Security

Following in the footsteps of Mozilla and Apple, Google is going to be removing all trust for WoSign and StartCom Certificates with Chrome 61 (current  version is 59) as well as Android browser. Mozilla has been very aggressive in enforcing their Mozilla’s CA Certificate Policy as was the case in April 2015 with the Firefox 37.0.1 release which Mozilla banned China Internet Network Information Center (CNNIC) issued Certificates. Once again another China based CA has ‘misbehaved’: About a year ago, Mozilla uncovered that a Chinese Certificate Authority (CA) called WoSign had a number of technical and management failures, which included…

Read More

New Ad Blocking coming to Chrome and Safari

The New Chrome and Safari Will Reshape the Web – WIRED www.wired.com Apple and Google are cracking down on obnoxious online ads. And they just might change the way the web works in the process. Last week Google confirmed that Chrome … Came across this article today while doing some research on claims that some websites will deny you access if your using the browser’s ‘reader mode’. There are already many sites that will block you if you are using an AdBlocker type of extension. There are even some that will not allow you to access the site if you…

Read More

Firefox 48: first Rust component onboard

“… Firefox 48 will be the first version of Firefox that ships with a Rust component. The component in question is a media parser written in Rust. That may not sound too exciting at first, but considering that media playback code is a primary attack vector on desktop and mobile systems alike, it is of significance. …” Source: gHacks Tech NewsDetails  Firefox 48: first Rust component onboard

Read More

In many ways I hope I am wrong about this. Firefox is still a good browser (compared to Internet Explorer at least), but the Mozilla Developers continue to be indifferent towards the users. They have also deviated away from the original goals of keeping Firefox as small and lean as possible. In 2014, Firefox saw a drop in user base when the dramatic (and unwanted) user interface change known as Australia’s landed. Though most, if not all the changes made by this could be undone with The Classic Theme Restorer (CTR) add-on. Fastforward a year later and Mozilla Developers are still doing…

Read More

Like it or not, Extension Signing starts with Firefox 40 (coming August 2015). The Mozilla Wiki has quite a bit of information about extension signing. Signing will be done through addons.mozilla.org (AMO) and will be mandatory for all extensions, regardless of where they are hosted. Here is a timeline of when and how Extension Signing is going to be enforced: Firefox 40: Firefox warns about signatures but doesn’t enforce them. Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled. Firefox 42: Release and Beta versions of Firefox will not allow unsigned extensions to be installed, with no…

Read More

More Ramblings on Pocket

Ah yes, Pocket the third-party feature nobody wanted, but Mozilla decided they would integrate into Firefox anyway. Well, that is not really fair to say. Apparently about 220K Firefox user (less than 1% of the user base) have downloaded Pocket when it was only an add-on. Mozilla makes it sound like it is no big deal saying that its impact on memory is minimal. Um okay, but I don’t think most users are concerned about the resources Pocket uses. They are upset about the integration of a third-party service as in from another company (NOT Mozilla) into their Firefox browser without their consent. A…

Read More

Favicon Bug

This is a really an odd one and it affects both Chrome and Firefox (possibly Safari as well), but NOT Internet Explorer. If you have had unexplained crashes while/after visiting a WordPress (WP) site, it is possible it could be caused by this bug. The good news is this bug has been reported to Mozilla [Bug 1174811] and it was patched on Wednesday (June 17th). Just not sure yet when it is going to be pushed out. Firefox 39 is due out in less than two weeks (June 30th), but then there could also be a 38.0.6 release between now and then (though…

Read More

Turn Firefox into a Security Information Powerhouse

“The majority of things that happen when you load a website in your browser of choice happen in the background. Unless you have installed security extensions in the browser or software on the system, you may be completely unaware of the connections that are initiated when a page is loaded in the browser.“While you can check that manually using the browser’s developer tools (hit F12 and switch to network for that), it is only displaying information to you while the page is loading.“The Firefox web browser is probably the browser with the best selection of extensions that provide you with…

Read More

Last night Mozilla announced on The Mozilla Security Blog: Deprecating Non-Secure HTTP. There’s pretty broad agreement that HTTPS is the way forward for the web.  In recent months, there have been statements from IETF, IAB (even the other IAB), W3C, and the US Governmentcalling for universal use of encryption by Internet applications, which in the case of the web means HTTPS. After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web. While they don’t specify in details as to “removing capabilities from…

Read More

Firefox 37.0.2 Released

Mozilla released an update to the Firefox 37 branch on Monday, April 20th with the Firefox 37.0.2 release. This update addressed these issues: Google Maps may render incorrectly in some cases Stability fixes for select graphics hardware and feature sets Mozilla Foundation Security Advisory (MFSA) 2015-45: Memory corruption during failed plugin initialization Depending on their update settings, users will be prompted to update within the next 24-48 hours. Users can also manually update by going to the Firefox Help Menu and selecting About Firefox and follow the prompts to update. Alternatively users can also down and manually install the update…

Read More