Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Firefox Mozilla The Internet

Mozilla Tests If 'Firefox/100.0' User Agent Breaks Websites (bleepingcomputer.com) 44

Mozilla has launched an experiment where they change the Firefox browser user agent to a three-digit "Firefox/100.0" version to see if it will break websites. Bleeping Computer reports: A user agent is a string used by a web browser that includes information about the software, including its name, version, and technologies that it uses. When a new version of a browser is released, the developers also increment the version number in the user agent string. When visiting a website, the user agent strings are sent to a website so that the site knows the software capabilities of the visitor. This information allows the website to modify its response to account for different features of browsers.

As Firefox version numbers are currently two digits, Mozilla developers are investigating if anything breaks when they release Firefox Nightly version 100 in March 2022. "We would like to run an experiment to test whether a UA string with a three-digit Firefox version number will break many sites," Mozilla Staff Engineering Program Manager Chris Peterson said in a bug post first spotted by Techdows. "This new temporary general.useragent.experiment.firefoxVersion pref can override the UA string's Firefox version." When conducting the test, an enrolled Firefox user will have their user agent changed to the following string with the hopes that if anything breaks, they will report it to Mozilla: "Mozilla/5.0 (Windows NT 10.0; rv:100.0) Gecko/20100101 Firefox/100.0."

This discussion has been archived. No new comments can be posted.

Mozilla Tests If 'Firefox/100.0' User Agent Breaks Websites

Comments Filter:
  • Simple answer. Anyone who is anyone runs bot countermeasures, so if the site has money on the line, there's a good chance sending an anomalous User-Agent will get you flagged as a bot. The good bot management software will evaluate your humanity based on multiple criteria, so maybe you'll get through, but your probability of getting flagged goes way up when you tamper with your User-Agent. Some sites will reject you, others will make you do additional verification, like 2FA or lots of captcha-like stupid
    • You think bots can't send valid user-agent strings?

      User-agent is a thing of the past, it needs to be done away with.

  • What?
    No honey, I'm only doing this to test my browser.
    No honey, this is not penetration testing.

  • will version 666 break websites?

  • by kmoser ( 1469707 ) on Friday August 13, 2021 @10:03PM (#61690623)
    Any website that breaks because of this deserves to die. Sniffing UA strings is so last millennium.
    • by Luckyo ( 1726890 )

      One of the main reasons for it existing is the fact that there are still some non-chromium based web browsers that don't support everything that chromium-based browsers support.

      Browsers like firefox.

      So your site is probably going to break in a far less elegant manner if there is no "UA sniffing" done, unless site in question is so huge that the tiny percentage of total users still on firefox and its derivatives are actually a number large enough to warrant paying for costs of troubleshooting and fixing the

      • Of course, those sites could just follow standards, and not do stupid things. Then they could ignore the UA string. I don't buy the bot-defense, either, because a bot can send any UA string it feels like.
        • by Luckyo ( 1726890 )

          Of course you could spend a lot of money on a lottery. But you don't, because it's not cost effective.

          Same reason why those sites aren't "just going to follow standards". It's not cost effective.

    • by xalqor ( 6762950 )

      A lot of things can be handled with capability checking, but some things like opening external apps still require UA checking because the browsers haven't provided a way to detect the mechanism. Will the app open if you give the custom URL scheme like appname:// or will it open if you give the associated website URL? Is deep linking supported? Does the user have to long press the link? If yes and the user does a short press, what should the website do? And what is the right app store for this platform where

    • Yeah. Mozilla has far too many users now. Better to shed another million or so when this change breaks the internet in ways that non-techies don't understand beyond "Firefox is a broken browser"! /sarcasm

    • Firefox has like no market share. Anything that messes with that is a problem for Firefox.

      Of course, if they would stop dicking up the UI, stop dicking up the plugins interface, and fix major bugs like Firefox just fucking exploding without warning, error, etc. then I would be a lot happier.

  • I honestly think, if you're not using strict semantic version numbers, you're not a software engineer, but a hack.
    It's "$softwareName $completeRewrites $compatibilityBreaks . $featureAdditions . $bugFixes . $builds". (I had to add spaces for /.'s stupid filter.)
    E.g. Indiana Jones 4*, version 1.2.42.394.
    The build number can be left away for external releases. The complete rewrites can also just mean a completely new name. Think of it like the number in movie titles.

    Chrome and Firefox just mashed it all t

  • Let's see how many 3rd party metrics sites we can take out because they don't sanitize the values they shove in their databases.
  • Can you even regex? Left/right trim vs regex. Fight!!!
  • A smart move (Score:5, Insightful)

    by Reemi ( 142518 ) on Saturday August 14, 2021 @05:24AM (#61691205)

    When a website doesn't work, most people try another browser. If that one works, it is obvious for them that the browser is at fault and not the website. Here at Slashdot, we know better but the majority of users out there have no clue. So for Firefox to protect their market share, this is a necessary action.

    How much testing do they need to do? If you ask me, they already made a large step. Just by announcing, major infrastructure operators and application developers will double check if this is going to be a problem for their software. This will prevent large scale outages, compare it with Y2K where there was so many hype that (almost) everything that needed to be fixed was fixed.

    Can't imagine that this has cost Firefox much effort that otherwise could have been used to fix bugs. It is very well possible that this will free up capacity in the future.

    Btw, I am getting a bit tired of all those people that claim --every Firefox related story-- not to be using Firefox and keep complaining of changes made versions ago. Get over it, enjoy your current browser of choice and let us have ours. Respect there are others with a different opinion and let them be.

  • Usual Firefox hate (Score:2, Interesting)

    by Anonymous Coward

    Usual Firefox hate.

    There are a whole lot of /. posters who seem to have a vested interest in killing Firefox, so we end up with a Chrom* monoculture. I wonder what their motivation is? They've been working on this for years and seem *very* determined. /s

    • I've just assumed they were paid shills of Microsoft (or whoever is selling Internet Explorer these days). Motivation comes, in the theatre-director's words, from the pay cheque in the pocket.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...