mozilla-says-a-new-firefox-security-bug-is-under-active-attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.

firefox-71:-a-year-end-arrival

Another release is upon us: please welcome Firefox 71 to the stage! This time around, we have a plethora of new developer tools features. These include the web socket message inspector, console multi-line editor mode, log on events, and network panel full text search!

And as if that wasn’t good enough, there are important new web platform features available, like CSS subgrid, column-span, Promise.allSettled, and the Media Session API.

Read on for more details of the highlights, and find the full list of additions with the links below:

Developer tools

Let’s start with our new developer tool features! Many of these were first made available in Firefox Developer Edition, and then improved based on feedback from early adopters. We’d like to thank you all for your help!

Continued speed and reliability improvements

Improvements in Firefox 71 continue our promise to provide a rock-solid and fast DevTools experience.

We know it’s important that DevTools load quickly. We have automation in place to help ensure we keep driving this time down. In 71 we got some help from the JavaScript team, when their improvements to caching scripts for startup not only made Firefox start faster, but DevTools too. One Console test got an astonishing 40% improvement while times across every panel were boosted by 8-15%!

Interaction with pretty-printed code has gotten a lot of attention. Over past releases we’ve already improved breakpoint handling and pausing. In 71, links to scripts (like from the event handler tooltip in the Inspector or the stack traces in the Console) reliably get you to the expected line, and debugging sources loaded through eval() now also works as expected.

WebSocket Message Inspector

The Network panel has a new Messages tab. You can observe all messages sent and received through a WebSocket connection:

Sent frames have a green up-arrow icon, while received frames have a red down-arrow icon. You can click on an individual frame to view its formatted data.

Find out more about WebSockets and how to use the tool in this post about Firefox’s New WebSocket Inspector. Thanks a lot to Heng Yeow Tan, who worked on this feature as part of his Google Summer of Code (GSoC) internship.

Network full-text search

Sometimes you need to find a CSS file that defines a color, or work out which file generates a button label on a page. Full-text search makes this possible by letting you search through all resources in the Network Monitor. Similar to other DevTools, you can open the new panel by clicking the new “Search” icon in the toolbar or using the shortcut (Windows: Ctrl Shift F, Mac: Cmd Shift F). The full-text search will highlight matches in request/response bodies, headers, and cookies.

Tip: You can use the Network panel’s existing URL and type filters to limit which requests are being matched in search.

Thanks a lot to lloan Alas, who worked on this feature as part of his Outreachy internship.

Network request blocking

Simulating blocked requests lets you test how a page loads and functions without specific files, like CSS or JavaScript. The panel is right next to the new full-text search.

You can toggle request blocking as a whole or enter individual patterns to experiment with. To make entering lists easier you can paste in multiple lines of patterns, which will be split into individual rules.

Note how blocked requests are shown in red, with a red “no entry sign” icon next to them.

Console multi-line editor mode

Another great developer tools feature in Firefox 71 is the new multi-line console. It combines the benefits of IDEs to authoring code with the workflow of repeatedly executing code in the context of the page.

If you open the regular console, you’ll see a new icon at the end of the prompt row.

Clicking this will switch the console to multi-line mode:

Here you can enter multiple lines of code, pressing enter after each one, and then run the code using Ctrl Enter. You can also move between statements using the next and previous arrows. The editor includes regular IDE features you’d expect, such as open/close bracket pair highlighting and automatic indentation.

We are starting with a small, simple feature set for now. We will add more based on the feedback we are already collecting.

Inline variable preview in Debugger

The JavaScript Debugger now provides inline variable previewing, which is a useful timesaver when stepping through your code. Previously you’d have to scroll through the scope panel to find variable values. Or, you could hover over a variable in the source pane. Now when execution pauses, you can view relevant variable and property values directly in the source.

Using our babel-powered source mapping, preview also works for variables that have been renamed or minified by build steps. Make sure to enable this power-feature by checking Map in the Scopes pane.

If you prefer less output you can toggle preview off in the new context menu option in the source pane.

Thanks a lot to Dhyey Thakore, who worked on this feature as part of his GSoC internship.

Log on Event Listeners

Finally, we’d like to talk a bit about updates to event listener breakpoints in 71. There are a couple of nice improvements available.

Log on events lets you explore which event handlers are being fired in which order without the need for pausing and stepping. This is inspired by Firebug’s Log DOM Event functionality but with more control over which events are monitored thanks to its tie in with Event Breakpoints.

So if we choose to log keyboard events, for example, the code no longer pauses as each event is fired:

Instead, we can then switch to the console, and whenever we press a key we are given a log of where related events were fired.

One issue here is that the console is showing that the keypress event is being fired somewhere inside jQuery. Instead, it’d be far more useful if we showed where in our own app code is calling the jQuery that fired the event. This can be done by finding jquery.js in the Sources panel, and choosing the Blackbox source option from its context menu.

Now the logs will show where in your app jQuery was called, rather than where in jQuery the event was fired:

There is also a new Filter by event type… text input. When you click in this input and type a search term, the list of event listener types will filter by that term, allowing you to find the events you want to break on more easily.

CSS

New in CSS in 71 we have subgrid, multicol, clip-path: path, and aspect ratio mapping.

Subgrid

A feature that has been enabled in 71 after being supported behind a pref for a while, the subgrid value of grid-template-columns and grid-template-rows allows you to create a nested grid inside a grid item that will use the main grid’s tracks. This means that grid items inside the subgrid will line up with the parent’s grid tracks, making various layout techniques much easier.

.grid {
  display: grid;
  grid-template-columns: repeat(9, 1fr);
  grid-template-rows: repeat(4, minmax(100px, auto));
}

.item {
  display: grid;
  grid-column: 2 / 7;
  grid-row: 2 / 4;
  grid-template-columns: subgrid;
  grid-template-rows: subgrid;
}

.subitem {
  grid-column: 3 / 6;
  grid-row: 1 / 3;
}

We’ve also updated the developer tools’ Grid Inspector to support subgrid! Specifically, we have:

  • allowed highlighting of multiple grids simultaneously.
  • added a “subgrid” badge to the HTML pane that appears next to elements which have been designated as a subgrid, in the same way that the “grid” and “flex” badges already work.
  • made it so that when a subgrid is highlighted, the parent is also subtly highlighted.

See the MDN Subgrid page for more details.

Multicol — column-span

CSS multicol support has moved forward in a big way with the inclusion of the column-span property in Firefox 71. This allows you to make an element span across all the columns in a multicol container (generated using column-width or column-count).

article {
  columns: 3;
}

h2 {
  column-span: all;
}

You can find a number of useful details about column-span in the article Spanning and balancing columns.

Clip-path: path()

The path() value of the clip-path property is now enabled by default — this allows you to create a custom mask shape using a path() function, as opposed to a predefined shape like a circle or ellipse.

#clipped {
  clip-path: path('M 0 200 L 0,110 A 110,90 0,0,1 240,100 L 200 340 z');
}

Aspect ratio mapping

Finally, the height and width HTML attributes on the element are now mapped to an internal aspect-ratio property.

This allows the browser to calculate the image’s aspect ratio early on and correct its display size before it has loaded if CSS has been applied that causes problems with the display size.

Read Mapping the width and height attributes of media container elements to their aspect-ratio for the full story.

JavaScript and Web APIs

We’ve had a few minor JavaScript changes in this release as well: Promise.allSettled(), the Media Session API, and WebGL multiview.

Promise.allSettled()

The most significant change comes with the support of the Promise.allSettled() method, which takes an array of promise objects as a parameter just like Promise.all().

However, whereas Promise.all() will fulfill only when all the promises passed to it have been fulfilled, Promise.allSettled() will fulfill when all the promises passed to it have been resolved (fulfilled or rejected).

const promise1 = Promise.resolve(3);
const promise2 = new Promise((resolve, reject) => setTimeout(reject, 100, 'foo'));
const promises = [promise1, promise2];

Promise.allSettled(promises).
then((results) => results.forEach((result) => console.log(result.status)));
// expected output:
// "fulfilled"
// "rejected"

Media Session API

Over in Web API land, the main new addition is partial support for the Media Session API. This API provides a standard mechanism for your content to share information about the state of media playing with the underlying operating system. It includes metadata such as artist, album, track name, or album artwork, for example.

if ('mediaSession' in navigator) {
  navigator.mediaSession.metadata = new MediaMetadata({
    title: 'Unforgettable',
    artist: 'Nat King Cole',
    album: 'The Ultimate Collection (Remastered)',
    artwork: [
      { src: 'https://dummyimage.com/96x96',   sizes: '96x96', type: 'image/png' },
      { src: 'https://dummyimage.com/128x128', sizes: '128x128', type: 'image/png' },
      { src: 'https://dummyimage.com/192x192', sizes: '192x192', type: 'image/png' },
      { src: 'https://dummyimage.com/256x256', sizes: '256x256', type: 'image/png' },
      { src: 'https://dummyimage.com/384x384', sizes: '384x384', type: 'image/png' },
      { src: 'https://dummyimage.com/512x512', sizes: '512x512', type: 'image/png' },
    ]
  });

  navigator.mediaSession.setActionHandler('play', function() { /* Code excerpted. */ });
  navigator.mediaSession.setActionHandler('pause', function() { /* Code excerpted. */ });
  navigator.mediaSession.setActionHandler('seekbackward', function() { /* Code excerpted. */ });
  navigator.mediaSession.setActionHandler('seekforward', function() { /* Code excerpted. */ });
  navigator.mediaSession.setActionHandler('previoustrack', function() { /* Code excerpted. */ });
  navigator.mediaSession.setActionHandler('nexttrack', function() { /* Code excerpted. */ });
}

The aim of this API is to allow users to know what’s playing, and to control it, without opening the specific page that launched it.

WebGL multiview

71 also sees the OVR_multiview2 WebGL extension exposed by default. This is an exciting new addition to the web platform that allows WebGL code to draw on multiple targets with a single draw call, improving performance in the process.

Multiview is especially exciting for WebXR code, in which case you always have to draw everything twice! Read Multiview on WebXR for more information.

User features

You can read about the most interesting user features added to Firefox 71 in the main Firefox 71 Release Notes.

We would however like to highlight Picture-in-picture (PIP). If you start playing a video on a web page, but then want to check out other content, you can activate PIP and keep the video playing in a small overlay while you continue to navigate the rest of the page (or other pages).

Chris Mills is a senior tech writer at Mozilla, where he writes docs and demos about open web apps, HTML/CSS/JavaScript, A11y, WebAssembly, and more. He loves tinkering around with web technologies, and gives occasional tech talks at conferences and universities. He used to work for Opera and W3C, and enjoys playing heavy metal drums and drinking good beer. He lives near Manchester, UK, with his good lady and three beautiful children.

More articles by Chris Mills…

firefox-browser-will-block-the-iab’s-digitrust-universal-id

Mozilla intends to block the DigiTrust consortium from tracking users in its Firefox browser, a blow for the IAB-led effort to create a standardized online user ID that’s designed to reduce the online ad industry’s reliance on third-party cookies.

DigiTrust, a non-profit acquired by the IAB Tech Lab last year, is working to create a universal, persistent and anonymized user ID. Member companies include prominent ad tech players MediaMath, OpenX, LiveRamp and others. Buy-side DigiTrust members pay a monthly fee to participate, while publisher participants access the service for free.

Similar to other shared identity solutions, DigiTrust offers a pseudonymous and encrypted identifier that can be stored in a first-party cookie provided by the publisher. Other participants can utilize the same identifier on subsequent bid requests and user visits to that publisher’s site via the browser, instead of needing to submit third-party network requests each time a person loads a publisher’s webpage.

Theoretically, shared IDs using first-party cookies offer multiple benefits, such as quicker page-load times due to less third-party cookie-syncing behind the scenes. They can also mitigate the risk of data leaks in the bid-stream (a big concern as it relates to Europe’s General Data Protection Regulation.) Meanwhile, third-party cookies are increasingly being throttled by browsers.

The immediate impact of Firefox’s move to block DigiTrust isn’t clear. Firefox only has a 4% share of the global browser market, according to Statcounter. That’s behind leading browsers, Google’s Chrome (65%) and Apple’s Safari (16%), latter of which has sophisticated tracker prevention features. Still, it’s a setback on the quest toward a common ID solution.

IAB Tech LAB svp of Membership and Operations Jordan Mitchell said in an emailed statement that Firefox’s decision did not come as a surprise.

“We know certain companies take the position that there is no sufficient consumer value to justify ‘tracking’ — anonymous audience recognition — of any kind, not even for use in communicating privacy choices,” Mitchell said. “They believe no third party can be trusted. We take a different position: that trust should be established directly between consumers and the brands, and publishers they trust, and with the third parties that those brands and publishers trust.”

He added, “IAB Tech Lab will continue to work on improving mechanics for privacy and trust, through consumer privacy choices and system-level, industrywide accountability — and we think there’s value for DigiTrust as a shared resource and utility in this context.”

Mozilla leans on an open-source list of trackers compiled by privacy software company Disconnect to inform its Enhanced Tracking Prevention feature, which was introduced in September.

On Nov. 11, John Wilander, an Apple WebKit engineer who works on Safari’s ITP, filed an issue on Mozilla’s “Bugzilla” forum asking why Firefox did not treat the Digitru.st domain as a tracker. (Apple, which relies on machine learning rather than block lists, already prevents DigiTrust cross-site tracking on Safari.) The same day, Mozilla privacy engineer Steven Englehardt raised an issue on Disconnect’s developer forum asking whether DigiTrust should be added to the list.

“We reviewed this issue in the normal course of business beginning that week and determined that although DigiTrust’s service may not track users directly, which is why they were not previously blocked, they clearly enable other services to track, and therefore we updated our definition of tracking to encompass this type of behavior, which we see as a growing threat to consumer privacy,” said Casey Oppenheim, Disconnect co-founder.

A Mozilla spokeswoman confirmed that “cookie-based tracking for DigiTrust will be blocked in a future version of Firefox.”

DigiTrust isn’t the only player pushing for the adoption of a universal ID. LiveRamp and The Trade Desk are among the other organizations offering ID solutions. The Trade Desk and LiveRamp domains are also on Disconnect’s blocklist — although LiveRamp’s ID solution doesn’t rely on cookies.

Regulation could prove the bigger roadblock to universal ID solutions. The California Consumer Privacy Act takes effect in January and there is still a level of uncertainty in the ad tech industry as to exactly how the privacy law will apply to third-party cookies used for advertising. The U.K. data regulator has warned that the current real-time-bidding ad tech landscape is not compliant with the European Union’s General Data Protection Regulation.

“The industry seems to think there is a basic industry right for tracking and targeting of users for advertising purposes, but I don’t see the regulators following this logic at all,” said Ruben Schreurs, CEO of consulting firm Digital Decisions.

Meanwhile, Google is set to make an announcement in February about how it will treat third-party cookies in Chrome.

David Kohl, CEO of ad tech company TrustX, a member of DigiTrust, said the entire cookie-based advertising infrastructure needs a rethink that involves prioritizing consumer interests, rather than ad tech’s commercial interests.

“We need to start again with a clean sheet and say, how do we create a capability for consumers to understand what identity means on the internet, how it’s used, and how to control it,” Kohl said.

10-useful-firefox-developer-tools-you-should-know

Firefox being “developer’s browser” has many great tools to help make our work easier. You can find more on its tool collection on the Firefox Developer Tools webpage and can also try their Developer Edition Browser which has more features and tools that are being tested.

For this post, I’ve listed 10 handy tools you might like from its developer tools collection. I’ve also demonstrated what these tools can do with GIFs plus how to access them for quick reference.

Read Also: 40 Firefox Add-ons For Better Productivity

1. View horizontal and vertical rulers

Firefox tool - ruler

Firefox has a ruler tool that displays both horizontal and vertical rulers with pixel units on the page. The tool is useful for arranging your elements across the page.

To access rulers through the menu:

  1. Go to: ☰ > Developer > Developer Toolbar (shortcut: Shift F2).
  2. Once the toolbar appears at the bottom of the page, type rulers.
  3. Pess Enter.

To make this appear on the developer tools window:

  1. Go to “Toolbox Options”.
  2. Under the “Available Toolbox Buttons” section, check the “Toggle rulers for the page” checkbox.

2. Take screenshots using CSS selectors

Firefox tool - screenshot

Although the Firefox toolbar lets you take screenshots of the full page or visible portions, in my opinion the CSS selector method is more useful for capturing screenshots of individual elements as well as for elements that are visible on mouse-hover only (like menus).

To take screenshots through the menu:

  1. Go to ☰ > Developer > Developer Toolbar (shortcutShift F2).
  2. Once the toolbar appears at the bottom of the page, type screenshot --selector any_unique_css_selector.
  3. Press enter.

To make this appear on the developer tools window:

  1. Click “Toolbox Options” and under “Available Toolbox Buttons” section.
  2. Check “Take a fullpage screenshot” checkbox.

3. Pick colors from web pages

Firefox tool - colorpicker

Firefox has a built-in color picker tool by the name of “Eyedropper”.

To access the “Eyedropper” tool through menu go to ☰ > Developer > Eyedropper.

To make this appear on the developer tools window: click “Toolbox Options” and under “Available Toolbox Buttons” section check “Grab a color from the page” checkbox.

4. View page layout in 3D

Firefox tool - 3d view

Viewing webpages in 3D helps with layout problems. You’ll be able to see the different layered elements much more clearly in 3D view. To view the webpage in 3D, click the “3D View” tool button.

To make this appear on the developer tools window, click “Toolbox Options” and under “Available Toolbox Buttons” section check the”3D View” checkbox.

5. View browser style

Firefox tool - browser style

Browser Styles consist of two types: the default style a browser assigns for every element, and the browser-specific styles (the ones with the browser prefix). By taking a look at the browser styles you’ll be able to diagnose any override issues in your stylesheet and also come to know of any existing browser specific styles .

To access “Browser styles” through menu:

  1. Go to ☰ > Developer > Inspector.
  2. Click the “Computed” tab in the right section.
  3. Check the “Browser styles” checkbox.

You can also open the “Inspector” tab through the shortcut Ctrl Shift C and then accessing “Browser styles”.

6. Disable JavaScript for current session

Firefox tool - disable JS

For best practice and screen reader compatibility it is always advised to code any website in such a way that its functionality is not hindered in a javascript-disabled environment. To test for such environments, you can disable the JavaScript for the session you’re working in.

To disable JavaScript for current session click “Toolbox Options” and under “Advanced settings” section check the “Disable JavaScript*” checkbox.

7. Hide CSS style from the page

Firefox tool - disable style

Just like JavaScript, due to accessibility concerns it is best to design websites in such a way that the pages should still be readable even without any styles. To see how the page looks without any style, you can disable them in the developer tools.

To remove any CSS style (inline, internal or external) applied on a webpage, just click on the eye symbol of the listed stylesheets in the “Style Editor” tab. Click it again to revert to the original view.

To access “Style Editor” through menu go to ☰ > Developer > Style Editor (shortcut: Shift F7.

8. Preview the HTML content response to a request

Firefox tool - preview response

Firefox developer tools has an option to preview the HTML content type responses. This helps the developer to preview any 302 redirects and check whether any sensitive information has been rendered or not in the response.

To access “Preview” through menu:

  1. Go to ☰ > Developer > Network (shortcut: Ctrl Shift Q.
  2. Open the webpage of your choice or reload the current page, click on the desired request (with HTML response) from the list of requests.
  3. Click the “Preview” tab in the right section.

9. Preview webpage in different screen sizes

Firefox tool - responsive

To test a webpage for its responsiveness use the “Responsive Design View”, which can be accessed by ☰ > Developer > Responsive Design View or with the shortcut: Ctrl Shift M.

To make the “Responsive Design Mode” tool button appear, click “Toolbox Options” and under the “Available Toolbox Buttons” section, check “Responsive Design Mode” checkbox.

10. Run JavaScript on pages

Firefox tool - responsive

For quick JavaScript executions on any webpage simply use the “Scratchpad” tool of Firefox. To access “Scratchpad” through the menu go to; ☰ > Developer > Scratchpad or use the keyboard shortcut Shift F4.

To make the “Scratchpad” tool button appear on the developer tools window for quick use: click “Toolbox Options” and under the “Available Toolbox Buttons” section check the “Scratchpad” checkbox.

firefox-lite-2.0-for-android-is-out-now-[apk-download]

Mozilla Taiwan’s Firefox Lite — previously Firefox Rocket, then Lite, then Rocket again — is pleasingly snappy to use, with a focus on light browsing and privacy. The Chromium-based app blocks ads and trackers by default, allowing for lightning-fast browsing under the decreased bandwidth. After having its name changed four times, Firefox Lite has been updated to version 2.0.

Lite’s new update comes with some fun and handy features, my personal favorite of which is built-in, full-page screenshots. On the home page you’ll have access to a number of games (fun) as well as a very pared-down news page (handy). Both pages load quickly and the games launch right away within the browser.  Also on the homepage is a search bar specifically for comparing product pricing, which may come in especially handy considering the upcoming holidays.

Firefox Lite does have a few minor shopping-related features region-locked to Asia, but in all the 2.0 update is worth checking out if you’re mindful of your privacy and are on the prowl for a light, airy browser. If you’re outside of Asia and looking for a download, you can snag your copy from APK Mirror.

Firefox Lite — Fast Web Browser, Free Games, News

Firefox Lite — Fast Web Browser, Free Games, News

firefox-web-browser-turns-15-years-old-today

Even if you don’t use Firefox as your web browser of choice, there’s no denying that it has profoundly impacted the Web over its lifetime. Just how long has its lifetime been, you ask? Well, as of today, Firefox is 15 years old.

Firefox 1.0 was released on this day (November 9th) in 2004, two years after the first public builds became available under the name “Phoenix.” The browser’s lineage actually dates back much farther than that, as Firefox was an open-source continuation of Netscape Navigator, which had its first initial release in 1994.

A lot has changed in the last 15 years.

What hasn’t is our commitment to creating an open, diverse and secure internet. https://t.co/OMfzKZ509W

— Firefox ? (@firefox) November 8, 2019

? Happy 15h birthday @firefox ?

Firefox 1.0 was released on November 9th, 2004. The scrappy alternative to Internet Explorer 6 (☠️) had revolutionary features such as tabbed browsing (!), popup blocking, themes, and extensions. ?

It changed the world. Really, it did ?? pic.twitter.com/LekBwUtF9T

— Changelog (@changelog) November 9, 2019

Firefox has seen accelerated development over the past few years, especially with ‘Project Quantum,’ the ongoing effort to rewrite parts of the engine in the super-fast Rust programming language. The Android version is undergoing a complete transformation at the moment, currently available as ‘Firefox Preview‘ on the Play Store.

Happy birthday Firefox, and here’s to the next 15 years! ?

Firefox Browser: fast , private & secure browsing

Firefox Browser: fast , private & secure browsing

firefox-will-automatically-block-website-notifications-in-2020

There are plenty of sites on the web which serve you with an annoying pop-up notification every time you visit it. I’ve even stopped visiting some of them because of that.

Now, Firefox is stepping in to stop notification abuse. Starting early next year, the desktop version of the browser (version 72) will block them from popping up and show them as a small icon in the address bar.

In April, the company announced its rolling this test out to select users and its nightly build (test build). Users had to specifically click on the notification bubble to take action. It also started to gather data on how users interacted with notifications anonymously.

Through this study, it found 99 percent of notification prompts were unaccepted and 48 percent were actively denied by users. It also noted if the prompts were based on user interactions, they got a more positive response. You can read the full study here.

As reported by Techdows last month, Google Chrome is working on a similar feature. But till it rolls out, you can refer to our guide to block notifications on the browser.

Read next:

Bitfinex and Kim Dotcom ‘mutually agree’ to delay Kimcoin’s token sale

firefox-preview/geckoview-add-ons-support

Back in June, Mozilla announced Firefox Preview, an early version of the new browser for Android that is built on top of Firefox’s own mobile browser engine, GeckoView. We’ve gotten great feedback about the superior performance of GeckoView so far. Not only is it faster than ever, it also opens up many opportunities for building deeper privacy features that we have already started exploring, and a lot of users were wondering what this step meant for add-ons.

We’re happy to confirm that GeckoView is currently building support for extensions through the WebExtensions API. This feature will be available in Firefox Preview, and we are looking forward to offering a great experience for both mobile users and developers.

Bringing GeckoView and Firefox Preview up to par with the APIs that were supported previously in Firefox for Android won’t happen overnight. For the remainder of 2019 and leading into 2020, we are focusing on building support for a selection of content from our Recommended Extensions program that work well on mobile and cover a variety of utilities and features.

At the moment, Firefox Preview does not yet officially support extensions. While some members of the community have discovered that some extensions inadvertently work in Firefox Preview, we do not recommend attempting to install them until they are officially supported as other issues may arise. We expect to implement support for the initial selection of extensions in the first half of 2020, and will post updates here as we make progress.

If you haven’t yet had a chance, why don’t you give Firefox Preview a try and let us know what you think.

today?s-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default

Today, Firefox on desktop and Android will — by default — empower and protect all our users by blocking third-party tracking cookies and cryptominers. This milestone marks a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox.

Firefox’s Enhanced Tracking Protection gives users more control

For today’s release, Enhanced Tracking Protection will automatically be turned on by default for all users worldwide as part of the ‘Standard’ setting in the Firefox browser and will block known “third-party tracking cookies” according to the Disconnect list. We first enabled this default feature for new users in June 2019. As part of this journey we rigorously tested, refined, and ultimately landed on a new approach to anti-tracking that is core to delivering on our promise of privacy and security as central aspects of your Firefox experience.

Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default. Enhanced Tracking Protection works behind-the-scenes to keep a company from forming a profile of you based on their tracking of your browsing behavior across websites — often without your knowledge or consent. Those profiles and the information they contain may then be sold and used for purposes you never knew or intended. Enhanced Tracking Protection helps to mitigate this threat and puts you back in control of your online experience.

You’ll know when Enhanced Tracking Protection is working when you visit a site and see a shield icon in the address bar:

When you see the shield icon, you should feel safe that Firefox is blocking thousands of companies from your online activity.

For those who want to see which companies we block, you can click on the shield icon, go to the Content Blocking section, then Cookies. It should read Blocking Tracking Cookies. Then, click on the arrow on the right hand side, and you’ll see the companies listed as third party cookies that Firefox has blocked:

If you want to turn off blocking for a specific site, click on the Turn off Blocking for this Site button.

Protecting users’ privacy beyond tracking cookies

Cookies are not the only entities that follow you around on the web, trying to use what’s yours without your knowledge or consent. Cryptominers, for example, access your computer’s CPU, ultimately slowing it down and draining your battery, in order to generate cryptocurrency — not for yours but someone else’s benefit. We introduced the option to block cryptominers in previous versions of Firefox Nightly and Beta and are including it in the ‘Standard Mode‘ of your Content Blocking preferences as of today.

Another type of script that you may not want to run in your browser are Fingerprinting scripts. They harvest a snapshot of your computer’s configuration when you visit a website. The snapshot can then also be used to track you across the web, an issue that has been present for years. To get protection from fingerprinting scripts Firefox users can turn on ‘Strict Mode.’ In a future release, we plan to turn fingerprinting protections on by default.

Also in today’s Firefox release

To see what else is new or what we’ve changed in today’s release, you can check out our release notes.

Check out and download the latest version of Firefox available here.

how-to-build-firefox

Firefox Nightly

Open source is a dream and a gateway to an amazing career — I’m a testament to that. One of the most amazing open source projects to ever exist, Mozilla Firefox, is a project I’m proud to work on as an employee of Mozilla. It’s rewarding, challenging, and a unique experience…and I want you to join me!

Take a few moments with me to learn how to build the amazing Firefox!

Step 1: Clone Mozilla Central

Mozilla Central is the name of the mercurial repository that contains the source code of Firefox. Start by installing mercurial and cloning “MC”:

hg clone https://hg.mozilla.org/mozilla-central/

hg clone {repo_url} is the first and most basic mercurial command, but check out my Mercurial Productivity Tips post to learn more hg commands! “MC” will be installed in a mozilla-central directory.

Step 2: Install Dependencies

From C to Rust, Firefox has a fair bit of requirements you’ll need to install. From within the mozilla-central directory, run the following:

./mach bootstrap

The bootstrap command will install dependencies as well as configure mercurial extensions as required. Congratulations — you’re now ready to build!

Step 3: Create a mozconfig

You’ll thank me for this one! Create a mozconfig file to use artifact builds, which will save loads of time during the build process by downloading pre-built binaries for Firefox’s internals.

# Automatically download and use compiled C   components:
ac_add_options --enable-artifact-builds

# Write build artifacts to:
mk_add_options MOZ_OBJDIR=./objdir-frontend

Place the code above in your mozconfig file and you’re builds will be super fast!

Step 4: Build!

Once you have the code and the dependencies, it’s time to build the amazing Firefox! You can build Firefox with the following command:

./mach build

Hello Firefox!

Step 5: Run Firefox

Once you’ve built the amazing Firefox, you can run Firefox with the following mach command:

./mach run --jsdebugger

Congratulations! You’ve taken the Firefox source code and turned it into an application that you can run! The --jsdebugger option opens the “browser toolbox” which allows you to debug the Firefox you’ve just built.

Updating Mozilla Central Code

The Mozilla Central repository is updated several times a day as Mozilla employees and contributors like you submit patches. You can update your local checkout with the following:

hg pull && hg update --clean

You local commits will always be draft status while patches which have been merged into MC will be public status.

Configuring Options

Whenever Firefox developer and the community develop new features, they’re hidden behind a preference until the feature reaches maturity. To toggle feature flags, you can visit about:config in your local Firefox or any Firefox release.

about:config

The config page allows you to toggle and set a number of options. Many “edge” features debut behind feature flags in Firefox Nightly.

Congratulations! You’ve turned a massive repository of code into a living, breathing Firefox web browser! In the next post in the Firefox series, we’ll contribution and testing!