Security Alerts

People are still complaining about how Mozilla is removing support for NPAPI plugins (Silverlight and Java specifically) in the upcoming Windows 64-Bit release of Firefox (now tentatively scheduled for Firefox 42 in November) even though the move is not that unusual given the trend to move away from NPAPI plugins by other browsers. Microsoft’s Edge Browser (Windows 10 only) does not support Active X or any of the NPAPI plugins (Flash is integrated not a plugin). On Tuesday, September 1st Google released Chrome 45 which ended the browser’s support of NPAPI plugins as well. I found this out when I…

Read More

Pepper Flash with Firefox?

I don’t know anything about this distro but the use of Pepper Flash with Firefox is interesting.I’m wondering if the other “flavors” will do this. Notable changes: Nemo updated to 2.6.7 Running kernel 3.13.0-63 Firefox 40.0.3 Fixed Grub installing issues. Fixed Docky & Network issues after waking from suspend. Using Pepper Flash in Firefox instead of Adobe Flash. Added the H.265/HEVC Codec for VLC. Source: Pinguy OS

Read More

No Win64 Firefox Until Firefox 42?

The plans to ‘officially’ release a Win64 release of Firefox have now been pushed back to Firefox 42 (November 2015). As you may recall it was suppose to be Firefox 40 (August 2015) then was pushed to Firefox 41 (September 2015). The reason for the delay as described in Bug 1185532 has to do with the sandboxing feature for the 64-Bit Flash not working correctly.

Read More

Mozilla is moving right along with getting Firefox 41 ready to ship for the September 22nd release. Having had a chance to play with the current Beta version of Firefox 41, here are THREE major changes users should be aware of to avoid headaches upon updating/downloading: New ‘New Tab’ behavior. Gone are the days users could set their preference as to what comes up when they open a new tab via the browser.newtab.url preference in about:config. Nope, that was being ‘exploited’ so Mozilla removed this functionality that has been in Firefox since Firefox 13 (June 2012). There is a simple solution, Custom New…

Read More

I understand what Mozilla is doing with in the Win64 Firefox in regards to only allowing the Flash NPAPI plugin. It starts to make sense if you look at the browser ‘market’ as a whole. Microsoft’s new Edge browser (Windows 10) does not support SilverLight and Java and neither does/will Chrome (Google plans to phase out NPAPI plugins by end of 2015). All of these browsers including the Win64 Firefox do support Flash. Also, remember Flash is integrated (no plugin) into Chrome as Google bribed paid Adobe to build a custom version of Flash directly into Chrome. It is almost painful…

Read More

On August 6, 2015 Mozilla released an emergency security update for Firefox 38 ESR and Firefox 39 with the Firefox 38.1.1 ESR and Firefox 39.0.3 releases. These releases were a result of MFSA 2015-78: Same origin violation and local file stealing via PDF reader. From The Mozilla Security Blog: The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able…

Read More

WARNING: Fake Windows 10 Upgrade Email

Something I have learned over the years, Microsoft is never going to offer you something via email and if it looks fishy it is! So, now there is a ransomware email going around originating Thailand (with the address update@microsoft.com) claiming to be from Microsoft with a Windows 10 installer already attached (how handy!)  First red flag should be getting an unsolicited email from Microsoft, much less one WITH an attachment. Windows Insider Program participants will get emails from Microsoft, but those will not have attachments. Next, there is an encoding issue with the email (likely since it originated from Thailand) though overall…

Read More

Win64 Firefox NOT Coming with Firefox 40

Javaun Moradi announced earlier in bug 1181014 (this was the bug about how to ‘market’ the Win64 builds on Mozilla.org): Folks, we’ve decided not to release win64 builds in Fx40. We have many improvements coming in 41 — sandboxing and NPAPI whitelisting, and possibly some other fixes — and it makes sense to hold. I as much as anyone want to see 64 launch, but given the enthusiasm, it’s better to wait for a product that has safety and polish 41 will bring. He also commented in bug 1180792 (enabling Win64 builds on release channel): Our original plan was a quiet soft-launch in 40,…

Read More

Truthful, but not very PC…

So, still no official (or even unofficial) explanation from Mozilla as to why they suddenly (as in July 9th) banished Silverlight NPAPI from the upcoming Win64 Firefox releases. Mozilla’s silence on this dramatic change with the Win64 Fx is a bad thing for things to come. Why are they being so secretive? Why choose the worse of two evils (Flash)? Why continue to support a plugin that everyone (including Facebook) is trying to move away from (Flash > HTML5)? So yesterday the discussion in Bug 1165981 (this was the bug that was suppose to Whitelist BOTH Flash and Silverlight NPAPI in…

Read More

In a very odd move Mozilla has made a change to the latest Firefox Nightly (Firefox 42) Win64 which only allows the Shockwave Flash NPAPI plugin. Note: the Prime Content Decryption and Open H264 are now standard all will always be supported. While Shockwave Flash is still supported Silverlight is not. Simple enough, just install the plugin and you’re ready to go. Users won’t be able to install Silverlight in the Win64 version of Firefox since it is not allowed. Microsoft’s Silverlight is used by Netflix and Amazon Video along with many other Video on Demand (VOD) sites (especially outside the US). This is a result…

Read More