Jump to content

Search the Community

Showing results for tags 'mozilla'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.12.0/ EXE: Win x86: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.12.0/win32/en-US/Thunderbird Setup 78.12.0.exe Win x64: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.12.0/win64/en-US/Thunderbird Setup 78.12.0.exe MSI: Win x86: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.12.0/win32/en-US/Thunderbird Setup 78.12.0.msi Win x64: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.12.0/win64/en-US/Thunderbird Setup 78.12.0.msi
  2. Mozilla launches Ideas platform to improve communication with its userbase Mozilla Ideas is a new platform by Firefox maker Mozilla to improve communication with the Firefox userbase. At its core, Ideas works similarly to Uservoice and other services of its kind. Firefox users and developers may post new content on the platform, and everyone else may comment and vote on the idea. The introduction on the main page reveals Mozilla's intentions with the platform: This is where we grow our next generation of ideas, designs, experiments and products. You can take a look at the big problems we're working on, challenges we're exploring and bring your ideas to the conversation as we shape up and ship our next generation of software and services. The service is powered by Crowdicity, a third-party service. An account is required to interact with the service, e.g. to post new ideas, leave comments or vote. A Firefox account is not supported, but you may sign-in with any email address or by using social media accounts. Users may access the latest, top voted, most discussed or even random topics on the Ideas platform. Current ideas include re-adding the compact interface option, improving the master password protection, or providing a higher contrast default theme. A click on an idea displays its description, user comments, stats, and options to subscribe to the idea or give it a thumbs up vote. Mozilla employees participate on the site, but they are not highlighted in any way. Ideas features challenges as well. These are topics that Mozilla would like to gather ideas for. Current challenges include "stay safe and private online", "search and navigate the web", or "customizing, extensions and themes". Users of the site may publish ideas related to a challenge, and when you select one, all active ideas that have been posted already are shown. Closing words Mozilla Ideas serves two main purposes: first, to improve communication with the Firefox userbase, and second, to move user posts from Mozilla's bug tracking site to the new Ideas platform. Mozilla employees are interacting on the Ideas platform, and it is likely that popular ideas will get the attention of the organization. Whether that will lead to changes on the platform remains to be seen. Mozilla launches Ideas platform to improve communication with its userbase
  3. https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.11.0/ EXE: Win x86: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.11.0/win32/en-US/Thunderbird Setup 78.11.0.exe Win x64: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.11.0/win64/en-US/Thunderbird Setup 78.11.0.exe MSI: Win x86: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.11.0/win32/en-US/Thunderbird Setup 78.11.0.msi Win x64: https://download-installer.cdn.mozilla.net/pub/thunderbird/releases/78.11.0/win64/en-US/Thunderbird Setup 78.11.0.msi
  4. Mozilla working on several macOS improvements for Firefox It is weekly Firefox Nightly news, Mozilla has said that it’s working on a number of items in the macOS version of Firefox to improve how native it feels. The changes outlined include scrollbars squishing during rubber-banding (hitting the bottom and top of web pages), the arrival of native fullscreen, and improvements to enhanced dark mode handling. The latter two items can be toggled on in Firefox Nightly for testing. The current version of Firefox on the Nightly channel is version 90, the release after the big interface overhaul due on June 1. Firefox 90 is expected to launch on July 13, 2021, according to FX Trains which tracks Firefox releases. According to Mozilla, the new squishy scrollbars are enabled in Firefox Nightly but native fullscreen and the dark mode enhancements need to be enabled. To enable native fullscreen, head to about:config and turn on full-screen-api.macos-native-full-screen. To turn on enhanced dark mode support, go into about:config again and enable widget.macos.respect-system-appearance. The work on native fullscreen and support for enhanced dark mode is still underway so you should be aware that you may experience problems after enabling these features in Firefox Nightly. As long as Mozilla doesn’t run into any major issues, we could see all of these improvements arrive with the stable release of Firefox 90. Source: Mozilla working on several macOS improvements for Firefox
  5. Mozilla is working on Firefox background updates on Windows This week, Mozilla enabled a new feature in the Nightly version of the organization's Firefox web browser designed to improve the updating functionality of the browser on Windows. The new functionality enables background updates for Firefox on Windows, even if the browser is not running at the time. Mozilla plans to introduce the new updating functionality in Beta and Stable versions of the web browser when these hit version 89. Firefox 89 Stable will be released on June 1, 2021 according to the official release schedule. The change improves the updating behavior of the Firefox web browser. Firefox users may use policies to block the new behavior. Mozilla engineer Nick Alexander explains the inner workings of the new updating mechanism on the Firefox Dev Google Groups forum. the default Firefox profile (for each OS-level user) will schedule OS-level tasks that run periodically [2]. These tasks invoke Firefox in a stripped-down headless “background task mode” [3] that pumps the update cycle before exiting. These tasks have been designed to not process updates when other Firefox instances are running, so they should not force restarts of running instances; and they access (lock) the default profile for only a very short period of time so they should not prevent starting Firefox for regular browsing. If you need to disable this functionality, about:preferences should show a checkbox in the “Updates” section for you to disable, or you can set the BackgroundAppUpdate Firefox policy to false.ps forum. In other words: Firefox will use a scheduled task on the system level to run update checks, download updates and install the downloaded updates. The task is configured to run every 7 hours, but only if Firefox is not running. The task, named Firefox Nightly Background Update followed by hex code in the Nightly version, is automatically installed by Nightly and will be reinstalled automatically as well if deleted. The name will be adjusted for Beta and Stable versions of Firefox. Firefox users who want to disable the task need to use the Enterprise policy BackgroundAppUpdate to do so. If the policy is set to False, Firefox does not try to install updates when the application is not running. The policy affects the Firefox preference app.update.background.enabled, but just setting the preference does not have any effect at the time of writing. If the scheduled task is deleted, it is reinstated regardless of the state of the preference. Disabling the task in the Task Scheduler on the other hand does not seem to enable it again, at least not during the same session. More data is needed to find out if Nightly updates make changes to the task's state. Interested users can follow the development on [email protected] Source: Mozilla is working on Firefox background updates on Windows
  6. Mozilla winds down DeepSpeech development, announces grant program In 2017, Mozilla launched DeepSpeech, an initiative incubated within the machine learning team at Mozilla Research focused on open sourcing an automatic speech recognition model. Over the next four years, the DeepSpeech team released newer versions of the model capable of transcribing lectures, phone conversations, television programs, radio shows, and other live streams with “human accuracy.” But in the coming months, Mozilla plans to cease development and maintenance of DeepSpeech as the company transitions into an advisory role, which will include the launch of a grant program to fund a number of initiatives demonstrating applications for DeepSpeech. DeepSpeech isn’t the only open source project of its kind, but it’s among the most mature. Modeled after research papers published by Baidu, the model is an end-to-end trainable, character-level architecture that can transcribe audio in a range of languages. One of Mozilla’s major aims was to achieve a transcription word error rate of lower than 10%, and the newest versions of the pretrained English-language model achieve that aim, averaging around a 7.5% word error rate. It’s Mozilla’s belief that DeepSpeech has reached the point where the next step is to work on building applications. To this end, the company plans to transition the project to “people and organizations” interested in furthering “use-case-based explorations.” Mozilla says it’s streamlined the continuous integration processes for getting DeepSpeech up and running with minimal dependencies. And as the company cleans up the documentation and prepares to stop Mozilla staff upkeep of the codebase, Mozilla says it’ll publish a toolkit to help people, researchers, companies, and any other interested parties use DeepSpeech to build voice-based solutions. DeepSpeech: A brief history Mozilla’s work on DeepSpeech began in late 2017, with the goal of developing a model that gets audio features — speech — as input and outputs characters directly. The team hoped to design a system that could be trained using Google’s TensorFlow framework via supervised learning, where the model learns to infer patterns from datasets of labeled speech. The latest DeepSpeech model contains tens of millions parameters, or the parts of the model that are learned from historical training data. The Mozilla Research team started training it with a single computer running four Titan X Pascal GPUs but eventually migrated it to two servers with 8 Titan XPs each. In the project’s early days, training a high-performing model took about a week. In the years that followed, Mozilla worked to shrink the DeepSpeech model while boosting its performance and remaining below the 10% error rate target. The English-language model shrank from 188MB to 47MB and memory consumption dropped by 22 times. In December 2019, the team managed to get DeepSpeech running “faster than real time” on a single core of a Raspberry Pi 4. Mozilla initially trained DeepSpeech using freely available datasets like TED-LIUM and LibriSpeech as well as paid corpora like Fisher and Switchboard, but these proved to be insufficient. So the team reached out to public TV and radio stations, language study departments in universities, and others they thought might have labeled speech data to share. Through this effort, they were able to more than double the amount of training data for the English-language DeepSpeech model. Inspired by these data collection efforts, the Mozilla Research team collaborated with Mozilla’s Open Innovation team to launch the Common Voice project, which seeks to collect and validate speech contributions from volunteers. Common Voice consists not only of voice snippets but of voluntarily contributed metadata useful for training speech engines, like speakers’ ages, sex, and accents. It’s also grown to include dataset target segments for specific purposes and use cases, like the digits “zero” through “nine” and the words “yes,” ” no,” ” hey,” and ” Firefox.” Today, Common Voice is one of the largest multi-language public domain voice corpora in the world, with more than 9,000 hours of voice data in 60 different languages including widely spoken languages and less-used ones, like Welsh and Kinyarwanda. Over 164,000 people have contributed to the dataset to date. To support the project’s growth, Nvidia today announced that it would invest $1.5 million in Common Voice to engage more communities and volunteers and support the hiring of new staff. Common Voice will now operate under the umbrella of the Mozilla Foundation as part of its initiatives focused on making AI more trustworthy. Grant program As it winds down the development of DeepSpeech, Mozilla says its forthcoming grant program will prioritize projects that contribute to the core technology while also showcasing its potential to “empower and enrich” areas that may not otherwise have a viable route toward speech-based interaction. More details will be announced in May, when Mozilla publishes a playbook to guide people on how to use DeepSpeech’s codebase as a starting point for voice-powered applications. “We’re seeing mature open source speech engines emerge. However, there is still an important gap in the ecosystem: speech engines — open and closed — don’t work for vast swaths of the world’s languages, accents, and speech patterns,” Mark Surman, executive director of the Mozilla Foundation, told VentureBeat via email. “For billions of internet users, voice-enabled technologies simply aren’t usable. Mozilla has decided to focus its efforts this side of the equation, making voice technology inclusive and accessible. That means investing in voice data sets rather than our own speech engine. We’re doubling down on Common Voice, an open source dataset that focuses on languages and accents not currently represented in the voice tech ecosystem. Common Voice data can be used to feed [open speech] frameworks … and in turn to allow more people in more places to access voice technology. We’re [also] working closely with Nvidia to match up these two sides of the inclusive voice tech equation.” Source: Mozilla winds down DeepSpeech development, announces grant program
  7. Mozilla decides to hide Compact Mode in Firefox for new users but keep it for existing ones If you follow Firefox web browser news you may have read some time ago that Mozilla planned to remove the browser's compact mode from the customization options. Compact Mode is one of Firefox's three density modes for its main interface; it is the smallest layout option and leaves most room for webpages displayed in the browser. The other two modes, normal, which is the default, and touch, which is for touch-capable devices, display a bigger interface. Mozilla's original plan was to remove the Compact Mode option from the browser's customize menu. You may access the customize option by selecting Main Menu > Customize. The reason that Mozilla gave for the removal was that the option was "hard to discover" and that it believed that "it got low engagement". The reasoning did not sit well with Firefox users, many of which were using Compact Mode in the browser. A new bug on Mozilla's bug tracking site reveals Mozilla's plan for Compact Mode in Firefox. According to the listing, Compact Mode remains enabled for Firefox users who are using it. The mode remains available in the customize menu for those users. Firefox users who have not set it won't see it in the customize menu anymore, but they may reactivate it through a "hidden" about:config setting. The preference browser.compactmode.show determines whether the Compact option is shown under Density in the customize menu. Set the preference to TRUE to show the compact density option, or keep it at the default FALSE to hide it from the menu. It is unclear whether setting browser.uidensity to 1 will enable compact mode without showing it in the customize option, but it looks that way as the preference is the one that Firefox users to determine the set density. If you compare the new decision to the old plan, you will notice the following; Compact Mode is still moved to about:config as a hidden option. The main change is that the mode remains enabled for users who have it set. In the previous plan, these users would be moved to the default density automatically. Mozilla plans to make it clear that Compact Mode is unsupported by adding (not supported) to the string in the customize menu. Closing Words The decision feels shortsighted, especially since it angered Firefox users who are using Compact Mode and prefer it over the other modes, especially with Proton coming along soon and making everything bigger. Removing features, regardless of how few users are using them, is always going to infuriate some users. If you do it too often, you are frustrating more and more users of the browser. Mozilla could have reversed the decision, maintain the mode, and display a customize prompt to new users that would allow them to set compact mode among several other options on first run. Source: Mozilla decides to hide Compact Mode in Firefox for new users but keep it for existing ones
  8. Third mutation XSS bug patched in Mozilla Bleach library Bleach, a Python library that enables web developers to clean HTML input and prevent cross-site scripting (XSS) attacks, was itself found to have an XSS vulnerability, according to an advisory posted on GitHub by Mozilla, the library’s developer. Mozilla Bleach escapes and removes characters that can otherwise lead to the execution of arbitrary code when rendered on a browser. As of this writing, more than 100,000 GitHub repositories depend on Bleach. The vulnerability, discovered by researchers at Checkmarx, was found in the library’s clean() function, which sanitizes HTML code. “We have no evidence of the vulnerability being exploited in the wild,” a spokesperson for Mozilla told The Daily Swig. Mutation XSS Developers can control the kind of tags that will be allowed in the HTML code ahead of the cleaning process. A flaw in the way the function handled some configurations of allowed tags made it vulnerable to “mutation XSS”, a special kind of XSS flaw caused by how different browsers interpret HTML code. “Exploiting this vulnerability requires a non-default config, which is why we rated the severity as moderate,” the Mozilla spokesperson said. “Producing this vulnerability requires satisfying a set of pre-conditions... If those conditions are met, the vulnerability can be reproduced.” Mozilla has patched the vulnerability in the latest version of Bleach. In the advisory, the organization recommends setting up a strong Content Security Policy to mitigate further risks. A growing threat It is worth noting that this is the third mutation XSS bug found in Bleach in the past year. “Mutation XSS bugs have grown in popularity due to the recent release of detailed research blog posts and useful tools on the subject,” the Mozilla spokesperson said. “We consider a growing focus on specific vulnerabilities to be normal, once such related research is publicized.” In written comments to The Daily Swig, Erez Yalon, head of security research at Checkmarx, warned that mutation XSS is relevant for every web application, not just those that are Python-based. “[Mutation XSS] is slightly more complex to find and exploit than other XSS attacks because it combines a weakness in the code with a browsers’ tendency to try and fix errors by content manipulations,” Yalon said. He added: “Having the code visible (as it is in open source) makes it a bit easier to execute, as the combination of the attacker’s payload through the code and the browser manipulation causes the harmful effect.” Mutation XSS is becoming more common among researchers and attackers, Yalon noted. “So, we believe it is our responsibility as security researchers to educate developers and try to find these issues in the wild before they are exploited,” he said. Source: Third mutation XSS bug patched in Mozilla Bleach library
  9. Mozilla ends Promoted Firefox Add-ons Program Mozilla Add-ons Product Manager Jorge Villalobos announced the end of Mozilla's Promoted Add-ons pilot for the Firefox web browser on January 21, 2021. The organization decided not to move forward and make the program a permanent feature of the browser's add-ons ecosystem. After reviewing the pilot results, we have decided not to move forward with this iteration of the program. Mozilla introduced the program in September 2020 as a pilot program called Promoted Add-ons. The main idea was to provide developers with an option to get their add-ons promoted by Mozilla, and for Mozilla to extend the number of add-ons that would get reviewed through payments made by accepted developers. Selected add-ons would get manual reviews and as a consequence, if successful, a verified badge on the add-ons profile page and Mozilla's Add-ons homepage. Up until that point, only extensions selected by Mozilla for its Recommended Extensions program would be code-reviewed by the organization and would receive these batches to increase user trust in them. The Recommended Extensions program created a two-tier add-ons system, with verified extensions on one side and all other extensions on the other. Verified extensions would get promoted, some included in Firefox for Android, and all other extensions display a scary message when opened with Firefox stating that the extension is not monitored by Mozilla and that users should only install trusted extensions. Participation was free of charge during the pilot, but the idea was to evolve the pilot into a paid service that developers could utilize to get extra exposure for their add-ons; this won't happen as Mozilla decided to end the program entirely. Mozilla provides no explanation why it decided to end the program. The program has been criticized since its introduction. Some feared that it would allow companies with deep pockets to buy promotions and cause some developers to stop developing add-ons for the browser. Source: Mozilla ends Promoted Firefox Add-ons Program
  10. Mozilla's revenue jumped to 828 million U.S. Dollar in 2019 Mozilla Foundation and Subsidiaries published the annual Independent Auditor's Report and Consolidated Financial Statements today. The report reveals that Mozilla earned a total of 828 million U.S. Dollar in 2019, nearly double the revenue of 2018. Mozilla's revenue dropped in 2018 to 450 million U.S. Dollar from 562 million in 2017. The organization changed the search deal model that it used throughout the years to a flexible "per-region" one. It dropped Yahoo as the search provider and signed deals with Google, Baidu and Yandex in the same year. The deals make up a large part of Mozilla's annual income: it was 539 million in 2017 and 429 million U.S. Dollar in 2018. Royalties from search deals increased to 451 million in 2019 according to the financial report. The huge increase in revenue comes from a position that is listed as "other revenue" in the financial statement. The sum of 338 million U.S. Dollar is not further explained in the document but the most likely explanation for it is the organization's legal dispute with Yahoo over the premature ending of the search deal. Yahoo took Mozilla to court, and Mozilla decided to countersue for 375 million U.S. Dollar, a sum that is very close to the 338 listed under "other revenue". Mozilla's dependence on search deals, in particular the deal with Google, is still very high. Google was the source of 73% of the search engine deal revenue in 2019, a drop by 2% when compared to 2018. Search engine deals make up 88% of Mozilla's revenue, a drop of 3% when compared to 2018. Pocket premium subscriptions and advertising revenue jumped to 14 million U.S. Dollar from 5.3 million a year before. The VPN service that Mozilla launched in 2018 should not have played a major role revenue-wise in 2018; it remains to be seen how much of a contribution it will make in 2019 as it was launched in the year in several countries. Expenses rose from 451 million U.S. Dollar to 495 million with software development and "general and administrative" seeing increases by 26 million and 38 million U.S. Dollar respectively. Outlook Mozilla renewed its search deal with Google in 2020 for three years. The organization will receive an estimate of $400 to $450 million per year from the deal alone. The contract has not been published and the modalities have not been revealed by Mozilla or Google. The organization let go a total of 320 employees in 2020 (70 in January and 250 in August, and retired several products including Firefox Send and Notes because it expected the coming years to be tougher financial-wise. Revenue will likely remain on a similar level if you subtract the one-time payment of 2019. The premium VPN service will increase the organization's subscription and advertising revenue further, but the bulk will still come from search engine deals even though the percentage may drop by several percent again. The letting-go of 320 employees will have an impact on the organization's payment of wages, but it is possible that Mozilla is expecting other expenses to rise in 2020 and beyond. Mozilla's revenue jumped to 828 million U.S. Dollar in 2019
  11. Mozilla sees 'collateral damage' in DOJ antitrust fight with Google In a carefully worded statement after the Justice Department announced antitrust action against Google, the Firefox browser maker implied it might suffer financially in the fight. Magdalena Petrova/IDG Mozilla, maker of Firefox, this week issued a carefully-worded statement that implied it might be harmed by "collateral damage" if the U.S. Department of Justice (DOJ) wins its recently-revealed antitrust lawsuit against search giant Google. "The ultimate outcomes of an antitrust lawsuit should not cause collateral damage to the very organizations — like Mozilla — best positioned to drive competition and protect the interests of consumers on the web," Amy Keating, the Mozilla general counsel, wrote in an Oct. 20 post to a company blog. Although Keating did not come out and say as much, she was talking about the possibility, that if Google loses the case it might not be allowed to pay rival browser developers, including Mozilla, fees for setting Google's search engine as those browsers' default. "In this new lawsuit, the DOJ referenced Google's search agreement with Mozilla as one example of Google's monopolization of the search engine market in the United States," Keating said, then left it to readers to make the connection between that policy and her contention that Mozilla might suffer damage. "Unintended harm to smaller innovators from enforcement actions will be detrimental to the system as a whole, without any meaningful benefit to consumers — and is not how anyone will fix Big Tech." Mozilla's search deals are Firefox's oxygen On Tuesday, the DOJ filed a lawsuit accusing Google of using illegal practices to bolster its search and search advertising businesses. According to the lawsuit — which was joined by the Attorneys General of 11 U.S. states — among those practices was Google's revenue-sharing deals with a host of companies, including device makers like Apple and Google, mobile carriers such as Verizon and AT&T, and browser makers, like Mozilla and Opera Software. In those deals, Google pays out a portion of its search advertising revenue in exchange for those companies setting the Google search engine as the default on devices and in browsers. That's where Mozilla comes in. Mozilla lives on search engine revenue. It always has. In 2018, the last year for which Mozilla has made data public, 91% of Mozilla's total revenue came from search deals. The most important of those was with Google, which in 2017 again became the Firefox default in the U.S., Canada, Taiwan and Hong Kong. According to its 2018 financial report, Mozilla's revenue fell 20% from the year prior, the first decline in the 14 years Computerworld had tracked the organization's financials. Although Mozilla asserted that the drop-off would not affect its work, only weeks later it laid off 70 employees. And then in August, Mozilla shed another 250 workers, about 25% of its total. The disappearance of Google's money, whether mandated by a court or proposed as part of a Google-initiated settlement with the DOJ, would be a nightmare for Mozilla, if not a disaster. Mozilla had a deal with Yahoo between 2015 and 2017, but Mozilla nullified the remaining years on the contract after Yahoo was sold; that may have torched any remaining bridges to Yahoo. Microsoft's Bing may be willing to work with Mozilla to boost its search share, assuming Microsoft would be willing to pay to keep a close rival — Firefox's browser share is within a percentage point and a half of Edge's — alive. At the end of 2018, Mozilla had $482 million in cash, cash equivalents and investments, enough to run operations at that year's level for around 12 months. (If Mozilla keeps to prior practice it will release 2019's financials in early December.) But the company has little else to rely on: almost every attempt to diversify revenue, whether advertising, a mobile operating system or various services, has failed, been shuttered or has raised little revenue. Without a search deal, Mozilla would be in dire straits. While Google's reasons for doing its default-search deals may vary, regulators argued that it wasn't always to boost Google's own search share. Sometimes it was simply to lock a partner into a deal so that another search company couldn't use that, say, browser, to boost its position. "As a Google employee once noted, Google's browser agreements can be 'a good way to keep' (a browser) away from Bing,'" the complaint stated. That may explain Google's continued support for Mozilla, even in the face of Firefox's long slide in market share. In September, Firefox accounted for an estimated 7.2% of all browser activity. That was 1.5 points lower than a year earlier, 3 points below its share 18 months ago. Based on Firefox's 12-month average, the browser will slip below 6% in July 2021, with continued losses after that. Don't shoot the browser maker "For the past 20 years, Mozilla has been leading the fight for competition, innovation and consumer choice in the browser market and beyond," wrote Keating in Mozilla's statement. "We have a long track record of creating innovative products and services that respect the privacy and security of consumers, and have successfully pushed the market to follow suit." That was the set-up, all leading up to the "Yes, but..." Mozilla wanted to play, which was the "unintended harm to smaller innovators from enforcement actions..." bit. In other words, while it might make antitrust officials happy to stop Google from making default-search deals, the result would be akin to throwing the baby out with the bath water. Mozilla would be hurt, she implied. Firefox would suffer, she suggested. Or worse, vanish. It was a bold move, but very much in keeping with Mozilla's long-term walk of the razor's edge that is the tension between Firefox and its finances. Not only has Mozilla taken sustenance from its greatest browser competitor, but many of its priorities are in direct contrast to Google's, from which it draws that sustenance. Firefox, for instance, has been at the forefront of the effort to eliminate user tracking on the web, adding features that make it difficult or even impossible for advertisers to monitor consumers' browsing habits so that the ads people see are personalized. Yet Google is the world's leader in search advertising, the business that fuels everything. Mozilla doesn't want to be Google; it wants to be the anti-Google. But it takes Google's money. Mozilla wants to put distance between it, and its Firefox, and Google and its Chrome. But when it comes to money, Google's fight is now Mozilla's fight, too. It's unclear what the DOJ thinks of the argument that to save Mozilla, Google must be allowed to continue to make default-search pacts. Of course, the question may never come up. The Microsoft antitrust action two decades ago, for instance, went on for years before a settlement was reached. During the time U.S. v Google runs its course, lots could happen. Mozilla could be pressed so hard financially that it folds. Firefox's share could dwindle to the point of utter insignificance. Or Google could sacrifice some of its default-search agreements in the hope of placating DOJ. The deal with Mozilla might be a prime candidate, along with even smaller fry, like Opera and the boutique browsers that also default to Google. It's not surprising that Mozilla jumped at the chance to set the debate about its link to Google's revenue sharing. This looks to be the most dangerous moment for Mozilla since Chrome debuted 12 years ago. Mozilla sees 'collateral damage' in DOJ antitrust fight with Google
  12. The current Firefox for Android browser is feature-packed, with tons of security features and support for extensions, but it has never quite matched the performance that Chrome offers. Mozilla has spent the past few months working on a brand new browser for mobile, nicknamed 'Fenix,' and now it has entered public beta. The new Firefox for Android has already been publicly available for a few months, under the name 'Firefox Preview.' Mozilla says the browser is up to twice as fast as the current Firefox for Android, and it offers protection against tracking scripts by default. The interface has been completely revamped, with a bottom address bar and a 'Collections' feature for organizing sites. And yes, it has a dark mode. Under the hood, the new version uses GeckoView, a modified version of Firefox's desktop rendering engine designed to be easily embedded (similar to how Android apps can use embedded instances of Chrome). The company said, "Building Firefox for Android on GeckoView also results in greater flexibility in terms of the types of privacy and security features we can offer our mobile users. With GeckoView we have the ability to develop faster, more secure and more user friendly browsers that deliver unprecedented performance." Extension support is not yet present, but the developers told us that it is being worked on. Mozilla hopes to replace the current version of Firefox with the new browser sometime this fall. As we covered previously, the current Firefox for Android will enter maintenance mode next month and won't receive any new features. Development of Firefox Focus is also being put on hold. You can try out Firefox Preview from this link . Source
  13. Thunderbird continues to be one of the most advanced email clients available for download on desktop platforms, and despite Mozilla originally planning to give up on the app, the company now wants to improve it substantially with updates released during the course of 2019. In an announcement published a few days ago, Mozilla says one of the areas where the development team would focus is making the application substantially faster. “This is an area where I think we will see some of the best improvements in Thunderbird for 2019, as we look into methods for testing and measuring slowness – and then put our engineers on architecting solutions to these pain points. Beyond that, we will be looking into leveraging new, faster technologies in rewriting parts of Thunderbird as well as working toward a multi-process Thunderbird,” Mozilla Community Manager Ryan Sipes explained in a blog post. Support for Windows 10 notification system Additionally, Mozilla says it wants Thunderbird to be more beautiful but also to support modern operating systems, including Windows 10. As a result, the email app will integrate the built-in notification system, in an effort to make Thunderbird feel more native on the desktop. At the same time, Mozilla wants Thunderbird to get support for the modern Gmail experience that’s already available on the web. “One area of useability that we are planning on addresssing in 2019 is integration improvements in various areas. One of those in better GMail support, as one of the biggest Email providers it makes sense to focus some resources on this area. We are looking at addressing GMail label support and ensuring that other features specific to the GMail experience translate well into Thunderbird,” Sipes explained. At this point, there’s no ETA as to when major updates would begin shipping, but it’s pretty clear that 2019 is going to be a busy year for the development team. source
  14. Mozilla gives back to the Tor Project after it embedded multiple Tor Browser features into Firefox. Mozilla will be matching all donations made to the Tor Project until the end of the year, the Tor Project announced today. The announcement came as the Tor Project launched this week its scheduled end-of-year donations campaign through which the organization supplements its next year's budget. This is the second year in a row that Mozilla has agreed to match Tor Project donations. Last year, the Tor Project raised $200,000 from user donations, and with Mozilla's contribution, that number went to $400,000. With last year's funds, the Tor Project was able to fund a huge facelift of the Tor Browser for Desktop, but also release a dedicated Tor Browser for Android. With funds that it will gather this year, the Tor Project promised today to: Increase the capacity, modularization, and scalability of the Tor network, making improvements and integrations into other privacy and circumvention tools easier and more reliable; Better test for, measure, and design solutions around internet censorship, allowing people around the world living under repressive governments to access the open web safely and privately; and Strengthen our development of Tor Browser for Android, now in alpha, and make sure it's in tip top shape to reach the rising number of people around the world who only access the internet from a mobile device which may have low bandwidth and a costly connection. Mozilla and Tor Project are tied at the hip The Tor and Mozilla organizations are deeply interconnected. While most people already know that the Tor Browser is a privacy-hardened version of Mozilla's Firefox browser working on the Tor Project's Tor and Onion protocols, the connection goes both ways, and Firefox is also hugely dependent on the Tor Browser as well. Since 2016, Mozilla developers have been siphoning privacy-hardening features developed originally for the Tor Browser and integrating them into Firefox, as part of an internal project named Tor Uplift. For example, the Tracking Protection feature that Mozilla enabled for all users yesterday, with the release of Firefox 63, was actually initially based on a list of known user fingerprinting domains that the Tor Project was maintaining to block inside the Tor Browser. Mozilla integrated that list into Firefox 48, and later developed into the more complex Enhanced Tracking Protection feature that it launched yesterday. But that was only the beginning. Another Tor Browser feature landed in Firefox 52, with the addition of a second anti-fingerprinting technique that prevented websites from identifying users based on their OS fonts. This process later continued in Firefox 55 when Mozilla added a Tor Browser feature known as First-Party Isolation (FPI), which worked by separating cookies on a per-domain basis, preventing ad trackers from using cookies to track users across the Internet. Another Tor Browser feature was also added in Firefox 58. Just like in Firefox 52, Mozilla engineers integrated another Tor Browser anti-fingerprinting technique, but this time one that prevented websites from tracking users via the HTML5 canvas element. The connection between the two projects was more than visible again in Firefox 60, which included a feature developed at the request of the Tor Project, whose developers wanted a simple method to disable Firefox Sync in their browser, to prevent users from accidentally syncing Tor browsing data to Mozilla's servers. It's for these reasons that Mozilla has matched Tor Project donations in 2017 and 2018, and will most likely continue to do so in the foreseeable future. Upcoming Tor Uplift plans include Mozilla engineers adding support in Firefox for blocking sites from fingerprinting users via VP8 and VP9 codecs, via the AudioContext API, and support for preventing Firefox from loading user details (username, emails, real names) into the operating system RAM. Source
  15. WASHINGTON (Reuters) - Firefox browser maker Mozilla is blocking the United Arab Emirates’ government from serving as one of its internet security gatekeepers, citing Reuters reports on a UAE cyber espionage program. Mozilla said in a statement on Tuesday it was rejecting the UAE’s bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users. Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program. Reuters reported in January that Abu Dhabi-based DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters. The program’s operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied being connected to offensive hacking operations, saying the reports of its involvement were based on “false, defamatory, and unsubstantiated statements.” The UAE embassy in Washington and DarkMatter did not respond to a request for comment on Tuesday. ‘CREDIBLE EVIDENCE’ Selena Deckelmann, Mozilla’s senior director of engineering, said the reports from Reuters, as well as the New York Times and the Intercept, had made the browser company fear that DarkMatter would use the role of internet security gatekeeper to launch surveillance efforts. Mozilla concluded “that placing our trust in DarkMatter and disregarding credible evidence would put both the web and users at risk,” Deckelmann told Reuters. Websites seeking designation as safe by internet browsers have to be certified by an outside organization, which will confirm their identity and vouch for their security. The certifying organization also helps secure the connection between an approved website and its users, promising traffic will not be intercepted. But if a surveillance group gained that authority, it could certify fake websites impersonating banks or email services, allowing hackers to intercept user data, security experts say. Organizations that want to obtain certifying authority must apply to browser makers like Mozilla and Microsoft. Most of the certifying organizations are independent, private companies. Browsers like Firefox allow websites to obtain certification from any approved authority anywhere in the world. But many countries, including China, the United States and Germany also have government-approved organizations in the role. DarkMatter executives have argued that rejection of the UAE bid to become a certifying body would be a “dystopian” policy by Mozilla “against sovereign nations deemed not worthy of operating their own national certificates.” GROWING FEARS In 2017, DarkMatter applied on behalf of the UAE government for certificate authority. The company also applied to Mozilla to become a commercial certifier in its own right. Following Reuters reports earlier this year, Mozilla executives began to fear that DarkMatter could use the authority to spy on users, a Mozilla executive said in the company’s public online forum. Mozilla executives said rejecting an applicant on the basis of media reports was unprecedented. In past cases, Mozilla primarily relied on technical evidence to determine certification authority. In Mozilla’s public discussion boards, DarkMatter executives and some security experts warned that relying on news articles to decide who can become a certificate authority would permanently taint the process with bias. Mozilla’s stated concerns showed “a hidden organizational animus that is fatal to the idea of ‘due process’ and ‘fundamental fairness,’” Benjamin Gabriel, general counsel for DarkMatter, wrote in the online forum. In May, a DarkMatter executive said the company would move its certificate business to a new entity called DigitalTrust. That company would be controlled by a firm called DM Investments, which is owned by DarkMatter founder Faisal Al Bannai. “This ownership structure does not assure me that these companies have the ability to operate independently, regardless of their names and legal structure,” said Wayne Thayer, Mozilla’s certification authority program manager, in his announcement on Tuesday. Along with rejecting the UAE’s application, Mozilla said it would block several other separate bids by DarkMatter to become a commercial certificate provider. Mozilla also said it would mark as unsafe the more than 275 websites DarkMatter had already certified under an earlier provisional authority that the company gained in 2017. Mozilla noted that another UAE government entity called the Dubai Electronic Security Center still had a pending application to become a certificate authority, on which Mozilla had not yet made a decision. While each browser company makes its own decisions about who it allows to become a certifying authority, Mozilla is seen as a leader in this area. Security experts say competitors, such as Google’s Chrome browser and Apple’s Safari browser, tend to follow its lead. Thayer said in his announcement that even without a smoking gun that showed DarkMatter had misused certificates, the risks demonstrated by the reports were too great. “While there are solid arguments on both sides of this decision, it is reasonable to conclude that continuing to place trust in DarkMatter is a significant risk to our users,” he said. Source
  16. Mozilla takes swipe at Chrome with 'Track THIS' project Mozilla is pushing Firefox's latest (and long-delayed) anti-ad tracking efforts, saying it protects user privacy better than Google's Chrome. Magdalena Petrova/IDG Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes. Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else." Mozilla Track THIS offers four personas – including an end-times zealot – to demonstrate how ad trackers follow users' web wanderings, then customize the ads they see based on where they've been and what they've looked at. The project is part of Mozilla's effort to establish Firefox as the go-to browser on privacy. If it works, the browser will start showing online ads for products the trackers' algorithms believe will be attractive to that persona. "It's really just throwing off brands who want to advertise to a very specific type of person," Mozilla wrote in a June 25 post to one of its blogs. Depending on the agility of the trackers, the products chosen may revert to ones that hit closer to home, Mozilla warned. "Your ads will probably only be impacted for a few days, but ad trackers are pretty sophisticated. They could start reflecting your normal browsing habits sooner than that," the company said. Computerworld donned the mask of a pretend prepper to gauge Track THIS's effectiveness in Chrome on a Mac. (Computerworld also tried Safari, but its "Intelligent Tracking Protection" stymied the impact of the 100 tabs.) Among the 100 tabs were pages at amazon.com shilling 36,000-calorie buckets of bulk meals, water filters and purification pills, "bug-out" bags and the like; sites strutting television programs including "Ancient Aliens" (History Channel); places to purchase hazmat suits; and articles from survivalist websites such as primalsurvivor.net and theprepared.com. Mozilla After running Mozilla's 'Track THIS' project on Chrome – and opening 100 tabs designed to spoof a doomsday prepper – the browser started showing ads for disaster-related products. Subsequent ventures onto the Web with Chrome immediately revealed a change in ads. A visit to slate.com, for example, showed ads for camouflage jackets, while a trip to nbcsports.com boasted a banner ad that read, "You only get once [sic] chance to save your family" and led to wisefoodstorage.com where ad copy asserted "Don't face your next emergency on an empty stomach." The whole purpose of Track THIS was, as Mozilla acknowledged, to publicize Firefox's anti-tracking features. At the end of its blog post, after instructions on how to use Track THIS, Mozilla went into pitch mode. "When you're done with the experiment, get Firefox with Enhanced Tracking Protection [ETP] to block third-party tracking cookies by default." Mozilla has long trumpeted Firefox's down-with-trackers abilities. Originally called just "Tracking Protection" and restricted to Firefox's private browsing mode, the technology blocked a range of content - not just online advertisements but also in-page trackers that sites or ad networks used to follow people around the web. Later, in November 2017, with Firefox 57, aka "Quantum," Mozilla expanded Tracking Protection to cover non-private browsing. Problems persisted, however, with sites often breaking when trackers were struck out. By October 2018's Firefox 63, Mozilla claimed it had tamed site breakage, and added "Enhanced" to the name. Originally, ETP was off by default in Firefox 63, but Mozilla said it would switch it to on-by-default two versions later, in January. But ultimately, the company needed more testing time. Mozilla finally began to roll out on-by-default ETP with Firefox 67.0.1, a June 4 update. The stratagem seemed aimed squarely at Chrome, the world's most popular browser, which accounted for 68% of all browsing activity last month, accord to analytics vendor Net Applications. Of the top four browsers - Chrome, Firefox, Safari, and Microsoft's Edge/Internet Explorer duo - Chrome and Microsoft's lacked integrated anti-tracking tools. And while Firefox's user share has remained mire in the single digits, Mozilla's drumbeat on privacy has been heard by some. Last week, the Washington Post ran a piece titled "Goodbye, Chrome: Google's web browser has become spy software" and stuck it near the top of its website, where it remained for hours. "Seen from the inside, [Google's] Chrome browser looks a lot like surveillance software," argued the newspaper's technology columnist, Geoffrey Fowler. "Having the world's biggest advertising company make the most popular web browser was about as smart as letting kids run a candy shop. It made me decide to ditch Chrome for a new version of nonprofit Mozilla's Firefox, which has default privacy protections." Source: Mozilla takes swipe at Chrome with 'Track THIS' projec (Computerworld - Gregg Keizer)
  17. Facebook Container 2.0 for Firefox blocks Facebook's third-party site tracking Mozilla announced a big privacy push yesterday on the official site. The organization revealed that Firefox's Tracking Protection would be enabled by default for non-private browser windows for new and existing users to improve user privacy and minimize tracking. Mozilla published an updated version of its Facebook Container add-on for Firefox on June 4, 2019 as well which improves user privacy significantly. Facebook Container was released in March 2018 officially to separate activity on Facebook from other web activity. Mozilla launched a Container test pilot experiment in 2017 to find out if there was interest for a container-based solution to contain sites in containers. The organization launched the Multi-Account Container add-on which gives Firefox users the tools at hand to create containers of their own. Facebook Container is designed specifically for Facebook: official Facebook pages are loaded in a container to make it more difficult for Facebook to generate user profiles using third-party data. The main difference to Multi-Account Container is that Facebook Container prevents sites that are not on the allow list from being loaded in the container. It is more set-and-forget, and does not offer many customization options. A handful of cool add-ons are available by third-parties that extend Firefox's container functionality. The add-on Block sites outside container may be used to block sites from running outside designated containers and to allow sites to be run in multiple containers, Temporary Containers creates and deletes containers automatically while you use the browser. Facebook Container 2.0 for Firefox Facebook Container 2.0 improves the tracking protection of the extension further by targeting Facebook scripts on third-party sites. Today, we’re releasing the latest update for Facebook Container which prevents Facebook from tracking you on other sites that have embedded Facebook capabilities such as the Share and Like buttons on their site. The new version of Facebook Container blocks Facebook scripts on third-party sites by default. Note that the blocking affects only active scripts; the Facebook button here on this site is passive and does not submit any data to Facebook on page load. The new version of Facebook Container works for signed-in and anonymous users. Mozilla notes that the blocking makes it more difficult for Facebook to create so-called Shadow Profiles which contain data about users who are not on Facebook or data that cannot be linked to an existing Facebook user. Firefox adds a purple fence badge to Facebook elements that it blocked on third-party websites. The very same blocking icon is also displayed when you load Facebook pages directly; this time it is displayed in the Firefox address bar. Facebook, Instagram, and Messenger are loaded in the container by default. The coloured underline of the container tab in Firefox's tab bar remains as it has before to indicate that the tab was loaded in a container. Facebook Container does not impact functionality on first-party Facebook websites. All features should work on these sites just like before. The container may limit functionality on third-party sites, especially if these sites embed Facebook content or use Facebook's login system. Closing Words Facebook Container 2.0 improves the effectiveness of the Firefox add-on significantly by taking care of Facebook scripts on third-party websites. Source: Facebook Container 2.0 for Firefox blocks Facebook's third-party site tracking (gHacks - Martin Brinkmann)
  18. Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns Mozilla has published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form. At its developer conference earlier this month, Google engineers talked up the tech, which consists of several related projects – Signed Exchanges, the web packaging format and changes to the fetch specification – that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access. "With [web] packaging, the model for loading web pages changes from today's model, which we all understand, where the browser requests a page from an origin server, to a new model where developers create a signed package that contains the page," explained Ben Galbraith, senior product director at Google, during Google I/O. "And the browser can load it from anywhere, even potentially other peer devices. And this can enable privacy-safe preloaded models because the data to fetch the package doesn't go back to the origin server. And it gives the browser tremendous flexibility to preload pages more of the time." Mozilla developers have fretted about the potential security consequences for several years because it complicates the same-origin policy that limits how resources (e.g. scripts) loaded in one origin (domain) can interact with resources associated with a different origin. 'Constrained' "At its core, origin substitution enables a fundamental change to the way the web works," Mozilla says in its position paper. "Content is no longer constrained to follow connections to origins, where that content is produced and where it is obtained can become completely decoupled." The Firefox maker worries that allowing aggregators to host content for others opens new security risks, for example a scenario in which an attacker compromises a server key or obtains a certificate through fraud, for the purpose of creating unauthorized or malicious content for the targeted origin. Given that said content may be cached or stored multiple places, there would be a time lag of several days between certificate revocation and the invalidation of malicious distributed web packages. Mozilla nonetheless appears to be optimistic that more robust security measures can be put in place. The company also voices several other concerns about the risk of reduced personalization arising from the pressure to keep package sizes small, the security cost of added complexity, the performance cost imposed by signed exchanges and the storage overhead for publishers and aggregators. While further refinements may be able to overcome the cited technical concerns, Mozilla remains unconvinced web packaging is good for the web. "The question remains about whether this fundamental change to the way that content is delivered on the web represents a problematic shift in the power balance between actors," the browser maker muses. "We have to consider whether aggregators could use this technology to impose their will on publishers." This is Mozilla wondering whether web packaging will just make Facebook and Google more powerful as content distributors and kingmakers. Given the way other technologies and market choices have affected the balance of power online – Google's Accelerated Mobile Pages, Facebook Login, Google Search ranking changes, browser market share, and the like – Mozilla wants the implications of web packaging explored further before it signs on. "The increased exposure to security problems and the unknown effects of this on power dynamics is significant enough that we have to regard this as harmful until more information is available," the company concludes. The Register asked Mozilla to elaborate on its position but the company declined. Google did not respond to a request for comment. Source
  19. Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day. The Mozilla team has released earlier today version 67.0.3 of the Firefox browser to address a critical vulnerability that is currently being abused in the wild. "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla engineers wrote in a security advisory posted today. "This can allow for an exploitable crash," they added. "We are aware of targeted attacks in the wild abusing this flaw." Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team were credited with discovering the Firefox zero-day -- tracked as CVE-2019-11707. Outside of the short description posted on the Mozilla site, there are no other details about this security flaw or the ongoing attacks. Based on who reported the security flaw, we can safely assume the security flaw was being exploited in attacks aimed at cryptocurrency owners. Groß did not respond to a request for comment from ZDNet seeking additional details about the attacks. Firefox zero-days are quite rare. The last time the Mozilla team patched a Firefox zero-day was in December 2016, when they fixed a security flaw that was being abused at the time to expose and de-anonymize users of the privacy-first Tor Browser. Fellow browser maker Google patched a zero-day in its browser in March this year. The zero-day was being used together with a Windows 7 zero-day as part of a complex exploit chain. Source
  20. The Mozilla Foundation and Google released “high” rated security updates for Thunderbird and Chrome, respectively. The high-rated Thunderbird vulnerabilities patched in version 60.7.1 are CVE-2019-11703 and CVE-2017-11704 concern a heep buffer overflow in icalparser.c and another in Icalfvalue.c. The former flaw can cause a flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in parser_get_next_char, while the second has the same problem but in icalmemory_strdup_and_dequote. In each case processing certain email messages can in a potentially exploitable crash. The low-rated CVE-2019-11705 is for a type confusion in icalproperty.c due to Thunderbird’s implementation of iCal can cause a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. The Chrome stable channel has been updated to 75.0.3770.90 that covers CVE-2019-5842, a Use-after-free in Blink, for Windows, Mac, and Linux. As per Google’s normal policy it has not released any further details on the bug. Source
  21. Firefox browser maker Mozilla published an Anti-Tracking policy recently that defines which tracking techniques Firefox will block by default in the future. The organization launched Tracking Protection, a feature to block or restrict certain connections, in 2014, and revealed in 2015 that Tracking Protection would reduce page load times by 44% on average. Tracking Protection launched in Firefox Stable for non-private browsing windows along a new feature called tailing in November 2017 with the release of Firefox 57. Mozilla revealed plans in mid-2018 to push Tracking Protection in Firefox and the Anti-Tracking policy is an important milestone of the process. Mozilla's plan is to implement protection in the Firefox web browser against all practices outlined in the anti-tracking policy. Tracking Protection relies on Disconnect lists currently to identify trackers. Mozilla defines tracking in the following way in the document: Tracking is the collection of data regarding a particular user's activity across multiple websites or applications (i.e., first parties) that aren’t owned by the data collector, and the retention, use, or sharing of data derived from that activity with parties other than the first party on which it was collected. In short: if user activity data is collected and stored, used or shared by third-parties, it is tracking. Mozilla plans to block certain tracking practices. Outlined in the policy are the following types: Cookie-based cross-site tracking -- Cookies and other storage types may be used by third-parties to track users on the Internet. See Firefox new Cookie Jar policy. URL parameter-based cross-site tracking -- Another cross-site tracking practice that relies on URLs instead of cookies to pass on user identifiers. The organization highlights other tracking practices that Firefox's tracking protection won't block from the get-go but might in the future: Browser fingerprinting -- Sites may use data provided by the browser during connections or by using certain web techniques to create user fingerprints. Supercookies -- Also known as Evercookies. Refers to storage used for tracking that is not cleared automatically when a user clears the browsing history and data. See this list of caches that Firefox uses. Firefox won't block techniques described above if they "lower the risk of specific user harm". Mozilla highlights two scenarios where this is the case: When the techniques improve the security of client authentication. To prevent the creation of fraudulent accounts or completion of fraudulent purchases. Closing words Mozilla will implement protection against the outlined forms of tracking in future versions of Firefox. The organization's plan to tackle tracking and not advertisement in its entirety is different from the ad-blocking approach that Opera Software or Brave are pursuing. Ad-blocking takes care of tracking practices automatically by blocking certain content from executing on web pages. I like Mozilla's approach to tracking as a webmaster as it does not block advertising outright and speed up the death of sites like mine. As a user, I think it would only have any chance of being effective if advertising companies like Google would get their act together and a) start to limit tracking and b) deal with malvertising and advertisement that is very taxing to system resources. Source: Mozilla publishes Anti-Tracking Policy (gHacks - Martin Brinkmann)
  22. Facebook has been no stranger to controversy and scandal over the years, but things have been particularly bad over the last twelve months. The latest troubles find Mozilla complaining to the European Commission about the social network's lack of transparency, particularly when it comes to political advertising. Mozilla's Chief Operating Officer, Denelle Dixon, has penned a missive to Mariya Gabriel, the European Commissioner for Digital Economy and Society. She bemoans the fact that Facebook makes it impossible to conduct analysis of ads, and this in turn prevents Mozilla from offering full transparency to European citizens -- something it sees as important in light of the impending EU elections. Dixon calls on the Commission to raise its concerns with Facebook, and to put pressure on the social network to make it Ad Archive API publicly available. Mozilla believes that the inability to conduct analysis of ads "prevents any developer, researcher, or organization to develop tools, critical insights, and research designed to educate and empower users to understand and therefore resist targeted disinformation campaigns". The letter is written as both Mozilla and the European Commission try to battle fake news and misinformation online. Dixon writes: She goes on to complain: In calling for the API to be made public, Dixon says that "transparency cannot just be on the terms with which the world’s largest, most powerful tech companies are most comfortable". While Mozilla has been in talks with Facebook about the matter, Dixon makes it clear that it has been "unable to identify a path towards meaningful public disclosure of the data needed", hence calling on the Commission for help. Source
  23. Mozilla removed today 23 Firefox add-ons that snooped on users and sent data to remote servers, a Mozilla engineer has told Bleeping Computer today. The list of blocked add-ons includes "Web Security," a security-centric Firefox add-on with over 220,000 users, which was at the center of a controversy this week after it was caught sending users' browsing histories to a server located in Germany. Mozilla follows through on the promised investigation "The mentioned add-on has been taken down, together with others after I conducted a thorough audit of [the] add-ons," Rob Wu, a Mozilla Browser Engineer and Add-on review, told Bleeping Computer via email. "These add-ons are no longer available at AMO and [have been] disabled in the browsers of users who installed them," Wu said. "I did the investigation voluntarily last weekend after spotting Raymond Hill's (gorhill) comment on Reddit," Wu told us. "I audited the source code of the extension, using tools including my extension source viewer." "After getting a good view of the extension's functionality, I used webextaware to retrieve all publicly available Firefox add-ons from addons.mozilla.org (AMO) and looked for similar patterns. Through this method, I found twenty add-ons that I subjected to an additional review, which can be put in two evenly sized groups based on their characteristics. "The first group is similar to the Web Security add-on. At installation time, a request is sent to a remote server to fetch the URL of another server. Whenever a user navigates to a different location, the URL of the tab is sent to this remote server. This is not just a fire-and-forget request; responses in a specific format can activate remote code execution (RCE) functionality," Wu said. "Fortunately, the extension authors made an implementation mistake in 7 out of 10 extensions (including Web Security), which prevents RCE from working." "The second group does not collect tab URLs in the same way as the first group, but it is able to execute remote code (which has a worse effect), This second group seems like an evolved version of the first group, because the same logic was used for RCE, with more obfuscation than the other group. "All of these extensions used subtle code obfuscation, where actual legitimate extension functionality is mixed with seemingly innocent code, spread over multiple locations and files. The sheer number of misleading identifiers, obfuscated URLs / constants, and covert data flows left me with little doubt about the intentions of the author: It is apparent that they tried to hide malicious code in their add-on." Wu reported these issues to fellow Mozilla engineers, who not only removed the add-ons from the Mozilla website, but also disabled them inside users' browsers. "Although I could have taken down the extensions myself (as a add-on reviewer at AMO), I did not do so, because just taking down the listings would prevent new installations, but still leave a few hundred thousand users vulnerable to an extension from a shady developer," Wu told Bleeping Computer via email. List of banned add-ons A bug report includes the list of all add-ons removed today in Mozilla's purge. The bug report lists the add-ons by their IDs, and not by their names, although Wu provided Bleeping Computer with the names of some add-ons. Besides Web Security, other banned add-ons include Browser Security, Browser Privacy, and Browser Safety. All of these have been observed sending data to the same server as Web Security, located at The other banned add-ons include: YouTube Download & Adblocker Smarttube Popup-Blocker Facebook Bookmark Manager Facebook Video Downloader YouTube MP3 Converter & Download Simply Search Smarttube - Extreme Self Destroying Cookies Popup Blocker Pro YouTube - Adblock Auto Destroy Cookies Amazon Quick Search YouTube Adblocker Video Downloader Google NoTrack Quick AMZ All in all, over 500,000 users had one of these add-ons installed inside Firefox. Offending add-ons have been disabled in users' browsers After a quick test, true to its word, Mozilla has indeed disabled the Web Security add-on in a Firefox instance Bleeping Computer used yesterday for tests. Users of any of the banned add-ons will see a warning like this: The warning message displayed at the top redirects users to this page, where it provides the following explanation for the ban: Sending user data to remote servers unnecessarily, and potential for remote code execution. Suspicious account activity for multiple accounts on AMO. In the bug report, another Mozilla engineer gave additional explanations, consistent with Wu's investigation: A number of reports have come up that the Web Security add-on (https://addons.mozilla.org/addon/web-security/) is sending visited URLs to a remote server. While this may seem reasonable for an add-on that checks visited webpages for their security, other issues have been brought up: 1) The add-on sends more data than what seems necessary to operate. 2) Some of the data is sent unsafely. 3) The add-on doesn't clearly disclose this practice, beyond a mention in a large Privacy Policy. 4) The code has the potential of executing remote code, which is partially obfuscated in its implementation. 5) Multiple add-ons with very different features, and different authors, have the same code. Further inspection reveals they may all be the same person/group. Article updated with the names of other banned add-ons and additional investigation details provided by Wu. Source Source - 2
  24. In Changing Our Approach To Anti-Tracking, Mozilla revealed plans to improve the privacy protection of Firefox users and the performance of the browser through the improved implementation of content blocking in the web browser. Firefox will protect users by blocking tracking by default and improve performance at the same time according to Mozilla. We reviewed the new content blocking options that Mozilla tests in Firefox Nightly currently already in July. The new feature, called Content Blocking in Nightly, integrates Firefox's long standing feature Tracking Protection and other content blocking options, and makes these more accessible in the browser. Mozilla launched Tracking Protection in 2014 in Firefox Nightly but enabled it for Private Browsing only in Firefox 42. Two years later, Firefox users could enable Tracking Protection for regular browsing sessions as well. Competing browsers introduced ad-blocking and content blocking functions of their own. Brave browser with its block-all approach, Opera browser with its integrated ad-blocking feature, and even Google launched a content blocker in Chrome to block advertisement on sites that use certain ad formats the company deems undesirable. Mozilla's privacy push in Firefox Mozilla plans to test and implement several privacy-improving features in the Firefox browser in the coming months. A new blog post on the official Mozilla blog highlights three key areas of importance. Page Load Performance improvements thanks to the blocking of slow-loading trackers. Blocking storage access and cookies from third-party tracking content. Blocking harmful practices such as crypto-currency mining or fingerprinting. Starting in Firefox 63 and dependent on a Shield study that Mozilla plans to run in September, Firefox will block slow-loading trackers automatically for all users in all browsing modes. Any tracker with a loading time of 5 seconds or longer is classified as a slow loading tracker by Firefox. Mozilla has high hopes that the blocking of slow loading trackers will improve the performance for Firefox users. In Firefox 65, Mozilla plans to strip cookies from third-party tracking content and block storage access provided that a Shield study in September will yield satisfactory results. Last but not least, Firefox will block harmful scripts and practices by default . Mozilla did not reveal a target version for the implementation only that it will land in a future version of the web browser. Firefox Nightly users can test the content blocking functionality right now already. Current versions of Nightly display content blocking options in the preferences and when users click on the information icon next to the site's address in the address bar. Current options allow users to block slow loading trackers, all detected trackers, and third-party cookie trackers or all third-party cookies. The content blocking functionality supports exceptions to allow certain sites to run identified trackers, e.g. to avoid site breakage. Is it enough? Firefox will block some forms of tracking in the near future and that is definitely a good thing. Some may question why Mozilla makes a distinction between slow-loading trackers and all trackers in Firefox, and why Firefox does not block all trackers automatically by default. One possible explanation for that is that blocking all trackers may prevent certain pages from loading correctly. Still, with Google not being able to implement full-scale ad-blocking in Chrome, it is an area that Firefox could really outshine Google Chrome if implemented correctly. The blocking of slow-loading trackers may be beneficial to privacy as well, but it is first and foremost an attempt to improve the performance of Firefox since any other tracker that is not slow-loading is still loaded by default. Now You: What would you like to see in Firefox in this regard? Source
  25. The future of Mozilla's Speech to Text project DeepSpeech is uncertain Following the layoffs at Mozilla and rumor that the organization would be able to extend its search deal with Google for another three years, it became clear quickly that things needed time to settle down. Employees who were fired would provide insight on how the letting go of employees would affect certain projects at Mozilla. A week later, Reuben Morais published an article on the official Discourse site of Mozilla about the future of DeepSpeech. DeepSpeech, or Mozilla Voice STT (Speech To Text) is an open source Speech-to-Text engine that is trained using machine learning techniques. It is designed as a counterweight to closed source services operated by Google, Amazon and other companies. DeepSpeech uses machine learning techniques that are based on Baidu's Deep Speech research paper and Google TensorFlow for its implementation. The service can be run on a wide range of devices in real time including Raspberry Pi 4, devices that run Windows, OS X or Linux, Android, and iOS. Morais admits in the first paragraph of the post that he does not know how the layoffs and the restructuring of the entire company affects the DeepSpeech project. Unfortunately, as of this moment we don’t have concrete answers to give. We’re working to find out if the project will have a new home in the restructured Mozilla, and what changes would be necessary for a successful transition. Morais notes that the team will release DeepSpeech 1.0 soon as "most of the technical changes" landed already and that the team sees "no reason not to ship it". The team will continue its work on DeepSpeech until an official decision has been made and the team is informed about it. Closing Words Not all is lost if Mozilla would decide to end support for DeepSpeech. The project is open source and it is possible that another organization or individual developers will fork it to continue development. DeepSpeech is not the only VTT project that is open source either, e.g. Kaldi, Espresso, or Nvidia OpenSeq2Seq, are also open source. Common Voice, designed to "help teach machines how real people speak", has also been moved into maintenance mode as the future of the project is unclear. The future of Mozilla's Speech to Text project DeepSpeech is uncertain
  • Create New...