Jump to content

Search the Community

Showing results for tags 'firefox'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 365 results

  1. Some exciting news this week for Firefox users running on Wayland... Martin Stránský of Red Hat who is on the Fedora Firefox team and was involved in bringing up Wayland support on Firefox has worked on an interesting improvement for the browser. Martin this week posted a patch implementing FFmpeg-based VA-API video acceleration for Firefox on Wayland. In leveraging the recent Wayland DMA-BUF support within Firefox, it's finally possible with this patch to have Video Acceleration API (VA-API) GPU-accelerated video decoding within the browser when running natively on Wayland. The work-in-progress code for Firefox with VA-API acceleration on Wayland can be found via this Mozilla bug report. The focus is on Intel video acceleration with VA-API but ultimately should end up working ideally with other VA-API driver implementations too. Hopefully this work will see the light of day in upstream Firefox soon. Source
  2. Revamped Firefox browser for Android set to arrive on the nightly branch tomorrow Over the last several months, Mozilla has been shipping a version of its browser called Firefox Preview. Firefox Preview is a completely redesigned version of Mozilla’s mobile browser that will supersede the existing Firefox for Android versions. From tomorrow, users of Firefox for Android Nightly will experience the redesigned Firefox for the first time and in the coming weeks and months, it’ll arrive on the beta and stable channels. The new Firefox is built using GeckoView and includes a whole new UI. The redesign is noticeably faster than the existing Firefox for Android browser and it includes better security controls, similar to those we see in the Firefox browser on the desktop. With Mozilla starting from scratch, it has had to try its best to become feature comparable with the existing version; recently it gave users the option to move the URL bar, and change the default search engine to a custom selection. One feature that’s still missing from the revamped browser is add-on support, with that said, Mozilla is actively working to include the feature in the browser so hopefully, it’ll be available by the time it graduates to the beta or stable channels. With the launch onto the nightly channel tomorrow, Mozilla will get even more feedback on its work and be able to refine it further ready for prime time. According to the current schedule, the brand new Firefox for Android will go into beta in spring and will then land in the stable channel in the first half of the year. If you don’t mind using cutting edge technology, Firefox Preview is still available in the Play Store right now but it isn’t as feature-complete as the stable Firefox for Android browser. Source: Revamped Firefox browser for Android set to arrive on the nightly branch tomorrow (Neowin)
  3. Firefox 74 will drop support for TLS 1.0 and TLS 1.1 Version 74.0 of the Firefox web browser will drop support for the encryption protocols TLS 1.0 and TLS 1.1 entirely. Sites that don't support at least TLS 1.2 will show a "secure connection failed" error page when the change lands preventing users from accessing the sites. Mozilla and other browser makers including Google, Microsoft and Apple revealed plans in 2018 to deprecate TLS 1.0 and TLS 1.1 in 2020 to improve the security and performance of Internet connections. The announcement was made well in advance to give webmasters and organizations time to migrate services that still used one of the protocols to a newer protocol. TLS 1.3 Final was published in 2018 and browser makers like Mozilla or Google implemented support for the new protocol in their browsers. All major web browsers support TLS 1.3 as of today. While support for better more secure protocols is available, some sites have not migrated to using these protocols exclusively. A Mozilla scan in mid 2019 showed that about 8000 sites of a list with 1 million top sites were not supported TLS 1.2 or higher. The count may be lower by now considering that another six months have passed since the scan was made. Starting in Firefox 74, sites that use TLS 1.1 or lower won't load anymore in the browser. The same will happen at around the same time in Google Chrome and other major browsers such as Microsoft Edge or Apple Safari. In Firefox, the browser will throw a "secure connection failed" error message with the error code "SSL_ERROR_UNSUPPORTED_VERSION" with no option of bypassing the error (because support for TLS 1.0 and 1.1 is removed from the browser). Sites that are actively maintained will likely be updated in time to support newer protocol versions so that connections to these sites won't be interrupted. Some sites, e.g. those that are not actively maintained anymore or cannot be updated to support newer protocol versions, won't work anymore once the change lands. Most Firefox users will see minimal disruption, if any, when Firefox is upgraded to version 74.0. Firefox 74.0 Stable is scheduled for a March 10, 2020 release. Source: Firefox 74 will drop support for TLS 1.0 and TLS 1.1 (gHacks - Martin Brinkmann)
  4. Please Mozilla, don't touch the user.js functionality in Firefox A bug report opened about nine months ago on Mozilla's Bugzilla bug tracking site for Firefox suggests that the organization could disable reading the user.js file of the Firefox browser by default in the future. If you have not heard about user.js before, it is a configuration file that controls preferences in the Firefox web browser. One of the main advantages over Firefox's preferences file is that it has priority and that it is a user-owned file that is left untouched when Mozilla makes changes to the browser. I suggest you check out the ghacks user.js repository on Github for detailed information and an extensive file to improve privacy and security of the Firefox web browser. The bug reporter states in the description that he "never fully understood the point of having this file", that people have abused it and "broke stuff" in Firefox, and that it offers nothing that cannot be achieved by modifying the default preferences file, or by using Enterprise policies. Additionally, since Firefox needs to check for the file's existence regardless of whether it exists or not, it is causing "additional IO early on startup". According to telemetry that Mozilla gathered, about 3% of Firefox installations that report telemetry use user.js files. Others have pointed out early in the discussion that there are advantages, including maintaining Firefox preferences over multiple systems, when reinstalling Firefox, moving it, or installing a new version or edition of the browser. Another benefit that was pointed out early in the discussion is that user.js preferences are permanent (unless edited by the user) whereas prefs.js preferences are not as they may be modified by Mozilla at any time. As Mike Kaply puts it, "he advantage here is that you can have a file that you keep around and just drop into a profile directory and Firefox doesn't mess with it". The suggestion brought forward is to disable user.js by default but introduce a preference in Firefox that users need to enable actively so that the user.js file is read again. While that would ensure that Firefox retains support for user.js configuration files, it would block Firefox from reading the file after the change lands even if it is in use; this would mean that a user's desired configuration, e.g. related to privacy or security, won't be honored by the browser until the configuration change that enables the reading of the file is made. The bug reporter already revealed long term plans to remove support for the file entirely from Firefox. Longterm, I'd really like to evaluate whether we can remove support for this file entirely, because it just fundamentally doesn't really make sense to have so many different files that all control the same thing, but it probably requires figuring out why so many people use it, which we don't have cycles to do. Nor is it really obvious how we'd go about doing so: if we think a substantial portion of people aren't aware they've done this, just doing a survey "why do you have this file" is unlikely to be enlightening; we could try doing telemetry on what prefs get set, but we'd probably have to have some kind of strict list of prefs we allow ourselves to send back to avoid passing back user data, which again might not get us the data we need. Here is what I think about all this The user.js file is an integral part of Firefox. It is used by about 3% of all Firefox installations and it is likely that the number is a bit higher even considering that many user.js files such as the Ghacks user.js have Telemetry disabled by default. Making this a pref in about:config would probably not lead to a mass exodus of users and it would probably also keep the outcry contained. It seems possible that lots of users would migrate to another browser, e.g. Waterfox or Palemoon/Basilisk, that continues to support the functionality, or migrate to a Chromium-based browser While I understand Mozilla's drive to improve Firefox startup performance, it needs to be weighted against the breakage that the change causes. Lots of features have been removed or been broken in the past already in Firefox by engineers who sometimes could not come up with a reason for using them or at other times ignored the marginal number of users that used a feature. Maybe, it is time to Source: Please Mozilla, don't touch the user.js functionality in Firefox (gHacks - Martin Brinkmann)
  5. Firefox 72.0.1 fixes a security vulnerability that is actively exploited Mozilla has released Firefox 72.0.1, a new stable version of the Firefox web browser. The release may come as a surprise to many considering that Firefox 72.0 was released just a few days ago. Firefox ESR, the Extended Support Release aimed specifically at organizations and users who need stability in regards to changes, is also updated to Firefox ESR 68.4.1. While it is not uncommon for Mozilla to release a minor update or even multiple between major Firefox releases, it is rare that an update is released just days after a release. Firefox 72.0.1 fixes a security vulnerability in the web browser that is actively exploited according to Mozilla. The release note lists the security fix as the only change in the new Firefox release. Mozilla's Security Advisories hub lists a single vulnerability that has been patched in Firefox 72.0.1. The vulnerability has received a rating of critical, the highest available rating reserved for vulnerabilities with a high impact. The description provides the following information: CVE-2019-17026: IonMonkey type confusion with <code>StoreElementHole</code> and <code>FallibleStoreElement</code> Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. Reported by Qihoo 360 ATA, the vulnerability affects the browser's Just in Time Compiler. Since it is exploited in the wild, Mozilla had to react quickly to release a patch. The new versions of the Firefox web browser, Firefox 72.0.1 and Firefox ESR 68.4.1 are already available. Firefox users can download the latest release from Mozilla's website or use the built-in updating functionality to update the browser this way. A click on Menu > Help > About Mozilla Firefox runs a manual check for updates. The browser should pick up the new version and install it automatically on the system. Firefox users are encouraged to update the browser as soon as possible to protect the browser against attacks targeting the vulnerability. Source: Firefox 72.0.1 fixes a security vulnerability that is actively exploited (gHacks - Martin Brinkmann) [ News & Updates post... Mozilla Firefox Browser 72.0.1 ]
  6. Skip sponsor messages in YouTube videos with SponsorBlock SponsorBlock is an open source browser extension for Google Chrome and Mozilla Firefox (and compatible browsers) that skips sponsored messages on YouTube automatically. YouTube publishers have several monetization options at their disposal. Most may display advertisement provided by Google on their channels and that is without doubt the most common method. Others include benefiting from YouTube Premium (does not seem to work that well for most), Super Chat to monetize live chats on YouTube, sponsored videos, and sponsored messages during regular videos. Sponsored messages are usually played after a short intro to advertise a product, e.g. hardware or services. These messages play even when ad-blockers are used in the browser of choice. The relatively new SponsorBlock extension provides a solution as it will auto-skip sponsored messages on YouTube. It is a crowd-sourced extension which means that users may submit new videos with sponsored parts to a central database. One user submits the info and everyone else benefits from the information. Sponsored parts of videos that are in the extension's database will be skipped automatically once the extension is installed. You will notice a "sponsors skipped" popup when that happens and may interact with it, e.g. to unskip and play the part or disable the popup for good. The project's GitHub page lists a little bit less than 50k submitted sponsors from over 8000 contributors. The extension comes with reporting functionality to add a new entry to the database. All it takes for that is to click on the extension icon and hit the "sponsorship starts now" button when the sponsored content begins to play. When it ends, hit the end button to complete the process and submit the data. Users may vote on a sponsor time which is used to verify data that is submitted by users. SponsorBlock keeps track of skips and displays statistics in the interface about the time saved while using the extension. An option to whitelist channels is provided as well to always keep the sponsored parts of videos of particular channels playing. Just like whitelisting in ad-blockers, it helps channels with their monetization efforts. Closing Words SponsorBlock's effectiveness depends on its database and user contributions. I checked out the extension back when it was first released but decided against a review at that time because of a lack of entries in its database. It seems likely that the extension will grow in the coming years as more and more YouTube publishers start to use sponsored messages in their videos. Source: Skip sponsor messages in YouTube videos with SponsorBlock (gHacks - Martin Brinkmann)
  7. Scrapyard is an advanced bookmarks manager for Firefox Scrapyard is an open source extension for the Firefox web browser designed to improve bookmarking in Firefox in multiple ways. Firefox users may use it to bookmark pages but also content on pages, and store the data locally. Firefox's default bookmarks functionality is quite basic. Users may bookmark webpages or sites, add tags to bookmarks, use folders to sort bookmarks, and use Firefox's synchronization feature to sync bookmarks across devices. Firefox users who require more functionality need to rely on add-ons for that. Bookmarks Organizer is a handy extension to find dead or redirecting bookmarks. Tip: check out the Memex extension for better search functionality. Scrapyard is a browser extension for Firefox that improves bookmarking in the browser. The extension integrates well with the native functionality of the browser which means that it will display all existing bookmarks and the bookmark structure. Note: The extension requests lots of permissions which may scare some users away. It is open source and anyone may check the source of the extension to make sure that it is safe to use. A quick glance at important files did not return anything out of the ordinary but someone would need to invest more time for a deeper inspection. Scrapyard uses the sidebar to display the bookmarks. It displays Firefox bookmarks in a folder structure by default but it is possible to switch to other bookmark shelves that all act independently from one another. A click on the extension icon displays options to add the page as a bookmark to any of the available shelves. You may change the name, create folders, or add tags during the process. Observant readers may have noticed that the extension displays two buttons in its menu: bookmark and archive. Bookmark functions just like Firefox's bookmarking feature; a link to the page is saved in Firefox so that it can be opened at a later point in time. Archive on the other hand saves a copy of the selected content or the entire page locally. The extension ignores scripts and some file types but will save everything else. Tip: check out the options to enable the "scroll down page to force lazy loads before saving" option to make sure the entire page is saved when archive is selected, and to "allow passive mixed content" as well. Archived copies can be opened locally, even if no Internet connection is available. The extension saves HTML, images and CSS to make sure that the archived page displays fine. It is still possible that some pages may not if they rely on scripts. Scrapyard users may attach notes to any saved bookmark or content copy, and use built-in todo functionality next to that. Just right-click on a bookmark in the sidebar and select "open notes" or "todo" to use these options. Open Notes displays a plain text viewer and editor that you may use to add a note to the selected bookmark. Todo on the other hand adds a status to a bookmark, e.g. Waiting, Todo, or Done, and color codes it based on the status. Data may be imported and exported manually but there is also cloud synchronization support if that is preferred. Dropbox is the only supported provider at the time of writing and it needs to be enabled in the settings. Another handy feature is the built-in link checker that you may run from the check links section in the options. Closing Words Scrapyard is a powerful bookmark extension for Firefox that adds note taking and basic to-do functionality as well as page and content archiving as extra functionality. Source: Scrapyard is an advanced bookmarks manager for Firefox (gHacks - Martin Brinkmann)
  8. Enables mouse gestures in Firefox with the Gesturefy extension Mouse gestures were a popular feature in Opera (classic) back in the days when Opera still relied on its own Presto engine and Chrome did not even exist. These simple shortcuts can save you a few clicks and in turn a few seconds, and they may also be used to control some functionality with just the mouse. Of course, Firefox did have its own version of it through add-ons like Easy Gestures (not available anymore). Today, Firefox users may check out extensions like smartUp Gestures instead. Gesturefy is a webextension that's quite similar to it. A nice animated tutorial is displayed once the add-on is installed to educate users about how to use mouse gestures. More specifically, it tells you to right-click, hold the button and drag the mouse downwards. This gesture executes a command to scroll to the end of the page. Three visual elements are displayed when the gesture is performed. One is a small line at the cursor's location, called gesture trace, that indicates the mouse movement. The other is an OSD (on-screen display) text which tells you what the gesture does. For e.g. When you trigger the aforementioned gesture, you will see a text that reads "Scroll to the bottom", and you'll also see some arrow symbols that represent it. There are a lot more gestures available in Gesturefy. The add-on doesn't display a button in the browser, but has an options page that lists all the gestures. Here is a list of them along with a screenshot of the gesture directions. New tab Close tab Restore tab Reload tab Reload tab Page back Page forward Scroll to the top Scroll to the bottom Focus right tab Focus left tab Open Gesturefy settings Some gestures require multiple actions which have to be done in a sequence, all the while when the right mouse button is held down. For e.g. To open a new tab, right-click and drag the cursor down, and drag it upwards without letting go of the mouse button. It may sound difficult at first, but remember this, don't drag it too far, make the gesture as short as possible, and you may realize how convenient it is. Customization Don't like the gesture? Create your own by using the + button, or change an existing one by clicking on it. The creation process consists of three steps: Command, Gesture Directions, and Labels. Click on command to bring up a "Command bar", which lets you select the action that is triggered when you make the gesture. For e.g. New tab or close tab. Next you'll need to select the Gesture Directions, which is to set the way the mouse should be dragged. There are two ways to define this, either use the arrow keys to set it, or draw the gesture inside the large box on the right. The Label is optional, but if configured, will display the command on the screen when you use the gesture. Gesturefy allows you to customize the gesture trace's line color, opacity, width, thickness, command's font color, size, and gesture direction color. The Blacklist option can be used to add websites which the gestures should be disabled on. Rocker Gestures These are more advanced gestures, and are disabled by default. Go to the Extras menu in the add-on's page to enable these. Rocker gestures make use of both mouse buttons. For e.g. Right-click and hold the button, followed by a left click to execute a command. Or use it the other way (left click and hold + right click). Naturally, this is limited to 2 combinations, but the good news is that you can customize them. Wheel Gestures Hold the right or left mouse button and use the scroll wheel to make a gesture. Since I use a small mouse, it was a bit difficult for me to use the middle-finger for the scroll wheel while left clicking. But it works well with normal and gaming mice. Closing Words Gesturefy is an open source add-on. The extension provides a very intuitive way to navigate web pages, and you don't have to move the mouse to the tab bar every time to switch, close, open tabs. I use Android's full-screen gestures on my phone, so I felt right at home with the add-on. Source: Enables mouse gestures in Firefox with the Gesturefy extension (gHacks)
  9. Custom UserAgent String is a Firefox extension that lets you set a user-agent on a per-site basis So, Mozilla removed the site specific user-agent override setting from Firefox 71. There is a workaround for this, which as mentioned in the previous article is to use a global user-agent. The main issue with the workaround is that the set user-agent is then used on every site that you visit in the Firefox web browser. And while I did warn you there maybe some side effects, initially I didn't notice many except for YouTube reverting to an older design. A few days later, when I visited a banking website, I found that it displayed a message which read something like "Upgrade your browser to access the website". Occasionally, one or two websites simply didn't load at all. I ignored those because I thought it was a server issue, but my friends told me they could access the sites from their browser (also Firefox). That's when it hit me, of course the user-agent setting is what's messing with other websites. Sure enough, disabling the setting ensured that these websites worked as they normally do. Ironic, isn't it? You set the option to access some websites, but it ends up breaking others. I was looking for a fix and there is literally only one option, to use a user-agent switcher extension. After some research and testing (and looking for alternatives to existing add-ons), I came across one which let me use user-agents on a per-site basis. The extension is called Custom UserAgent String. It is written by the author of the User-Agent Switcher revived add-on (not to be confused with the one made by Alexander Schlarb). It's amazing how many add-ons have the same name. Functionally, both add-ons from Liner are quite similar, but the User-Agent Switcher extension only allows you to set a global user agent, which is what we wanted to fix here. Custom UserAgent String however lets you set a user-agent on a per-site basis. Perfect and it's quite simple to use too. How to use Custom UserAgent String Install the extension, click on its icon and then on the Options button. This should take you to a settings screen. Ignore section I and skip to section II, which is captioned "Predefined UserAgent Strings". It has two drop-down menus, one for selecting the browser and Operating system, and the other for selecting the browser's user-agent. Step 1 Click on the box listed under "Enter a desired URL". You will see that it has an asterisk symbol * in it. Delete it and type the address of the website that you want to set the user-agent for in the box. Here's the weird part: Typing a partial address in the URL box like ghacks.net or www.ghacks.net doesn't add the site correctly, i.e., it reverts to the asterisk (which makes it use the user-agent globally). To avoid this, you must use the full address. For e.g https://www.ghacks.net/ will work. Step 2 Use the box below the setting that reads "Enter a custom UserAgent string or select one from the above list". This is where you can enter the custom user agents for specific websites. You can get the user agent from the drop-down menu mentioned above. Or, you can use your custom one (for older browser versions that maybe missing). Click on the + button on the right side to finish adding the site-specific user-agent; it should appear in the table at the end of the page. Note: The custom string option is good for long term use, since even if the add-on hasn't been updated, you can still get the latest user agent from elsewhere and use it. Let's look at another example: Say you want to access Skype on the Web. The URL should be written like this https://web.skype.com/ The user-agent should be Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 There are 2 other things that the Custom UserAgent String table is useful for. The checkbox next to each site listed, toggles the user-agent to be used for the entire website (top-level domain) or only for the given address. Clicking the blank gray button at the right end of the table acts as a switch for enabling/disabling the user-agent. You can disable the Custom UserAgent String add-on completely by clicking on the icon and hitting the power button. This method works perfectly fine in Firefox 71. Which extension are you using for setting site-specific user-agents? Source: Custom UserAgent String is a Firefox extension that lets you set a user-agent on a per-site basis (gHacks)
  10. Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener) The Firefox add-on Don't Touch My Tabs! (rel=noopener) adds the link attribute rel=noopener to all links encountered in the web browser with the exception of same-domain links. The extension addresses a long-standing issue that affects all modern web browser: when a linked resource is opened in anew tab, it gets control over the page that it was loaded from. That's a problem, as it opens the door for manipulation, tracking or malicious attacks. Visit the About rel=noopener website and activate the first link that says "click me..". It opens a new page in a new tab and while that in itself is not that exciting, going back to the originating page is because it has been manipulated by that site. Websites may add the rel=noopener attribute to links to avoid this. Most should, considering that control is handed over to the linked resources. These could do all kinds of things, from changing form field destinations to loading tracking pixels or displaying advertisement. Sites may implement rel=noopener to protect users and their own data from such attacks or manipulations. The problem is that this needs to be implemented by each site individually as browser makers have been reluctant to make the change. Mozilla did test rel=noopener for target="_blank" links in 2018 but did not activate the change for users of the browser. Check out the linked article for instructions on enabling noopener for blank targets. Note: The preference appears to have the same effect as the Firefox add-on. It may require further testing to be really sure about that but a quick check of a couple of sites suggests that it works equally well. When you check external links here on Ghacks, you will notice that noopener is used for all of them. Ghacks external links The Firefox add-on Don't touch my tabs! (rel=noopener) steps in by enabling noopener sitewide for any link you encounter after installation of the extension. The only exception to the rule applies to links that point to the same domain (as the site in question already has full control over its own pages). The extension does the following, basically: Searches for hyperlinks on active pages and checks if they have the "target="_blank" attribute. For any found It adds the rel=noopener attribute if no rel attribute is used already. It adds noopener to the attribute if rel is already used leaving any other attributes untouched. Breakage should be minimal and the extension works automatically in the background once it is installed. The extension is open source; you can check out its GitHub webpage to check out its source. Chrome users can check out No Opener instead which does the same. Source: Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener) (gHacks - Martin Brinkmann)
  11. NextDNS partners with Firefox to help enhance user privacy and security Mozilla has announced that it is partnering with NextDNS in order to help boost the privacy and security of its users. NextDNS joins Cloudflare as a member of Firefox’s Trusted Recursive Resolver (TRR) program which was launched in order to bolster DNS security and privacy. Domain Name Systems (DNS) figure out which IP to direct your browser to based on the URL that you type in. This old technology has some drawbacks though such as DNS providers knowing what you’re browsing and the possibility of a middle man intercepting the request and pointing your browser elsewhere – many DNS-based parental controls use this technique to block access to websites. As part of the TRR, NextDNS has to comply with a few rules that Mozilla has laid out including that data will only be used for operating the service and that it must be deleted after 24 hours. The TRR also states that the data cannot be sold, shared, or licensed to other parties, ensuring user privacy. One concern raised by opponents of DNS-over-HTTPS (DoH) is that it interferes with parental controls. According to the TRR, Mozilla says that partners should allow a user to opt-in to filtering thus allowing parents to set up parental controls on their children’s devices. Commenting on the news, Eric Rescorla, Firefox CTO, said: “For most users, it’s very hard to know where their DNS requests go and what the resolver is doing with them. Firefox’s Trusted Recursive Resolver program allows Mozilla to negotiate with providers on your behalf and require that they have strong privacy policies before handling your DNS data. We’re excited to have NextDNS partner with us in our work to put people back in control of their data and privacy online.” Mozilla said that it looks forward to bringing more partners into the TRR program in order to lift the DNS system into the 21st century with privacy and security protections that users expect. Source: NextDNS partners with Firefox to help enhance user privacy and security (Neowin)
  12. Google’s Chrome browser has come under increasing scrutiny lately, especially after its Manifest V3 plans announced earlier this year which cause some ad blockers to break. Now privacy advocates are honing in on a nascent web API called getInstalledRelatedApps, which has been in development since 2015 and available to experiment with since Chrome 59’s launch in 2017. Described on GitHub, the API lets developers determine if their native app is installed on your device. Of course, there are benefits that will improve the experience when people have web and native apps from the same developer installed on their device. It will prevent potentially annoying consequences such as receiving the same notification twice. So what’s the problem? As an article on highly-esteemed tech site The Register points out, the purpose of this API “isn’t really about users so much as web and app publishers.” In fact, if it isn’t handled properly, it could be a major risk to people’s security and privacy. “If done incorrectly, there’s a good chance of it being open to abuse–and with that come some pretty significant privacy and security related issues,” says security researcher Sean Wright. Google Chrome privacy: Identifying factors The privacy issue stems from the fact that the API would allow sites to potentially see which apps you have installed on your device. “Seeing what you have installed allows them to form a picture of what you do,” says Wright. At the same time, it could impact your security: “Knowing which apps are installed can help attackers perform targeted phishing or to target apps with known vulnerabilities,” Wright warns. It looks like Google will officially support this API in a future version of Chrome, according to a statement of intent posted by Google engineer Rayan Kanso at the end of November. In the post, he conceded that it would not help Chrome users directly although he said it “indirectly benefits them through improved web experiences. Google is aware that its new move could have consequences. This week, Google engineer Yoav Weiss expressed concerns, highlighting the API’s risks. He pointed out that “the collection of bits of answers” to “Is app X installed” could reveal enough about a user to uniquely identify them. I have reached out to Google for further comment and will update this story when it arrives. A risk to Google Chrome users’ security and privacy: What to do As the Register’s Thomas Claburn states, it shows “how user concerns, like privacy, don’t necessarily drive how software gets made.” Indeed, concerns such as security and privacy often take a back seat, right behind functionality. “There has to be a balance, but unfortunately this often seems tipped in favor of functionality,” says Wright. “It’s putting the company before users. This really frustrates me because without your users, there would be no company.” Sound familiar? That’s because it is. Increasingly often, users are being overlooked when they really should be at the heart of every product. But there is something you can do. The only way to fight back against changes that impact privacy is to look for alternatives that do not affect you in the same way. Many companies are hitting back against the likes of Google and Facebook, by providing services that respect their users’ privacy and security. Firefox is currently the browser of choice for those who are concerned, and many Chrome users have already moved over. At the same time, smaller browsers such as Brave are quickly gaining a strong reputation, so it might be a good time to try something new. Source
  13. Firefox 71/68.3esr: Profile issues and bugs during upgrade On December 3, 2019 Mozilla’s developers released the next major version 71 as well as the 68.3esr of the Firefox browser. The update does not work for all users. Some users are claiming damaged/deleted profiles and lost addons. Here is a short overview of the known issues. In the blog post Firefox 71 and 68.3.0esr released I mentioned the new versions for the Firefox browser and the changes. The update to Firefox 71 portable (32 bit) worked fine for me – I could not find any errors during a quick test. But shortly after the publication of the article I got the first feedback about issues from my German blog readers. I’ll compil it here together – maybe there’s some feedback, if these are just single cases or if there are bigger problems. Firefox 68.3esr: Profile damaged during upgrade Some users have experienced issues during upgrade with Firefox ESR. There are reports, that user profile is corrupted or missing, when upgrading to version 68.3. German blog reader Andy writes here: Hmm, within the company the default profile of the 68.3 ESR was damaged after upgrade. There was a message with “new profile format” and then everything was broken. Using Firefox.exe -P I was able to restore the old profile, so half as bad. I will roll it out during operation but definitely not 😞 German blog reader deoroller noticed, that the policies.json file was gone after upgrading to the new Firefox 68.3esr. After the update, the distribution folder with policies.json was gone. I’m not sure, if it’s related to Firefox 68.3esr or Firefox 71 (but I got an additional comment, that also Firefox 71 has the same issue). Also German blog reader reported a lost file policies.json and missing addons. Great, Mozilla, Profile bricked, addons gone, and policies.json no longer found. The portable version is affected to the same extent Luckily I did a test before rolling out I haven’t found anything on the Internet yet in a quick search. Is there anyone else affected by corrupted profiles or missing addons? Source: Firefox 71/68.3esr: Profile issues and bugs during upgrade (Born's Tech and Windows World)
  14. Mozilla removes all Avast Firefox extensions If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results by these companies are returned. Neither Avast Online Security or SafePrice, nor AVG Online Security or SafePrice, are returned by the Store currently even though these extensions exist. It appears that Mozilla removed these extensions from its Store. When you try to open one of the Store URLs of Avast or AVG extensions you get a "Oops! We can't find that page" error message. The extensions are not blacklisted by Mozilla. Blacklisted extensions are put on a blocklist -- which is publicly available here -- and removed from user browsers as a consequence. Avast and AVG extensions have been removed but are not blocked which means that the extensions remain installed in Firefox browsers for the time being. Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent, but Avast's extensions are not on the list. What happened? Wladimir Palant, creator of AdBlock Plus, published an analysis of Avast extensions in late October 2018 on his personal site. He discovered that Avast's extension transmitted data to Avast that provided Avast with browsing history information. The data that the extension submits exceeded what is necessary to function according to Palant. The extensions include the full address of the page, the page title, referer, and other data in the request. Data is submitted when pages are opened but also when tabs are switched. On search pages, every single link on the page is submitted as well. The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier. Palant concluded that the collecting of data was not an oversight. The company states in its privacy policy that it uses anonymized Clickstream Data for "cross-product direct marketing, cross-product development, and third-party trend analytics. Mozilla is in talks with Avast currently according to Wladimir Palant. Possible scenarios are that Mozilla will add the extensions to the blocklist that it maintains or will request that Avast makes changes to the extensions before they are reinstated. The extensions are still available for Google Chrome at the time of writing. Source: Mozilla removes all Avast Firefox extensions (gHacks - Martin Brinkmann)
  15. Mozilla launches Firefox Private Network VPN for $4.99 per month Mozilla continues to expand its products and services beyond the Firefox web browser. Firefox Private Network was launched as the first product of the revamped Test Pilot program that Mozilla put on ice earlier this year. Mozilla launched it for Firefox users in the United States at the time and as a browser proxy only. The system works similarly to third-party VPN solutions for Firefox in that it protects user data and privacy by routing traffic through Private Network servers. Firefox users needed to install the Firefox Private Network extension to make use of the provided browser-level protection. Today, Mozilla Mozilla unveiled the next step in the process. Still only available for users from the United States, the organization launched a full Firefox-branded VPN service. The VPN service is only available for Windows 10 at the time of writing and the $4.99 per month is an introductory offer. Mozilla promises to release versions for Android and iOS, Chromebook, Mac and Linux in the future. Firefox Private Network customers who pay for the full protection get access to about 30 regions and may use the service on up to five devices. The VPN service is provided by Mullvad behind the scenes and uses WireGuard, a new VPN protocol. The underlying policy of Mullvad is that we never store any activity logs of any kind. We strongly believe in having a minimal data retention policy because we want you to remain anonymous. Mullvad has a strict no logging policy and accounts use a number system that keeps track of the remaining hours of service only. The service supports several payment methods including traditional methods that may reveal information and systems that don't reveal those information, e.g. cash transactions or Bitcoin. The full-device VPN protects the entire device whereas the browser extension only Firefox activity. A free option is provided and even though Mozilla changed some of its options, is not very practicable to use. The core reason is that one-hour passes are assigned to the free user and that those are limited to 12 currently (opposed to 4 three-hour passes previously). Means: even if you connect to the service for just a minute, you will waste one of the available hour passes. The price of $4.99 is an introductory price that is available during the beta. Mozilla has not revealed the price that it will charger after the beta ends but it is very likely that it will charge more than $4.99 for a monthly subscription. Mullvad charges about $5.50 (€5 Euro) per month for one month of access to the service. Most VPN services, e.g. NordVPN, offer discounts when customers subscribe for longer periods. Whether that is the case for Firefox Private Network accounts remains to be seen. The $4.99 put Mozilla's offering somewhere in the middle when it comes to price. There are cheaper VPN providers out there but also several that charge more than $5 per month. Closing Words Mozilla plans to run the beta in the United States "into early 2020" to expand the service to other regions "soon thereafter". Interested users may join a waitlist to be notified when the service becomes available in their region. Mozilla has an advantage over other VPN providers; the organization may integrate the service in one form or another in the Firefox web browser to advertise the paid version to users directly. Mozilla did not reveal whether it plans to do that but it could help the organization get away with slightly higher prices than competing offers. Source: Mozilla launches Firefox Private Network VPN for $4.99 per month (gHacks - Martin Brinkmann)
  16. Firefox 72 may block fingerprinters by default Firefox 72, an upcoming version of the web browser, may block so-called fingerprinters by default. Mozilla started to integrate and push Tracking Protection in the Firefox web browser in 2019. Designed to reduce tracking on the Internet, Tracking Protection blocks known trackers (e.g. social media trackers), cross-site tracking cookies, and other tracking related or undesirable content. Standard tracking protection functionality is enabled in Firefox by default. Users of the web browser may adjust the protective feature by setting it to strict or custom. Strict and custom, the two other available presets, include protection against fingerprinters already. Starting in Firefox 72, Firefox may block fingerprinters by default as well as part of the standard preset. Mozilla added the blocking of fingerprinters to Firefox 72 Nightly and plans to test the integration. Based on the outcome of the test, fingerprinting protection may become a standard blocking feature in Firefox 72 Stable or be reverted. Compatibility issues play a big part in the assessment of the feature. Some, legitimate, sites may break or functionality on legitimate sites may break, if fingerprinting is enabled. If the breakage is too severe, Mozilla may revert the decision. Fingerprinting refers to methods that use data that is provided by the browser or user activity for tracking. All web browser reveal some information when sites are loaded. Information may include the user's location in the world, language settings, screen resolution, and other data. Sites may run scripts to gather more data. The main idea behind the data gathering is to generate a fingerprint based on the data to identify the user when the same or other sites are visited. Mozilla explains the concept on its wiki website: Fingerprinting is used to identify a user or user agent by the set of properties of the browser, the device, or the network, rather than by setting state on the device. For example, a party which infers the set of fonts a user has installed on their device and collects this information alongside other device information would be considered to participate in browser fingerprinting. Tip: check out our master list of privacy tests that you may run to find out what your browser reveals about you. Firefox users may control the browser's tracking protection feature in the following way: Load about:preferences#privacy in the browser's address bar. Switch between standard, strict and custom enhanced tracking protection levels. Custom allows users to configure protective features individually. Firefox 72 is scheduled to be released on January 7, 2020. Closing Words Fingerprinting protection is a welcome addition to Firefox's arsenal of tracking protections. Users can enable the protection already in Firefox 70 Stable, e.g. by switching to custom protections and enabling the option. Source: Firefox 72 may block fingerprinters by default (gHacks - Martin Brinkmann)
  17. uBlock Origin for Firefox addresses new first-party tracking method The latest version of the content blocker uBlock Origin for the Mozilla Firefox web browser includes a new feature to detect a new first-party tracking method that some sites have started to use recently. The issue was first reported ten days ago by user Aeris on the project's official GitHub page. Some sites started to use canonical name records (CNAMEs) to bypass filters used in content blockers. First-party resources, e.g. a subdomain, are not blocked usuall unless they are known to only serve advertisement. The main issue from a content blocking perspective is that identification and detection is difficult. The extensions would have to uncloak alias hostnames in order to provide the user with information and the ability to do something about it. Raymond Hill, the developer of uBlock Origin, found a way to address the new first-party tracking method in Mozilla Firefox. Side-note: Why only Firefox? Because Mozilla has created DNS APIs that may be used to expose the CNAME while Google has not. For now, it is not possible to protect against this form of tracking in Google Chrome. Hill writes "Best to assume it can't be fixed on Chromium if it does not support the proper API". Firefox users who upgrade to the latest version of uBlock Origin, may notice a new permission request (Access IP address and hostname information). This is required to unlock access to the DNS API in the browser extension. Firefox users who run the extension need to do the following to set things up properly on their end: Open the Settings of the extension, e.g. from about:addons or by clicking on the dashboard icon in the uBlock Origin interface. Check the "I am an advanced user" box on the first page that opens. Activate the settings icon next to the option to open the advanced settings. Change the value of the parameter cnameAliasList to *. The change runs the actual hostnames through the filtering that uBlock Origin applies again. The log highlights these in blue. Network requests for which the actual hostname differs from the original hostname will be replayed through uBO's filtering engine using the actual hostname. [..] Regardless, uBO is now equipped to deal with 3rd-party disguised as 1st-party as far as Firefox's browser.dns allows it. The setting of the wildcard means that the process is done for any hostname that differs; this works but it means that a certain number of network requests are processed twice by uBlock Origin. The next step is for me to pick a cogent way for filter list maintainers to be able to tell uBO to uncloak specific hostnames, as doing this by default for all hostnames is not a good idea -- as this could cause a huge amount of network requests to be evaluated twice with no benefit for basic users (default settings/lists) while having to incur a pointless overhead -- for example when it concerned CDNs which are often aliased to the site using them. Hill wants to switch to using a maintained list of known offenders that uBlock Origin (UMatrix will support this as well) will process while leaving any other hostname untouched. Closing Words Firefox users may change the configuration to make sure that they are protected against this new form of tracking. Chromium users cannot because the browser's APIs for extensions does not have the capabilities at the time of writing. Source: uBlock Origin for Firefox addresses new first-party tracking method (gHacks - Martin Brinkmann)
  18. Firefox 72: dynamic scrollbars based on page color Mozilla plans to adapt the color of the scrollbar in the Firefox web browser to the background color of the visited webpage in Firefox 72. Dark themes are en vogue currently; operating systems, web browsers, and other applications get dark theme options that users may enable to switch from the previously favored light design to a black design. For many, it seems like a personal preference more than anything else, but dark themes offer some advantages over lighter themes including better battery performance on mobile devices. Firefox users may enable a dark theme in the browser on the Menu > Customize page of the web browser; this paints the browser UI in darker colors. Certain websites, e.g. DuckDuckGo or Startpage, support dark themes as well that users may enable. One of the issues that Firefox users experienced with dark themed sites in the browser was that the scrollbar area was not adapted accordingly. The scrollbar used a light design regardless of website or selected Firefox theme; this felt distracting to many users. Some used custom CSS styles to paint scrollbars in a dark color, others endured the light area on websites visited in the Firefox web browser. Starting with Firefox 72, Firefox will adapt the color of the scrollbar based on the background color of the visited page. Users of the browser who prefer a darker theme will notice that the color of the scrollbar area shines in a darker color as well and that page position indicator is darker than before as well. The screenshot above highlights the change. The window on top shows the new scrollbar color scheme on the dark homepage of the search engine DuckDuckGo. Sites that don't use standards when it comes to dark themes or modes may not show the correct scrollbar colors after all; this is the case for Reddit which, according to a comment on the official bug listing on Mozilla's bug tracking site, sets the dark background "on a child element of the scrollable container" so that Firefox cannot detect the dark theme usage. Firefox 72 Stable will be released on January 7, 2020 according to the release schedule. Source: Firefox 72: dynamic scrollbars based on page color (gHacks - Martin Brinkmann)
  19. Firefox 71: new about:config interface lands Mozilla plans to launch the redesigned about:config interface in Firefox 71, the next stable version of the web browser. The internal page about:config provides Firefox users with access to an advanced set of configuration parameters. The regular options, accessible via Firefox Menu > Options, list only a small fraction of available configuration options. Tip: check out the Ghacks user.js project to find out more about many of the advanced parameters. The pre-Firefox 71 about:config interface is based on XUL, a language that Mozilla deprecated some time ago in favor of web standards such as HMTL5 and JavaScript. The new interface is based on JavaScript and HTML, and will be launched in Firefox 71 Stable if the schedule holds. We looked at the first version of the new interface back in January 2019 and noticed back then that some functionality was missing when compared to the classic about:config interface. To name a few: no deep linking, no sorting, no listing of all preferences, no double-click actions, and less items per page than previously. The final version addresses some of the issues but not all. The final version of the interface supports double-click actions and the display of all preferences that are visible (use * in the search field). Users may also discard changes with a tap on the Esc-key. Some issues, including the removal of deep links and sorting, remain, and Mozilla announced previously that it won't fix those. A quick scan of the Ghacks database returned 48 articles with deep links to Firefox preferences. The instructions won't work anymore when the changed interface lands. While users may look at the filter url to search for the preference name manually, it is far from ideal considering that we are just one website that used the deep linking option to point to about:config preferences directly. Mozilla's initial plan was to release the redesigned interface in Firefox 67 but things got delayed along the way. The organization plans to launch the redesigned interface in Firefox 71. The web browser is scheduled for a release on December 3, 2019 according to the release schedule. Closing words Mozilla addressed some of the issues of the redesigned about:config interface and it seems to have concentrated its efforts on the issues that would have affected the most number of users. It is unfortunate that some features won't be supported; sorting was useful as you could use it to list all modified preferences easily on the screen among other things. Source: Firefox 71: new about:config interface lands (gHacks - Martin Brinkmann)
  20. How to restore the green lock icon in Firefox's address bar Mozilla's Firefox web browser used to display a green padlock icon in the browser's address bar when secure sites were opened in the browser. Additionally, the browser would display extended information for sites with EV (Extended Validation) certificates. Mozilla launched a change recently in Firefox that changed the green padlock icon to a gray icon and removed the EV certificate information from the browser entirely. The organization revealed plans in August 2019 to change the information that Firefox displays in the address bar in regards to sites using HTTPS and implemented the change in Firefox 70.0 released recently. Firefox users who open a secure site in the browser see a gray padlock icon in the address bar in Firefox 70 and newer versions of the browser. Sites with EV certificates are not highlighted in any way anymore as well. The main idea behind the changes -- Mozilla is not the only browser developer that made it -- is that the majority of Internet sites are using HTTPS on today's Internet and that the number will increase even more in the coming years. HTTPS is the new default and the reasoning is that sites that don't support it should be highlighted instead of sites that support it. One of the issues with the approach is that generations of Internet users have been trained to look for these locks in the address bar to verify that the connection is secure. While that is still possible as the gray padlock icon indicates a secure connection, some may prefer to get the green icon restored instead as it provides a better visual indicator. Making Firefox`s padlock icon green again Firefox comes with built-in configuration options to restore the green padlock icon. Here is what you need to do: Load about:config in the Firefox address bar. Confirm that you will be careful if a warning screen is displayed. Use the search at the top to find security.secure_connection_icon_color_gray. Toggle the preference so that its value is FALSE. The change is applied immediately, a browser restart is not required. You should notice that all sites that use secure connections are displayed with a green padlock icon again in the Firefox address bar. To restore the gray icon, set the value of the preference to TRUE instead. Restoring Extended Validation Certificate information in Firefox Firefox users may enable the display of EV certificate information in Firefox's address bar as well; this is also done using the method described above: Visit the about:config page again. Search for security.identityblock.show_extended_validation this time. Set the preference to TRUE to enable the display of extended validation information in the browser's address bar. The change is applied immediately. If you don't see it right away try to refresh the site in question. You may set the value of the preference to FALSE to restore the default. Display not secure for sites that don't use HTTPS Firefox displays a crossed-out padlock icon in the address bar by default when a site that does not use HTTPS (or uses it incorrectly) is visited. You may add the "not secure" text to the address bar to further highlight the status of the connection. Visit about:config in the Firefox address bar. Search for security.insecure_connection_text.enabled. Set the value of the preference to TRUE to enable "not secure" or FALSE to disable it. Bonus: If you want to apply the change to private browsing connections as well, search for security.insecure_connection_text.pbmode.enabled and set the value accordingly. Source: How to restore the green lock icon in Firefox's address bar (gHacks - Martin Brinkmann)
  21. Actively exploited bug in fully updated Firefox is sending users into a tizzy Fraudulent tech-support sites cause Firefox to freeze while displaying scary message. Enlarge Jérôme Segura 104 with 63 posters participating, including story author Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any user interaction upon visiting a site, reads: Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety. The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. Below is a GIF showing the attack flow: Jérôme Segura The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. (Update: as a commenter pointed out, restore tabs is turned off by default.) To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load. Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites, including d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html. He said the offending code on the site was written specifically to target the browser flaw. Enlarge Jérôme Segura On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn't immediately provide information on the status of the bug. Firefox is hardly alone in having bugs that cause the browsers to hang indefinitely while displaying a confusing or scary page. Chrome has had its share of similar flaws, which have also been exploited in the wild. Google developers have since fixed both of them. The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks. Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw. For many people, it's not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed. Source: Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica)
  22. In a move to fight spam and improve the health of the web, Mozilla will hide notification popups -- a feature nobody asked for. In a move to fight spam and improve the health of the web, Firefox will hide those annoying notification popups by default starting next year, with the release of Firefox 72, in January 2020, ZDNet has learned from a Mozilla engineer. The move comes after Mozilla ran an experiment back in April this year to see how users interacted with notifications, and also looked at different ways of blocking notifications from being too intrusive. Usage stats showed that the vast majority (97%) of Firefox users dismissed notifications, or chose to block a website from showing notifications at all. As a result, Mozilla engineers have decided to hide the notification popup that drops down from Firefox's URL bar, starting with Firefox 72. If a website shows a notification, the popup will be hidden by default, and an icon added to the URL bar instead. Firefox will then animate the icon using a wiggle effect to let the user know there's a notification subscription popup available, but the popup won't be displayed until the user clicks the icon. We've recorded a GIF of this new routine, here. Firefox Nightly versions already come with this notification popup blocker active, but the stable Firefox branch is scheduled to get it next January. The Notification API, and how it all went south Notification popups were added to modern browsers in Chrome 22 (September 2012) and Firefox 22 (June 2013), with the addition of the Notifications API. Their initial purpose was to allow websites to display notifications, and alert users of new content, after users closed a website's tab. For example, you subscribed to Slack notifications, have a conversation, and close the Slack browser tab. The Notifications API allowed websites to show a popup when you received a new message, or there was new content available in your (now-closed) Slack tab. News sites, such as ZDNet, also use notifications to alert users when new articles are out. Social networks and instant messaging clients use it to show alerts for trending topics or new messages. The feature has its use cases, and can be extremely useful, but only when used by legitimate organizations. Fraudsters and spammers love notifications But over the past few years, unscrupulous groups have realized that the Notifications API provides an ideal method of pushing spam to users, even after users left the malicious site. Cybercrime groups have been luring users on random sites, and showing notification popups. If users accidentally clicked on the wrong button and subscribed to one of these shady sites, then they'd be pestered with all sorts of nasty popups. Malicious threat actors have been seen using notifications (also known as subscription spam) to push links to shady products, links to malware downloads, or run-of-the-mill pill or Viagra spam [1, 2]. "Notification spam is quite common, especially via certain types of publishers and malvertising in general," Jérôme Segura, malware analyst at Malwarebytes, told ZDNet in an interview today. "Since most browsers can block ad popups or popunders, push notifications have been greatly abused," Segura added. "In fact, I even question the merits of such a 'feature' in the first place or at least some serious oversight in how it could be implemented. "Years ago, people would come to you about annoying ad notifications popping up on their machine, and that was usually due to adware programs [installed locally]. But these days, I would say this has been largely replaced by notification spam, which is very easy to fall for with some basic social engineering," he added. "In comparison to cleaning up an infected machine, it's actually much easier to remove already allowed notifications, but most people just don't know how," Segura said. And browser makers, too, have realized that the feature can be quite annoying, and downright dangerous. In recent years, most browsers have added settings to block websites from showing notifications. However, Mozilla is the first browser vendor to block notification popups by default. "I think Mozilla's decision is good for the health of the web," Segura told ZDNet. You can unsubscribe from receiving notifications from sites via any browser's settings section. Most browsers support a search feature in the settings section. Users can use it to search for the "notifications" options and block or unsubscribe from the shady sites. Source
  23. Firefox users won't be able to sideload extensions starting March 2020, with Firefox 74. Mozilla has announced today plans to discontinue one of the three methods through which extensions can be installed in Firefox. Starting next year, Firefox users won't be able to install extensions by placing an XPI extension file inside a special folder inside a user's Firefox directory. The method, known as sideloading, was initially created to aid developers of desktop apps. In case they wanted to distribute a Firefox extension with their desktop app, the developers could configure the app's installer to drop a Firefox XPI extension file inside the Firefox browser's folder. SIDELOADING REMOVED BECAUSE OF ABUSE This method has been available to Firefox extension developers since the browser's early days. However, today, Mozilla announced plans to discontinue supporting sideloaded extensions, citing security risks. "Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager," said Caitlin Neiman, Add-ons Community Manager at Mozilla. "This mechanism has also been employed in the past to install malware into Firefox," Neiman said. TWO-PHASE REMOVAL PLAN As a result, Mozilla plans to stop supporting this feature next year in a two-phase plan. The first will take place with the release of Firefox 73 in February 2020. Neiman says Firefox will continue to read sideloaded extensions, but they'll be slowly converted into normal add-ons inside a user's Firefox profile, and made available in the browser's Add-ons section. By March 2020, with the release of Firefox 74, Mozilla plans to completely remove the ability to sideload an extension. By that point, Mozilla hopes that all sideloaded extensions will be moved inside users' Add-ons section. Through the move, Mozilla also hopes to help clean up some Firefox installations where malware authors were secretly sideloading extensions behind users' backs. Since these extensions will now show up in the Add-ons sections, users will be able to remove any extensions they don't need or don't remember installing. TWO METHODS OF LOADING EXTENSIONS REMAIN Further, Mozilla's blog post on the matter today also serves as a notice for extension developers, who will have to update their extensions and make them available through another installation mechanism. There are currently two other ways through which developers can distribute extensions, and through which users can install them. The first and the most widely known is by installing extensions from the official addons.mozilla.org (AMO) portal. Extensions listed here are verified by Mozilla, so most are relatively safe, albeit the security checks aren't 100% sure to catch all malicious code. The second involves using the "Install Add-on From File" option in Firefox's Add-ons section. Users have to manually download a Firefox XPI extension file, visit the Add-ons section, and then use the "Install Add-on From File" option to load the extension in their browser. This option is usually employed for loading extensions that have to handle sensitive corporate data inside enterprise environments, and can't be distributed via the AMO portal. There was also a fourth method of loading extensions inside Firefox, but this was removed in September 2018, with the release of Firefox 62. This involved modifying Windows Registry keys to load custom extensions with Firefox installations. This, too, was abused by malware devs, and Mozilla decided to remove it. Source: Mozilla to stop supporting sideloaded extensions in Firefox (via ZDNet)
  24. A look at Firefox's upcoming Picture-in-Picture mode Mozilla revealed that it was working on a Picture-in-Picture mode for the Firefox web browser back in February. Designed to play videos in a small overlay on the screen, Picture-in-Picture mode allows users of the browser to navigate between tabs and sites without interfering with the playing video using the detached video player. The original plan was to introduce the mode in Firefox 68 but development has been delayed. Current plans aim for a release in the next stable Windows version of the Firefox web browser, Firefox 71. Firefox 71 will be released on December 3, 2019 if the schedule does not change. Linux and Mac versions of Firefox may see a release in Firefox 72 which will be released on January 7, 2020. Note: The Firefox preference media.videocontrols.picture-in-picture.enabled determines whether Picture-in-Picture mode is enabled. Firefox users may enable the feature already in the browser (there may still be bugs). Firefox Picture-in-Picture mode Firefox adds a small blue icon to supported videos that displays "Picture-in-Picture" when hovered over. A click on the icon opens the video in the Picture-in-Picture interface and displays a placeholder on the original site. It reads "This video is playing in Picture-in-Picture mode". A right-click may also display the option to load the video in Picture-in-Picture mode. The Picture-in-Picture overlay can be moved around on the screen independently and also resized. The interface is not entirely independent but you may change tabs and use the browser normally. The only thing that affects the video is the tab it originated on. If you reload it or navigate away, the video is closed automatically. The Picture-in-Picture interface is bare bones. It features a play/pause toggle button and another for restoring the video in its original location in Firefox. The only other option that is provided is to close the Picture-in-Picture interface by activating the close button. Controls, e.g. to change the volume of the video, change the quality or make other changes, are missing. It is possible to use the controls on the video's original site, e.g. to use the slider to jump to a different position or to change the volume. Here is an overview of all Picture-in-Picture preferences in Firefox: media.videocontrols.picture-in-picture.enabled -- The main preference to enable or disable the feature. media.videocontrols.picture-in-picture.video-toggle.always-show -- Determines whether the PIP icon is shown always (Firefox does not show it for certain videos, e.g. those without an audio track or that are too small in size). media.videocontrols.picture-in-picture.video-toggle.enabled -- Whether to show the toggle to enable PIP mode in Firefox. media.videocontrols.picture-in-picture.video-toggle.flyout-enabled -- Animation when activating the mode. media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms -- Wait time for flyout mode. Closing words The main benefit of using Picture-in-Picture mode is that users may watch the video unhindered while doing something else in the browser. The PIP window is set to be on top which means that it remains visible even if you navigate to another tab. Firefox users who like to watch videos while doing something else in the browser may find the mode useful the most. Some Firefox users may prefer to play videos in a second browser window, especially if the display offers enough room to display two windows on the screen. Source: A look at Firefox's upcoming Picture-in-Picture mode (gHacks - Martin Brinkmann)
  25. Search for webpages in your history and bookmarks efficiently with the Memex extension for Firefox and Chrome Memex is an interesting web browser add-on that is designed specifically for powerusers. Before you ask, no it's not a meme generator. It is a Vannevar Bush inspired bookmarking/local search engine of sorts that you can use to quickly find webpages that you visited in the past. The extension is available for Firefox and Chrome. When you install the add-on, it may appear to be requesting a scary amount of permissions. But they are required for Memex to work. The extension has a visual tutorial which explains how it works; the GIFs that it uses are a bit too speedy for my liking. Once you have installed the add-on, click on its icon (the brain) to bring up a menu and get a few options here. The go to dashboard takes you to the main interface of the extension and the main way you make use of its functionality. Memex indexes pages to make search more powerful in the browser. You need to remember that it saves only the content of individual pages; it is not enough to bookmark the homepage of a site, e.g. Ghacks, to get all articles indexed. The add-on comes with a handy import feature to import pages from the browsing history. For now let's go back to the menu. The "Star this page" option is similar to bookmarking but adds the page to Memex's database, and tags are used to identify starred pages quickly. Just select a page and tag it with a relevant word and it will become usable, or should I say searchable by Memex. You can add multiple tags for a page and collections are like folders to improve organization of webpages. Another way to use these options By default, Memex should add a sidebar and it should be visible when you mouse over to the right edge of the screen. There are buttons here that let you open Memex's dashboard, perform a search, star pages, add tags and perform other actions. There is one important feature which is present in the sidebar which is not in the menu: Notes. The name is a bit misleading as it is an annotation tool. Memex allows you to annotate on any web page. To do so, click the notes icon and type something. For e.g. If you're an Amazon page, you could type something like "This could be an interesting gift for Max's birthday." So, you'll remember why you saved the page and why. You can also highlight text content like you would do with a marker. If you have used Microsoft Edge you may be familiar with these options. When you select text on a web-page, a tooltip should appear and you can use it to link to the highlighted text for reference. When you click on it in the dashboard, you will be taken to the page with the highlighted content visible. Memex also supports keyboard shortcuts. Sidebar - r Star Page - c Add tag - t Add to collections - u Let's star a page, tag it and add it to a collection to demonstrate how this all works and how it benefits you. Say, you want to add the Ghacks homepage to the database. You can visit the page and click on the star icon to bookmark it in Memex. Click on the tag button to add a tag, like Windows Software, Linux apps, or technology. The collection button can be used to add the page to a folder like Tech or Blogs. Note: I found the sidebar to be buggy at times, and used the menu options instead. Now, back to the dashboard. To the left you have your collections, which are sort of like folders for your bookmarks. In the center you have the search box. How does the search work? The add-on can search for the keyword in various ways. Basically it can find any page you have bookmarked or tagged or added to a collection. In addition to this, it can also find pages which you annotated or highlighted text on. It supports full-text search of the web history and bookmarks, and supports filters next to that. You can use the filter option to narrow down the search further by Date - Select a date range (say, October 27, 2019 - October 28, 2019) Tags - Remember how we added tags? Use the same keyword here. Domains- narrow down search by URL (example: ghacks.net) Don't have any of these at hand? Memex can still find the page by the text from titles and URLs. Assuming you added a few pages to the database, perform a search using a relevant word and you should be able to find the page instantly. The best part is that the extension is meant to be an "offline-first" one. It is also open source, and has a good privacy policy. The add-on stores the data on your computer, so your data is yours. You can optionally backup your data on your computer, or to the cloud service of your choice from the settings menu. Memex has a pro version that is completely optional. All it does is automatically backup the data every 15 minutes and supports cross-device sync. Source: Search for webpages in your history and bookmarks efficiently with the Memex extension for Firefox and Chrome (gHacks)
  • Create New...