Mozilla Slipped a 'Mr. Robot'-Promo Plugin Into Firefox and Users Are Pissed ( 272

MarcAuslander shares a report from Gizmodo: Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox -- and managed to piss off a bunch of its privacy-conscious users in the process. The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware. Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.

Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. "The Mr. Robot series centers around the theme of online privacy and security," the company said in an explanation of the mysterious extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

Operating Systems

ReactOS 0.4.7 Released ( 94

jeditobe writes: OSNews reports that the latest version of ReactOS has been released: "ReactOS 0.4.7 has been released, and it contains a ton of fixes, improvements, and new features. Judging by the screenshots, ReactOS 0.4.7 can run Opera, Firefox, and Mozilla all at once, which is good news for those among us who want to use ReactOS on a more daily basis. There's also a new application manager which, as the name implies, makes it easier to install and uninstall applications, similar to how package managers on Linux work. On a lower level, ReactOS can now deal with Ext2, Ext3, Ext4, BtrFS, ReiserFS, FFS, and NFS partitions." General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.7 is also available. ISO images are ready at the ReactOS Download page.

Yahoo Sues Mozilla For Breach of Contract -- So Mozilla Counter Sues Yahoo ( 112

Mark Wilson writes: Mozilla and Yahoo have started a legal spat about the deal that existed between the two companies regarding the use of the Yahoo search engine in the Firefox browser. On December 1, Yahoo fired the first shot filing a complaint that alleges Mozilla breached a contract that existed between the two companies by terminating the arrangement early. In a counter complaint, Mozilla says that it was not only justified in terminating the contract early, but that Yahoo Holdings and Oath still have a bill that needs to be settled.

How Converting A C++ Game to JavaScript Gave Us WebAssembly ( 139

Slashdot reader Beeftopia shares "a detailed history of WebAssembly...from one of the developers." IEEE Spectrum reports that "Like a lot of stories about tech innovation, this one started with video games." [Mozilla's Alon Zakai] wanted to take a game he had helped write in C++ and convert it to JavaScript code that would run well on the Web. This was in 2010, and back then, converting C++ to JavaScript was unthinkable... so he started working to adapt an open-source tool that could translate C++ code into JavaScript automatically. He called his project Emscripten... we were able to formalize the permitted JavaScript patterns, to make the contract between Emscripten and the browser completely clear. We named the resulting subset of JavaScript asm.js... I would optimize the JavaScript engine in Firefox to run the resulting code even faster...

This brings us to the present... Emscripten can take code written in C++ and convert it directly into WebAssembly. And there will be ways in time to run other languages as well, including Rust, Lua, Python, Java, and C#. With WebAssembly, multimillion-line code bases can now load in a few seconds and then run at 80 percent of the speed of native programs. And both load time and execution speed are expected to improve as the browser engines that run the code are made better.

They'd started with a C++ game because "If we could make games run well on the Web, other computationally intensive applications would soon follow."

The article -- by Mozilla software engineer Luke Wagner -- remembers that the name Emscripten was a "a mash-up of 'script' from JavaScript and 'embiggen' from the TV show The Simpsons."

Mozilla Revenue Jump Fuels Its Firefox Overhaul Plan ( 127

Well, now we know what paid for all those programmers cranking out the overhauled Firefox Quantum browser: a major infusion of new money. From a report: Mozilla, the nonprofit behind the open-source web browser, saw its 2016 revenue increase 24 percent to an all-time high of $520 million, it said Friday. Expenses grew too, but not as much, from $361 million to $337 million, so the organization's war chest is significantly bigger now. Mozilla, which now has about 1,200 employees, releases prior-year financial results in conjunction with tax filings. Most of Mozilla's money comes from partnerships with search engines like Google, Yahoo, DuckDuckGo, Baidu and Yandex. When you search through Firefox's address bar, those search engines show search ads alongside results and share a portion of the revenue to Mozilla. Mozilla in 2014 signed a major five-year deal with Yahoo to be the default search engine in the US, but canceled it only three years in and moved back to Google instead in November. Mozilla's mission -- to keep the internet open and a place where you aren't in the thrall of tech giants -- may seem abstract. But Mozilla succeeded in breaking the lock Microsoft's Internet Explorer had on the web a decade ago, and now it's fighting the same battle again against Google's Chrome.

Firefox Quantum Is 'Better, Faster, Smarter than Chrome', Says Wired ( 383

Wired's senior staff writer David Pierce says Firefox Quantum "feels like a bunch of power users got together and built a browser that fixed all the little things that annoyed them about other browsers." The new Firefox actually manages to evolve the entire browser experience, recognizing the multi-device, ultra-mobile lives we all lead and building a browser that plays along. It's a browser built with privacy in mind, automatically stopping invisible trackers and making your history available to you and no one else. It's better than Chrome, faster than Chrome, smarter than Chrome. It's my new go-to browser.

The speed thing is real, by the way. Mozilla did a lot of engineering work to allow its browser to take advantage of all the multi-core processing power on modern devices, and it shows... I routinely find myself with 30 or 40 tabs open while I'm researching a story, and at that point Chrome effectively drags my computer into quicksand. So far, I haven't been able to slow Firefox Quantum down at all, no matter how many tabs I use... [But] it's the little things, the things you do with and around the web pages themselves, that make Firefox really work. For instance: If you're looking at a page on your phone and want to load that same page on your laptop, you just tap "Send to Device," pick your laptop, and it opens and loads in the background as if it had always been there. You can save pages to a reading list, or to the great read-it-later service Pocket (which Mozilla owns), both with a single tap...

Mozilla has a huge library of add-ons, and if you use the Foxified extension, you can even run Chrome extensions in Firefox. Best I can tell, there's nothing you can do in Chrome that you can't in Firefox. And Firefox does them all faster.

I've noticed that when you open a new tab in Chrome's mobile version, it forces you to also see news headlines that Google picked out for you. But how about Slashdot's readers? Chrome, Firefox -- or undecided?

Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach ( 64

An anonymous reader writes: Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches. The notifications system will use data provided by Have I Been Pwned?, a website that indexes public data breaches and allows users to search and see if their details have been compromised in any of these incidents. Work on this project has only recently started. The code to show these warnings is not even in the Firefox codebase but managed separately as an add-on available (on GitHub). The alert also includes an input field. In the add-ons current version this field doesn't do anything, but we presume it's there to allow users to search and see if their data was exposed during that site's security breach. Troy Hunt, Have I Been Pwned's author has confirmed his official collaboration with Mozilla on this feature.

Another Tor Browser Feature Makes It Into Firefox: First-Party Isolation ( 93

An anonymous reader writes: Unbeknown to most users, Mozilla added a privacy-enhancing feature to the Firefox browser over the summer that can help users block online advertisers from tracking them across the Internet. The feature is named First-Party Isolation (FPI) and was silently added to the Firefox browser in August, with the release of Firefox 55. FPI works by separating cookies on a per-domain basis.

This is important because most online advertisers drop a cookie on the user's computer for each site the user visits and the advertisers loads an ad. With FPI enabled, the ad tracker won't be able to see all the cookies it dropped on that user's PC, but only the cookie created for the domain the user is currently viewing. This will force the ad tracker to create a new user profile for each site the user visits and the advertiser won't be able to aggregate these cookies and the user's browsing history into one big fat profile. This feature was first implemented in the Tor Browser, a privacy-focused fork of the Firefox browser managed by the Tor Project, where it is known as Cross-Origin Identifier Unlinkability. FPI was added to Firefox as part of the Tor Uplift project, an initiative to bolster the Firefox codebase with some of the Tor Browser's unique privacy-focused features. The feature is not enabled by default. Information on how to enable it is in the linked article.


Firefox vs Chrome: Speed and Memory ( 160

Mashable aleady reported Firefox Quantum performs better than Chrome on web applications (based on BrowserBench's JetStream tests), but that Chrome performed better on other benchmarks. Now Laptop Mag has run more tests, agreeing that Firefox performs beter on JetStream tests -- and on WebXPRT's six HTML5- and JavaScript-based workload tests. Firefox Quantum was the winner here, with a score of 491 (from an average of five runs, with the highest and lowest results tossed out) to Chrome's 460 -- but that wasn't quite the whole story. Whereas Firefox performed noticeably better on the Organize Album and Explore DNA Sequencing workloads, Chrome proved more adept at Photo Enhancement and Local Notes, demonstrating that the two browsers have different strengths...

You might think that Octane 2.0, which started out as a Google Developers project, would favor Chrome -- and you'd be (slightly) right. This JavaScript benchmark runs 21 individual tests (over such functions as core language features, bit and math operations, strings and arrays, and more) and combines the results into a single score. Chrome's was 35,622 to Firefox's 35,148 -- a win, if only a minuscule one.

In a series RAM-usage tests, Chrome's average score showed it used "marginally" less memory, though the average can be misleading. "In two of our three tests, Firefox did finish leaner, but in no case did it live up to Mozilla's claim that Quantum consumes 'roughly 30 percent less RAM than Chrome,'" reports Laptop Mag.

Both browsers launched within 0.302 seconds, and the article concludes that "no matter which browser you choose, you're getting one that's decently fast and capable when both handle all of the content you're likely to encounter during your regular surfing sessions."

Is Firefox 57 Faster Than Chrome? ( 234

An anonymous reader quotes TechNewsWorld: Firefox is not only fast on startup -- it remains zippy even when taxed by multitudes of tabs. "We have a better balance of memory to performance than all the other browsers," said Firefox Vice President for Product Nick Nguyen. "We use 30 percent less memory, and the reason for that is we can allocate the number of processes Firefox uses on your computer based on the hardware that you have," he told TechNewsWorld. The performance improvements in Quantum could be a drink from the fountain of youth for many Firefox users' systems. "A significant number of our users are on machines that are two cores or less, and less than 4 gigabytes of RAM," Nguyen explained.
Mashable ran JetStream 1.1 tests on the ability to run advanced web applications, and concluded that "Firefox comes out on top, but not by much. This means it's, according to JetStream, slightly better suited for 'advanced workloads and programming techniques.'" Firefox also performed better on "real-world speed tests" on and the New York Times' site, while Chrome performed better on National Geographic, CNN, and Mashable. Unfortunately for Mozilla, Chrome looks like it's keeping the top spot, at least for now. The only test that favors Quantum is JetStream, and that's by a hair. And in Ares-6 [which measures how quickly a browser can run new Javascript functions, including mathematical functions], Quantum gets eviscerated... Speedometer simulates user actions on web applications (specifically, adding items to a to-do list) and measures the time they take... When it comes to user interactions in web applications, Chrome takes the day...

In reality, however, Quantum is no slug. It's a capable, fast, and gorgeous browser with innovative bookmark functionality and a library full of creative add-ons. As Mozilla's developers fine-tune Quantum in the coming months, it's possible it could catch up to Chrome. In the meantime, the differences in page-load time are slight at best; you probably won't notice the difference.


Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature ( 70

Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.

Slashdot Asks: Have You Switched To Firefox 57? 589

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.

Google Returns As Default Search Engine In Firefox ( 136

Mozilla today launched Firefox Quantum, which the company is calling "the biggest update since Firefox 1.0 in 2004." It brings massive performance improvements and a visual redesign. It also sets Google as the default search engine again if you live in the U.S., Canada, Hong Kong and Taiwan. TechCrunch reports: In 2014, Mozilla struck a deal with Yahoo to make it the default search engine provider for users in the U.S., with Google, Bing, DuckDuckGo and others as options. While it was a small change, it was part of a number of moves that turned users against Firefox because it didn't always feel as if Mozilla had the user's best interests in mind. Firefox Quantum (aka, Firefox 57), is the company's effort to correct its mistakes and it's good to see that Google is back in the default slot. When Mozilla announced the Yahoo deal in 2014, it said that this was a five-year deal. Those five years are obviously not up yet. We asked Mozilla for a bit more information about what happened here.

"We exercised our contractual right to terminate our agreement with Yahoo! based on a number of factors including doing what's best for our brand, our effort to provide quality web search, and the broader content experience for our users. We believe there are opportunities to work with Oath and Verizon outside of search," Mozilla Chief Business and Legal Officer Denelle Dixon said in a statement. "As part of our focus on user experience and performance in Firefox Quantum, Google will also become our new default search provider in the United States, Canada, Hong Kong and Taiwan. With over 60 search providers pre-installed as defaults or secondary options across more than 90 language versions, Firefox has more choice in search providers than any other browser."


Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul ( 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
The Internet

All Major Browsers Now Support WebAssembly ( 243

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Firefox 57 Brings Better Sandboxing on Linux ( 124

Catalin Cimpanu, writing for BleepingComputer: Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. The Firefox sandboxing feature isolates the browser from the operating system in a way to prevent web attacks from using a vulnerability in the browser engine and its legitimate functions to attack the underlying operating system, place malware on the filesystem, or steal local files. Chrome has always run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox -- such as Flash, DRM, and other multimedia encoding plugins.

Popular Firefox Bookmark Syncing Add-On Starts Losing... Bookmarks ( 67

A popular Firefox browser add-on that saves and syncs bookmarks has started to lose those bookmarks instead, users are complaining. From a report: According to user reports -- and your reporter's own experience -- the problems arose when Xmarks updated the add-on to version, the first version to work on the new WebExtensions API, Firefox's new add-on technology. Since then, Firefox users have reported a wide range of problems, but among which the biggest was the fact that Xmarks was not syncing bookmarks as it should. The problems did not manifest the same way for all users. Some users said the add-on stopped syncing new bookmarks altogether, some reported corrupted links, others said they lost all bookmarks, while other reported that only a small portion of new bookmark URLs was being added to their Xmarks account.

Mozilla Might Distrust Dutch Government Certs Over 'False Keys' ( 112

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.

"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.

Firefox Borrows From Tor Browser Again, Blocks Canvas Fingerprinting ( 92

An anonymous reader writes: Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. The technique is widely used in the advertising industry to track users across sites. Firefox 58 is scheduled for release on January 16, 2018.

Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox.


TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released ( 21

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

Slashdot Top Deals