Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Mozilla IT Technology

Firefox 74 Arrives With Stricter Add-on Rules, TLS 1.0 and TLS 1.1 Disabled (venturebeat.com) 47

Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.
This discussion has been archived. No new comments can be posted.

Firefox 74 Arrives With Stricter Add-on Rules, TLS 1.0 and TLS 1.1 Disabled

Comments Filter:
  • So once again all my addons disappear, right?
    • by Halo1 ( 136547 ) on Tuesday March 10, 2020 @04:07PM (#59816110)

      The stricter add-on rules mean that external applications can no longer install add-ons (you have to do it yourself), and you can remove previously externally installed add-ons from within the browser. No add-ons will disappear, nor are there new restrictions regarding what add-ons can do or which ones you can install.

      • A program, like an installer, that runs on your normal PC OS can alter the user space however it freaking likes! Including patching out bits of the Firefox binary, replacing libraries, etc.

        Unless you got some RBAC system in place or run the installer through a debugger which allows you to decide what bits of itself it gets to execute.

        Seems you drank too much of the content Mafia Kool-Piss.

        • by Lennie ( 16154 )

          I think unless someone takes the effort to change the Firefox binaries or it's settings it just won't just load such an addon.

          That's all it's doing as far as I know.

        • Sorry if this rustles your jimmies, coke-headed Content Mafia THIEVES, but reality is reality, no matter how much you'd like to censor the fact that you are thieves, stealing from inventors and artists, to avoid working while snorting massive amounts of cocaine.

          Leeches is all you are and ever will amount to.

        • by Bengie ( 1121981 )
          Correct, you can't stop federally criminal malware from completely hosing your computer. News at 11. We're talking about addons that don't attract the FBIs attention, like some bundled crap.

          Now I'm just waiting for you to start talking about locking your doors won't prevent a Russian tank from running over your car.
    • by Teun ( 17872 )
      You mean you got weird addons?
      But you probably didn't read the article.
    • If your browser looks like this crap [engadget.com] because you mindlessly click "okay" on any installer for free software that installs two new adw^H^H^H "useful toolbars as a free bonus",
      then yes, you'll complain that all your "addons" disappear.

    • by lgw ( 121541 )

      So what's the best ad-blocker for FF these days? I'd been using uBlock Origin, but it recently started requesting creepy permissions (ip address and hostname - no, you don't need that). I guess everything gets corrupted eventually.

  • So, is there a sandboxed, maintained browser that just trusts and permits everything? I'm increasingly needing something like that for older device interfaces etc.

    Modern browsers are increasingly arrogant and willing to flat out refuse user whitelisting these days.

    • Modern browsers are increasingly arrogant and willing to flat out refuse user whitelisting these days.

      Because the vast number of users that use web browsers have no clue what white listing or for that matter what using your browser in a secure manner means. They just mindlessly click okay buttons and then wonder why their browser runs slow. You are a victim of the masses, ergo, you need a niche product. The problem happens to be that once you find that product, mindless drones will start heading for it as well and bring with it the same problem you are currently facing.. It is a game of cat and mouse.

      • People are efficient. They act like morons when they know some idiot's gonna pad the room, put safety labels onto everything, and save their dumb asses every time.

        You people breed those morons!
        And in some perfect-consumer for-profit parts, I think even deliberately.

        Tell them they are on their own, and what can happen, and they will suddenly show that they can think after all! Or natural selection will solve the problem on its own.
        (Or, nicer, those people get a legal guardian for their mental disability.)

        • You people breed those morons!

          And you're one of the morons. Sure, you can operate a web browser in a secure manner (I assume), but that doesn't make you a god amongst men. There's inevitably a bunch of stuff where you're just as useless as those morons you so seem to despise.

      • by xonen ( 774419 )

        They just mindlessly click okay buttons and then wonder[..]It is a game of cat and mouse.

        That's because a combination of big tech companies, Microsoft in particular, and governmental bodies, the EU in particular, have been training people for about 2 decades to click 'OK' on pretty much anything in order for their computer to keep working and continue doing whatever it was they were doing.

        Most confirmations are totally useless (like the EU cookie law) or abracadabra for the non-tech user, or even meaningless and/or abracadabra for anyone. How Microsoft implemented UAC doesn't help either, any t

    • Modern browsers are increasingly arrogant and willing to flat out refuse user whitelisting these days.

      I get your specific requirement, but after years of being proven that users are incredibly dumb and will act against their own self interest it's no longer "arrogance" to lock them out as much as it is necessit... oh brb just got an email with Britney_Spears_Nudes.jpg.scr in it. I'm sure it's not a virus this time. *click* *click*. Huh? Anyone know how to disable Windows Smartscreen in Windows 10? It's stopping me from doing some vital research.

      • Open the Group Policy editor.
        Find the policy "Send Private and Confidential Information to Microsoft"
        Select ENABLE. Choose "Don't Ask and Never Send" from the drop down.
        Save and close the policy editor.

      • Browser users aren't acting against their own will. Browsers are acting against users' will.

        Cookies? Popups? Pop-unders? Notifications? Toolbars? Kill flash and Java, but leave JS and push for webasm???

        Browsers hold us down while the internet fucks us.
    • I know what you mean. I need to maintain a laptop that dual boots to 98 and 2K just so I can access the interface on some old HP print servers still in use. No way browsers today will access those old Java apps, or even recognize them any longer.
  • We just got around to taking out SSLv3 across most organizations, most .NET Frameworks, Java and other large enterprise deployments are still chugging along with TLSv1 at least until Microsoft stops supporting Server 2016 and paid support for Windows 7 3 years from now.

  • You know ... the version with semantic meaning.

    • In the spirit of Eternal September (Today is Tue Sep 9688 1993), I'd say we're on around FF 5.180 (5.0 was the first Rapid Release version).

      This was determined by pulling /pub/firefox/releases/ and trimming away beta, rc, esr, funnelcake, random crap e.g. 'real' and 'real-real', versions prior to 5.0, and subtracting 1 (for 5.0 itself) from the final count, which gives us minor version 180.
  • The problem for me with Firefox is the Nightly Automatic Updates which YOU CAN'T TURN OFF
    breaking thigs so that third party add on that works so sweet blocking adds on a certain website
    suddenly every morning stops working and you get a message that Firefox disabled this add on.

    ahhhhhhhhhhhhhh !!!!!!!!!!!!!
    • The problem for me with Firefox is the Nightly Automatic Updates which YOU CAN'T TURN OFF

      Why don't you install Firefox ESR then?

      • by tg123 ( 1409503 )
        Well I am not an Enterprise and I am using it at home but thanks I will look into it.
    • Comment removed based on user account deletion
  • So rather than just staging an XPI, malicious actors now have to compromise mozilla policy on a target system, which depending on the OS involves just dropping a different file? I hope I'm missing the part where this is more secure and not just security theater at the expense of users who apparently will no longer be able to install add-ons through their distro package managers, and admins who will need to rework organizational deployments.
    • Just because you can target a different *existing* vector doesn't make removing a known vector "less secure". If they could do that second method before, they can still do it, but you've removed one of their options.

  • What happened to that offline automatic translation a-la-Chrome that they've been promising for some time now?
  • This instantly 'broke' the first site I accessed after the browser updated itself. Yes, I could enable them using a convenient button and access the site but this just shows that completely removing TLS 1.0 and TLS 1.1 is very much premature. Huge warnings are fine but removing them will force peolle to access those sites using unencrypted plaintext http and that surely is much worse?

    • by Lennie ( 16154 )

      Actually, the button will just re-enable TLS/1.0 and TLS/1.1 so it's not less safe than it is now.

      Also it's 800 000 websites on the whole web that have it.

      Chrome will do the same this month too.

      Better have Firefox do it first so people can get it fixed without more people having problems with it.

God made the integers; all else is the work of Man. -- Kronecker

Working...