Firefox 42 beta arrives with tracking protection, tab audio indicators, and background link opening on Android

firefox-beta_logo

Following the release of Firefox 41 just yesterday, Mozilla today updated the beta version of its browser to version 42 for Windows, Mac, Linux, and Android. This is a massive release, as Mozilla wants its users to test a slew of features, including its new experimental private browsing mode with tracking protection.

The new private browsing mode goes further than just not saving your browsing history (read: porn sites) — the added tracking protection means Firefox also blocks online services that could track you while you’re surfing the web, and it works on all four platforms. The feature is almost like a built-in ad blocker, though it’s probably closer to browser add-ons like Ghostery and Privacy Badger because ads that don’t track you are allowed through.

Here is Mozilla’s thinking behind the feature:

Our hypothesis is that when you open a Private Browsing window in Firefox you’re sending a signal that you want more control over your privacy than current private browsing experiences actually provide. The experimental Private Browsing enhancements ready for testing today actively block website elements that could be used to record user behavior across sites. This includes elements like content, analytics, social and other services that might be collecting data without your knowledge.

The new private browsing mode also has a Control Center with all of Firefox’s site security and privacy controls. To try it out, click the hamburger menu button (three lines in the top right corner), click the New Private Window icon to launch a Private Browsing session, and you’ll see a screen that confirms Tracking Protection is on. Now all you have to do is browse the Web as usual.

3TP

That’s for desktop browsers. On Android, tap the Firefox Menu button (below the screen on some devices, or at the top-right corner of the browser on others) and then tap New Private Tab.

In short, Mozilla is attempting to take browser privacy to the next level. The company is seeing a lot of support from Firefox users, especially those who believed private browsing was already protecting them from third-party tracking on the Internet.


From VentureBeat
Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

There are also potential performance improvements. A recent paper found that with tracking protection enabled, the top 200 news sites saw a 44 percent median reduction in page load time and 39 percent reduction in data usage.

In August, Mozilla added the new experimental feature to Firefox Developer Edition for Windows, Mac, and Linux, as well as the Firefox Aurora channel on Android. Now it’s arrived in the beta channel, though Mozilla didn’t say when it expects it to arrive in the stable channel.

Desktop

The other big highlight in Firefox for Windows, Mac, and Linux is the addition of tab audio indicators. We broke the news in July that the feature was coming to Firefox, it came to Firefox Nightly later in the month, and now it’s finally available for beta users.

The feature shows a speaker icon if a tab is producing sound. A single click mutes (speaker icon gets crossed out) or unmutes the given tab. Here is a tab audio indicator and muting in action:

firefox_nightly_mute

The best part is that you can mute a tab without having to switch to it first. As shown in the screenshot above, I was able to click on the speaker icon to mute the YouTube tab without leaving the VentureBeat tab.

This functionality has been available as browser add-ons and extensions for a while, but users want it built into the browser. While Chrome has had audio indicators for more than a year now, it still doesn’t let you easily mute tabs. The option is available in Google’s browser, but it’s not enabled by default (you have to turn on the #enable-tab-audio-muting flag in chrome://flags/).

Here is the full Firefox 42 beta changelog:

  • New: Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
  • New: GTK3 integration (GNU/Linux only)
  • New: Indicator added to tabs that play audio with one-click muting (Adobe Flash supported since version 19)
  • New: Login Manager improvements: Improved heuristics to save usernames and passwords, edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu, migration imports your passwords to Firefox from Windows Chrome and IE; import anytime from the Login Manager
  • New: Control Center that contains site security and privacy controls
  • New: WebRTC improvements: IPV6 support, preferences for controlling ICE candidate generation and IP exposure, Hooks for extensions to allow/deny createOffer/Answer, improved ability for applications to monitor and control which devices are used in getUserMedia
  • Changed: Improved performance on interactive websites that trigger a lot of restyles
  • HTML5: Implemented ES6 Reflect
  • HTML5: Support ImageBitmap and createImageBitmap()
  • HTML5: Ship Push messaging with disabled web notifications from ServiceWorkers
  • Developer: Remote website debugging over Wi-Fi (no USB cable or ADB needed)
  • Developer: Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
  • Developer: Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
  • Developer: CSS filter presets in the Inspector
  • Developer: Ability to save filter presets inside CSS Filter Tooltip

As always, there are lots of changes developers should take a closer look at.

Android

While Firefox 42 beta is a bigger release on the desktop, the Android app is still getting some notable improvements. Aside from the new private browsing and tracking protection, the biggest one is probably being able to open links from Android apps in the background.

Here is the full Firefox 42 beta for Android changelog:

  • New: Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
  • New: Open external URLs from Android apps in the background
  • New: Family-friendly browsing support for Android restricted profiles
  • New: about:logins now lists all saved logins, and allows users to view/edit or delete logins
  • New: Support direct voice input from the URL bar
  • New: Open multiple links without switching apps
  • New: Use “scrollable tabs” for panels navigation
  • Changed: Improved performance on interactive websites that trigger a lot of restyles
  • HTML5: Implemented ES6 Reflect
  • HTML5: Support ImageBitmap and createImageBitmap()
  • Developer: Remote website debugging over Wi-Fi (no USB cable or ADB needed)

Mozilla is planning to release Firefox 42 at the start of November, though not all of these features will make the cut.

More information:

Powered by VBProfiles










Mozilla fixed a 14-year-old bug in Firefox, and now Adblock Plus uses a lot less memory

adblock_plus

Mozilla launched Firefox 41 yesterday. Today, Adblock Plus confirmed the update “massively improves” the memory usage of its Firefox add-on.

Adblock Plus is Firefox’s most popular add-on. According to Mozilla’s add-ons site, it has over 20 million users.

This particular memory issue was brought up in May 2014 by Mozilla and by Adblock Plus. But one of the bugs that contributed to the problem was actually first reported on Bugzilla in April 2001 (bug 77999).


From VentureBeat
Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

Mozilla developer Cameron McCormack recently fixed bug 77999, enabling sharing of CSS-related data. Data structures that share the results of cascading user agent style sheets are now a go, which allows the second issue (bug 988266) to be fixed as well.

In short, Adblock Plus was registering a single style sheet for its element hiding feature, but Firefox was creating a new copy of it for each page being loaded. This meant that the memory consumption could skyrocket (up to 2GB in one edge case) as more copies were created.

Mozilla developer Nicholas Nethercote shared some numbers in July when a Firefox Nightly build was released with the fixes:

For example, on the above-mentioned “extreme example” (a.k.a. the Vim Color Scheme Test) memory usage dropped by 3.62 MiB per document. There are 429 documents on that page, which is a total reduction of about 1,550 MiB, reducing memory usage for that page down to about 450 MiB, which is not that much more than when AdBlock Plus is absent. (All these measurements are on a 64-bit build.)

I also did measurements on various other sites and confirmed the consistent saving of ~3.6 MiB per document when AdBlock Plus is enabled. The number of documents varies widely from page to page, so the exact effect depends greatly on workload. For example, for one of my measurements I tried opening the front page and four articles from each of nytimes.com, cnn.com and bbc.co.uk, for a total of 15 tabs. With Cameron’s patches applied Firefox with AdBlock Plus used about 90 MiB less physical memory, which is a reduction of over 10%.

Even when AdBlock Plus is not enabled this change has a moderate benefit. For example, in the Vim Color Scheme Test the memory usage for each document dropped by 0.09 MiB, reducing memory usage by about 40 MiB.

Your mileage will of course vary depending on your computer and the sites you visit. These improvements have been trickling down since July’s Nightly build, first to Firefox Developer Edition, then to Firefox Beta, and now to the latest stable version. This is a huge win for both Mozilla and Adblock Plus, as Firefox now uses “about the same amount of memory” whether you’re running the most popular add-on or not.

Many Firefox users will gladly use more memory to block ads, but now they don’t have to use nearly anywhere as much.

More information:

Powered by VBProfiles










Microsoft is using Bing to discourage Windows 10 users from downloading Chrome and Firefox

A Microsoft logo is seen on an office building in New York City, July 28, 2015. The global launch of the Microsoft Windows 10 operating system will take place on July 29. REUTERS/Mike Segar - RTX1M661

Microsoft is using a new tactic to keep Windows 10 users from switching away from its Edge browser. The first time Edge users search for “chrome” or “firefox” using Bing — presumably with the intent of downloading those browsers from Google or Mozilla, respectively — they are shown a serious-looking message at the top of the search results.

“Microsoft recommends Microsoft Edge for Windows 10,” it says. A “Learn why” button next to that message brings you to a website showing off Edge’s features.

What I saw in Bing in the Edge browser the first time I searched for "chrome" on a new computer running Windows 10.

Above: What I saw in Bing in the Edge browser the first time I searched for “chrome” on a new computer running Windows 10.

Image Credit: Jordan Novet/VentureBeat
What I saw in Bing in the Edge browser the first time I searched for "firefox" on a new computer running Windows 10.

Above: What I saw in Bing in the Edge browser the first time I searched for “firefox” on a new computer running Windows 10.

Image Credit: Jordan Novet/VentureBeat

The message only showed up the first time I searched for “chrome” and “firefox” in Edge, as I was just starting to get comfortable on the new Acer Aspire One Cloudbook 11. Subsequent searches for those terms did not trigger the message. Neither did “opera,” which is another non-Microsoft browser. It’s not clear how widely deployed this message is; I’m in the U.S., but it’s possible that the message isn’t showing up in other countries.

Microsoft did not immediately respond to a request for comment. We’ll update this post when we hear back from the company.


From VentureBeat
Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing to your team at VB’s Agile Marketing Roadshow in SF.

Microsoft Edge, which Microsoft designed to compete with Chrome and Firefox and replace Internet Explorer in most scenarios, was a big release for Microsoft. Naturally the company wants to use the excitement around Windows 10 to build the Edge user base. Chrome has more than 1 billion users, while Edge became available to everyone less than two months ago, but is missing key features like extensions.

Mozilla, for its part, was not happy with the way Microsoft made it more difficult to restore previous settings and thus choose a browser like Mozilla’s Firefox as the default in Windows 10. Mozilla chief executive Chris Beard even wrote an open letter to Microsoft chief executive Satya Nadella about it, though Microsoft did not make any changes in response. “Consumers have the choice to set defaults, including for web browsing,” a Microsoft spokesperson told VentureBeat at the time.

In the 1990s, Microsoft faced antitrust charges for bundling Internet Explorer with Windows. Microsoft isn’t in the same situation now, as Edge is hardly the giant that Internet Explorer was. But Microsoft is already exploring new ways to convert not just IE users to Edge, but those who prefer Chrome and Firefox as well.

More information:

Powered by VBProfiles


VB's research team is studying web-personalization... Chime in here, and we’ll share the results.









Mozilla says hacker compromised Bugzilla and used stolen ‘security-sensitive’ info to attack Firefox users

firefox_logo_new

Mozilla today detailed a security attack on its bugtracker and testing tool Bugzilla. In short, a hacker compromised the service, stole security-sensitive information, and used it to to attack Firefox users.

Bugzilla is open-source software that has been adopted by a variety of organizations in addition to Mozilla: WebKit, the Linux kernel, FreeBSD, Gnome, KDE, Apache, Red Hat, Eclipse, and LibreOffice. While Bugzilla is mostly public, access to security-sensitive information is restricted so that only certain privileged users can access it.

Mozilla conducted an investigation of the unauthorized access, and believes the attacker used information from Bugzilla to exploit a Firefox vulnerability. The company plugged the security hole in Firefox on August 6, just a day after it was reported to the company.

The flaw was being exploited in the wild: Attackers were injecting a malicious script that searched for key files on a user’s machine and then uploaded them to a remote server, thought to be located in the Ukraine. Firefox users merely had to load a webpage with the exploit on it, and the attack left no trace, according to Mozilla.

While the Firefox issues have already been addressed, Mozilla has now detailed the Bugzilla side of the attack. The company shut down the account that the attacker broke “shortly after Mozilla discovered that it had been compromised.”

More to follow

More information:

Powered by VBProfiles










Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year

high security

Google, Microsoft, and Mozilla all made the same announcement today: They will drop support for the RC4 cipher in their respective browsers. Chrome, Edge, Internet Explorer, and Firefox will all stop using the outdated security technology next year.

RC4 is a stream cipher designed in 1987 that has been widely supported across browsers and online services for the purposes of encryption. Multiple vulnerabilities have been discovered in RC4 over the years, making it possible to crack within days or even hours.

In February, new attacks prompted the Internet Engineering Task Force (IETF) to prohibit the use of RC4 with TLS. Browser makers have made adjustments to ensure they only use RC4 when absolutely necessary, but now they want to take it a step further.

Google plans to disable support for RC4 in a future Chrome release. While the company didn’t provide a specific date, it expects the Chrome version that doesn’t include RC4 to reach the stable channel “around January or February 2016.” Google also shared that only 0.13 percent of HTTPS connections made by Chrome users who have opted into statistics collection currently use RC4.

Microsoft plans to disable RC4 by default for all Microsoft Edge and Internet Explorer users on Windows 7, Windows 8.1, and Windows 10 “starting in early 2016.” The RC4 cipher will thus not be used during TLS fallback negotiations. Microsoft also shared that the percentage of insecure web services that support only RC4 “is known to be small and shrinking.”

Mozilla plans turn off RC4 entirely in Firefox 44, which is currently scheduled for release on January 26, 2016. This is the only company of the trio to provide an exact date for entirely disabling RC4 by default. Mozilla also shared that about 0.08 percent of Firefox users in the release channel still use RC4.

All in all, HTTPS servers that only support RC4 will stop working across major browsers in early 2016. If you’re still supporting RC4, it’s time to move on.

More information:

Powered by VBProfiles