and IDM wasn't receiving any updates either. So I googled for IDM add-on compatibility with the latest version of Firefox and ended up with this site. I downloaded the add-on for v53 manually (direct installation of 3rd party add-on is not allowed by Firefox's latest versions, I guess) and installed it. Restart Firefox. Done. Comments: I have observed that the default add-on that IDM installed had a size around 600 KB but the add-on I have downloaded from the site is just 76.1 KB. I have no idea why the default IDM add-on have to be comparatively so bigger. Or, you can find the file inside the IDM installation folder in the programs itself. The file is named as idmmzcc3.xpi. (Courtesy - @IronY-Man & @straycat19) This fix is tested working with latest version of both Firefox (64-bit) and IDM. Please share your feedback. Thank you and Enjoy!
  17. This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers: There is a phishing attack that is receiving much attention today in the security community. As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing. This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker. This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers. We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com. Here is what the real epic.com looks like in Chrome: Here is our fake epic.com in Chrome: And the real epic.com in Firefox: And here is our fake epic.com in Firefox: As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com. The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data. We even managed to get an SSL certificate for our demonstration attack domain from LetsEncrypt. Getting the SSL certificate took us 5 minutes and it was free. By doing this we received the word ‘Secure’ next to our domain in Chrome and the little green lock symbol in Firefox. How is this possible? The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar. What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form. How to fix this in Firefox: In your firefox location bar, type ‘about:config’ without quotes. Do a search for ‘punycode’ without quotes. You should see a parameter titled: network.IDN_show_punycode Change the value from false to true. Now if you try to visit our demonstration site you should see: Can I fix this if I use Chrome? Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This should be released to the general public within the next few days. Until then, if you are unsure if you are on a real site and are about to enter sensitive information, you can copy the URL in the location bar and paste it into Notepad or TextEdit on Mac. It should appear as the https://xn--….. version if it is a fake domain. Otherwise it will appear as the real domain in its unencoded form if it is the real thing. Spread the word The concept of an IDN homograph attack has been around since 2001 when Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher first wrote about it. Web browsers have attempted various fixes but the current implementations in Chrome and Firefox are clearly not doing a good enough job. To Chrome’s credit, they are about to fix that. Thankfully there is a manual fix for Firefox. We would like to encourage you to spread the word. This new twist on phishing is getting a lot of attention today, Friday April 14th and is making the rounds currently in the security community. Xudong Zheng wrote about this earlier today and it is also being discussed on the netsec subreddit. We think here is a high possibility that this may be exploited in phishing attacks before the Chrome fix is released to the general public, which is why we are posting this public service announcement. Article source
  18. Mozilla Firefox 53.0 - 32bit[x86] and 64bit[x64] Stable[New] + 52.1.0 ESR[New] Mozilla Firefox v53.0 stable + v52.1.0 ESR available for download. Tip: If you want to get rid of web notifications completely, you can Enable/Disable using about:config and toggle "dom.webnotifications.enabled" to "false" and Restart Firefox. If you want it back, just toggle to "true" and Restart Firefox. Release Notes: https://www.mozilla.org/en-US/firefox/53.0/releasenotes/ Download Links - Stable: All Languages and OS: https://www.mozilla.org/en-US/firefox/all/ FTP links: https://ftp.mozilla.org/pub/firefox/releases/53.0/ Windows[x86 - 32bit]: https://download.mozilla.org/?product=firefox-53.0-SSL&os=win&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/win32/en-US/Firefox Setup 53.0.exe Windows[x86 - 32bit - EME Free]: https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/win32-EME-free/en-US/Firefox%20Setup%2053.0.exe Windows[x64 - 64bit]: https://download.mozilla.org/?product=firefox-53.0-SSL&os=win64&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/win64/en-US/Firefox Setup 53.0.exe Windows[x86 - 64bit - EME Free]: https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/win64-EME-free/en-US/Firefox%20Setup%2053.0.exe Mac: https://download.mozilla.org/?product=firefox-53.0-SSL&os=osx&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/mac/en-US/Firefox 53.0.dmg Mac[EME Free]: https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/mac-EME-free/ Linux[x86 - 32bit]: https://download.mozilla.org/?product=firefox-53.0-SSL&os=linux&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/linux-i686/en-US/firefox-53.0.tar.bz2 Linux[x64]: https://download.mozilla.org/?product=firefox-53.0-SSL&os=linux64&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/linux-x86_64/en-US/firefox-53.0.tar.bz2 Linux[x86-x64- EME Free]: https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0/linux-x86_64-EME-free/ Download Links - ESR: All Languages and OS: https://www.mozilla.org/en-US/organizations/all/ FTP links: https://ftp.mozilla.org/pub/firefox/releases/52.1.0esr/ Windows[x86 - 32bit]: https://download.mozilla.org/?product=firefox-52.1.0esr-SSL&os=win&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.1.0esr/win32/en-US/Firefox Setup 52.1.0esr.exe Windows[x64 - 64bit]: https://download.mozilla.org/?product=firefox-52.1.0esr-SSL&os=win64&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.1.0/win64/en-US/Firefox Setup 52.1.0.exe Mac: https://download.mozilla.org/?product=firefox-52.1.0esr-SSL&os=osx&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.1.0esr/mac/en-US/Firefox 52.1.0esr.dmg Linux[x86 - 32bit]: https://download.mozilla.org/?product=firefox-52.1.0esr-SSL&os=linux&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.1.0esr/linux-i686/en-US/firefox-52.1.0esr.tar.bz2 Linux[x64]: https://download.mozilla.org/?product=firefox-52.1.0esr-SSL&os=linux64&lang=en-US Or https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.1.0esr/linux-x86_64/en-US/firefox-52.1.0esr.tar.bz2 Firefox for Android - 53.0: Not Yet Released
  19. The upcoming version of Firefox blocks dangerous flash content. The Plugins section in Add-ons Manger of Firefox browser, which on Nightly has got a new option for Flash Plugin –Block dangerous and intrusive Flash content‘ with a checkbox that can be controlled by about:config preference plugins.flashBlock.enabled. FYI, 32-bit Firefox version on Windows already offers preferences page for Flash Plugin which is to enable or disable Flash Player protected mode, with this addition, you can notice two checkboxes on 32-bit version of Firefox browser, but this is the only checkbox you’ll see for Flash on 64-bit Firefox. FYI, the new Flash allow/blocklist feature applies to either ‘Ask to Activate’ setting or ‘Always Activate’ setting. For this bug -‘ Implement new plugin option for Flash as a checkbox to toggle the allow/blocklist feature (plugins.flashBlock.enabled)‘ target milestone has been set to Firefox 55. Article source
  20. To reduce the release Overhead, Mozilla has decided to discontinue Aurora channel –which is part of Firefox release cycle — and merge with Beta, keeping Devedition themes. This will happen on April 18, 2017. The company calls this as Dawn Project. With this, the Firefox release cycle comes down to three release channels from four: Nightly > Beta > Stable. Nightly will spent an additional 6 weeks. And the Beta now becomes the first stabilization phase after Nightly (which used to be Aurora till now). This change will affect Firefox on desktop, Android, Thunderbird and Seamonkey products as well. Firefox Developer Edition’s Dark theme for Chrome is here Atm, Release train versions : Nigthly 55, Aurora 54, Beta 53 After the merge day, Release train versions will become: Nightly 55, Beta 54 , Stable 53. You can find the changed Firefox 2017 release schedule below. Firefox 53 Release Date changed to April 19 from 18 Firefox Release Schedule 2016 The Reason for Firefox Aurora channel removal “With significant improvements in stability and performance in the Nightly channel we have determined that we tend to gain more time by testing and localizing in Nightly and stabilizing in Beta. The increased speed to market and resulting quality and stability in the Beta channel is why Aurora is going to be discontinued on April 18 (next merge day, exceptionally on Tuesday). ” Mozilla’s engineer Francesco Lodolo said in a thread on the Google groups forum. Developer edition will be migrated to Beta “Between April and June, Firefox on desktop will continue to receive updates for critical security issues and the Aurora and Developer Edition populations will be migrated to the Beta update channel. On Android, Aurora users will be migrated to Nightly.” Article source
  21. Here we go again! With the launch of the Windows 10 Creators Update and Edge 40 (EdgeHTML 15), Microsoft has released a new battery usage test that, naturally, trashes the company's competition. This new test shows that Edge uses less power than both Chrome 57 and Firefox 52, and is bound to draw a response from its competition, especially Google, who doesn't like it when Microsoft takes a jab at Chrome's efficiency. Welcome to the battery usage wars! The same thing happened last year, in June, when a similar test showcasing Edge's longer battery life was met with responses from both Google and Opera. Not giving up on its claims, Microsoft re-ran the test in September, also publishing the testing procedure on GitHub, with the release of BrowserEfficiencyTest, a Selenium WebDriver that automates common user browsing operations, such as looking through a Facebook feed, going through some emails, and browsing the news. The September test was done on clean Windows 10 Anniversary Update (build 14393.105) version, while the new test, performed this month, was run on three identical Surface Book laptops running Windows 10 Creator's Update (build 15063). CPU, GPU, and Wi-Fi antenna power consumption were measured using onboard Maxim chips and the Windows Performance Recorder. Below are the hardware and software specifications of the testing rig: OS and browser versions OS Windows 10 Pro 15063.0 Microsoft Edge Microsoft Edge 40.15063.0.0 Chrome Google Chrome 57.0.2987.133 (64-bit) Firefox Firefox 52.0.1 (32-bit) Hardware Processor i5-6300U @ 2.4GHz 2.5GHz Memory 8G Graphics Intel HD Graphics 520 Two different types of tests were performed until a latpop's fully-charged battery gave out. The first test measured normal browsing performance and the second ran a looped Vimeo fullscreen video. For each browser, a minimum of 16 iterations were recorded per test, and the average between all iterations reported. Unlike the September tests [1, 2], Opera wasn't included. Normal browsing performance test In the normal browsing performance test, Microsoft claims Edge used 31% less power than Chrome 57, and 44% less power than Firefox 52. Video performance test In the second test, Edge played this Vimeo video for 751 minutes (12:31:08), while Chrome lasted 557 minutes (9:17:03) and Firefox for only 424 minutes (7:04:19). That's a whopping three hours over Chrome. Of course, all these tests need to be taken with a grain of salt. When one of the participants runs these tests and comes on top, it's kind of hard to take them seriously. Nonetheless, it's always fun to see multi-billion dollar businesses taking jabs at each other's products, like that time when Microsoft claimed in a now-deleted tweet that Edge is the first and only browser to feature tab previews, only to be mocked by Opera and Vivaldi, both which featured tab previews for years. Source
  22. Mozilla published information on Tab Mix Plus's WebExtensions compatibility recently after auditing the add-ons functionality. Tab Mix Plus is a popular browser add-on for the Firefox web browser that adds many customization options to the tabbed browsing behavior of Firefox. Among many other features, it enables you to display multiple tab rows, change tab styling, and link behavior. Tab Mix Plus is a classic add-on that will stop working in its current form when Mozilla releases Firefox 57, as the organization plans to end support for classic add-ons for the most part at this point in time. The add-on needs to be rewritten as a WebExtension for support for Firefox 57+. One issue that add-on developers face is that the development of WebExtension APIs is an ongoing process. This is especially problematic for developers who have created powerful add-ons such as Tab Mix Plus. Mozilla audited the Firefox add-on Tab Mix Plus recently to find out which features are already implementable, and which are not yet supported. The result is a mixed bag right now. While some features are already available through various WebExtension APIs, others are not. Most link behavior, session management, and advanced settings are supported for instance, and as are most events. Other features on the other hand are not supported. Some are already planned, but others would require the creation of new or improved APIs to make it happen. WebExtensions do not support for instance options to show Tab Mix Plus' buttons on the tab bar, position changes of the tab bar, different tab bar styles, or display tabs in multiple rows in the browser window. Mozilla notes that some of the features could be implemented in the feature by re-implementing the toolbar API. Good news for users of Tab Mix Plus is that the author of the extension seems interested in creating a WebExtension version of Tab Mix Plus. He notes however on Bugzilla that he won't be able to do it alone, and that he needs help from Mozilla and contributors. I need to develop Tab mix from the start in order to make it Webextension. I don't think that i can do it alone without mentoring from Mozilla and more code contributes from the community. Mozilla announced a support program recently for add-on developers to help them port their add-ons to WebExtensions. The WebExtension APIs are under active development right now, but if Tab Mix Plus would be ported right now, only some of its functionality would be available to Firefox users. That's probably better than none at all, but still disappointing from a user perspective. The situation may improve over time, as Mozilla plans to extend WebExtension APIs. Article source
  23. Firefox Gets A Performance Settings Section Mozilla plans to add a Performance section to the Settings page of the Firefox web browser that allows users to modify some performance related parameters in the UI. The roll-out of Firefox's multi-process architecture was a big step in the right direction for Mozilla. The architecture separates the browser's core from sites and applications. While that is good for stability, and in the future also for security, Firefox users do have little control over the feature right now. Experienced users know how to change the number of content processes to reduce the browser's RAM usage for instance, but most users are probably unaware of these options. Firefox Performance Settings The planned Performance section of Firefox's Settings page exposes this, and other performance related parameters, on the browser's frontend. Note: The feature is being worked on right now. Things may change along the way, some may be removed, others added. If the current plan holds, Performance will become an option on the Firefox settings page. It will feature an optimize Firefox button prominently on the page, and a checkbox that determines whether Firefox will use recommended performance settings, or custom ones. If you disable the "use recommended performance settings" option, custom preferences are displayed: A slider to set the number of content processes that Firefox uses (from 1 to 7 currently). An option to toggle UI animations. An option to toggle page prefetching. The three options are pretty straightforward. The two toggles may improve performance of the browser on older systems when disabled. The content processes slider may be used to decrease the browser's RAM usage if content processes are reduced, or may increase the browser's RAM usage if increased. The latter may be beneficial to stability however. This exposes an option in the Firefox user interface to set a custom number of content processes. The optimize Firefox button may look like the most interesting option on the page. It appears however that activating it will only disable all extensions installed in the browser. Extensions are sometimes the source for high RAM usage or slow downs, and that is probably the main reason why Mozilla added the option to the settings page. A bug was filed on [email protected] to exclude WebExtensions from being disabled when a user hits the optimize Firefox button. You can track the implementation of the new Performance section in Firefox here. Closing Words The upcoming Performance section exposes performance related options on the Settings page. While it won't be that useful to experienced Firefox users who know how to use about:config to make those changes manually, it may help less-experienced users of the browser make some of those changes. Now You: What would you like to see in the performance section? Source
  24. Firefox 57 Photon Mockups: Activity Stream, Library, Compact Mode, More Mozilla revealed a new batch of mockups showcasing the planned re-design of the Firefox user interface, codename Photon, in Firefox 57. Mozilla plans to release a theme refresh of its Firefox web browser when the browser hits version 57 in November 2017. The refresh is code-named Photon, and it is the first major design refresh of Firefox since the launch of Australis back when Firefox 29 was released. Australis was a highly controversial change, not only because of the design elements that it introduced, but also the things that it removed or blocked from customization. Firefox 57 will introduce major changes, even more than Australis did. This is only partially because of the redesign, as Mozilla plans to make the switch to WebExtension exclusivity when that version hits as well. The browser makers break with Firefox's old add-on system, so that only WebExtensions add-ons may be run in Firefox 57 Stable or newer. But Firefox 57 Stable is also the first version of the browser that ships with major Project Quantum components, which, according to Mozilla, will make the browser significantly faster in those areas. The first Firefox Photon mockups showed up on the Internet in March 2017. They showed the main interface, and the new tips section that Mozilla plans to add to the about:home page of the web browser. The about:home page is displayed to new users of the browser, or when it is loaded manually. Note: The following screens are mockups. This means that they are not set in stone yet, and that looks and functionality may change before things land in Firefox 57. Firefox 57 Photon: new mockups The new mockups highlight other parts of the web browser, including the activity stream, the library, and the compact mode among other things. The first two mockup screenshots show the new Activity Stream page of Firefox. Activity Stream launched as a Test Pilot project initially. These test add-ons are launched to collect feedback and telemetry data to make educated decisions about their future integration in the Firefox web browser. The Activity Stream page has a Pocket "trending stories" listing. It is unclear whether this will only be displayed to Pocket users, or if this is displayed to all Firefox users. Mozilla acquired Pocket some time ago, which means that it could be either way. Firefox users who don't want to use the Activity Stream tab page can install WebExtensions that modify the New Tab Page of the web browser. You may also notice that the two Firefox windows on the screenshots above have different window colors. Mozilla might pick up the color from the operating system. Firefox Compact Mode Mozilla plans to launch two compact themes in Firefox 53 (a light and dark one). The company plans to launch a touch mode and compact mode in Firefox 57. It seems likely -- but has not been confirmed -- that this new compact mode will replace the modes that Mozilla will launch in Firefox 53. The mockup shows the differences between touch, normal and compact mode in Firefox. The planned touch interface increases interface elements a bit to improve accessibility. Firefox new main menu The main menu mockup shows the new menu structure. Mozilla plans to move away from the current, icon-heavy menu that is quite difficult to navigate and use. The new menu displays an entry per line, and uses considerably less space than the current menu. The menu lists more options than the old, and some, like the Web Developer menu, link to secondary pages with additional options. Another difference is that you won't be able to remove entries from the menu any longer. Firefox users may add entries to a new >> menu that is displayed on the left side of the main menu. This is the new location that users may add things like extension links that should not be visible all the time in the browser UI. Customize options The customize screen looks pretty much the same as before. One change is that you cannot add or remove items from the main menu anymore as it is locked. You may move the icons to select locations of the interface, including before or after the address bar, and to the new custom menu. Firefox users who use the search will notice that the search element is listed on the customize page. This is an indicator that it will be still an option when Firefox 57 launches. Firefox 57 new library A click on the library icon lists several options. Users may use it to open the bookmarks, downloads, history and synced tabs, the Pocket list, and check out the recent activity. Note that it takes two clicks now to display bookmarks or downloads. The classic library options remain in place however for the time being. Sidebars The sidebars get a new menu that enables you to switch between them easily using it. (Thanks Sören Hentzschel) Now You: What's your take on the new batch of mockups? Source