Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Mozilla IT

Firefox 115 Released (mozilla.org) 61

williamyf writes: Today, Mozilla released Firefox 115. Changes most visible to users include:

* Hardware video decoding is now enabled for Intel GPUs on Linux..

* Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

* The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.

* The Firefox for Android address bar's new search button allows you to easily switch between search engines and search your bookmarks and browsing history.

* We've refreshed and streamlined the user interface for importing data in from other browsers.

* Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.

But the most important feature is that this release is the new ESR. Why this is important? y'all ask, well:

* Many a "downstream" project depends on Firefox ESR, for example the famous email client Thunderbird, or KaiOS (a mobile OS very popular in India, SE Asia, Africa and LatAm), so, for better or worse, whatever made it to (or is lacking from) this version of the browser, those projects have to use for the next year.

* Firefox ESR is the default browser of many distros, like Debian and Kali Linux, so, whatever made it to this version will be there for next year, ditto to whatever is lacking.

* If you are on old -- unsupported OSs, like Windows 7, 8-8.1 or MacOS 10.14 (Mojave, the last MacOS with support for 32 Bit Apps), 10.13 or 10.12 you will automatically be migrated to Firefox ESR, so this will be your browser until Sept. 2024.


This discussion has been archived. No new comments can be posted.

Firefox 115 Released

Comments Filter:
  • by dknj ( 441802 ) on Tuesday July 04, 2023 @01:33PM (#63656308) Journal

    Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

    This implies Firefox can read the Chrome payment methods. If firefox can do it, anyone can do it. Including malware. Maybe I'm old school, but don't save your credit card details in your browser.

    • Everything saved on your computer can be read by things you authorize to run on your computer. You can sandbox things as to require more explicit permission access but a program could also make those configuration if given the correct access and design.
      • One would expect sensitive auto-fill data to be protected behind a master password and encryption. The master password protection is available in Firefox for at least since 2006 (when I think I started using it). Either Chrome does not implement any security at all, or the import only work for people who do not activate it.

        • by AutoTrix ( 8918325 ) on Tuesday July 04, 2023 @03:13PM (#63656500)
          Chrome utilizes the operating systems native password vault which is authenticated by the users Operating System credentials. On linux, you can configure this to be validated with every access. On Windows you can't. On Mac I'm unsure. Secrets are ultimately only secret if the operating system and kernel protect them as to not be exposed in memory to other programs. Firefox also uses the native password vault in the OS but I do believe they offer some level of run time protection. I am not sure if they offer additional encryption or if this is merely a protection to prevent easy access.
          • Firefox also uses the native password vault in the OS but I do believe they offer some level of run time protection. I am not sure if they offer additional encryption or if this is merely a protection to prevent easy access

            Firefox uses encryption https://kb.mozillazine.org/Mas... [mozillazine.org] , the key is stored in a file called key3.db https://kb.mozillazine.org/Key... [mozillazine.org] and it uses AES256 https://www.trustworthy.com/bl... [trustworthy.com] (AES256 is considered secure as of 2023) You can try to brute-force attack the master password with FireMaster specialized tool, first released 2006 https://securityxploded.com/fi... [securityxploded.com]

            There used to be a very old bugzilla entry saying that passwords were encrypted using a trivially low encryption iteration steps making it u

        • by AmiMoJo ( 196126 ) on Wednesday July 05, 2023 @05:11AM (#63657932) Homepage Journal

          Chrome uses the OS to store sensitive data where possible, and for authentication. So for example your stored passwords are encrypted, and to view them in plaintext (e.g. to export them to Firefox) you must enter your Windows password. I don't know what it does on Linux but presumably it's similar.

          Malware would have to get the user to enter their password to access that data.

          On Android and ChromeOS malware can't even do that, it has no access at all to other apps' data, at least not without zero day exploits to gain system level privileges. As a result you can't export your passwords from Chrome on Android to Firefox on Android, you have to do it via the desktop version.

    • by gweihir ( 88907 )

      I am sort-of ok with it by now. But a) I get a code on my phone I have to transfer or no payment and b) I can dispute any claim and for the (very small) number of fraudulent charges I got the money back with no fuss. In fact I got the money back for a legitimate purchase once (which I did not remember), because the vendor could not produce any evidence of me buying it or even tell me what I supposedly had bought.

      I also do not install anything on my phone unless I really need it.

    • A decent password manager (such as Bitwarden) can save payment info securely and is browser independent to boot. It's really a much better option than relying on the coders who write your current browser - they're having to focus on 1000 different things, while the coders who work on password managers can keep their attention on securely storing your information and controlling access to it.

      • "while the coders who work on password managers can keep their attention on securely storing your information and controlling access to it."

        LOL

        They care about their next pay check, not what you said

    • This implies Firefox can read the Chrome payment methods. If firefox can do it, anyone can do it. Including malware. Maybe I'm old school, but don't save your credit card details in your browser.

      Relax. Chrome doesn't store enough information to make a payment without the user adding something. It can only pre-fill part of the credit card details. Your malware isn't going to empty your bank account.

      • Your malware isn't going to empty your bank account.

        It would be really poorly written if it did.
        How about other people's malware emptying my bank account? :-)

  • by xack ( 5304745 ) on Tuesday July 04, 2023 @01:49PM (#63656330)
    The "security issue" is not enough, a web browser should be responsible for its own sandbox. We are in a cost of living crisis not seen since the 70s. People don't want to waste money on new computers and in MacOS's case having to buy new 64 bit ARM software which might not be possible due to 32-bit abandonware. With Google flexing its muscles on drm and ad blocking detectors Mozilla must recommit to taking back the web for all computers regardless of age.
    • Largely the browser does take "responsibility for its own sandbox" but it is not responsible for booting the computer so fundamentally the kernel has to be secure for anything after that to be secure. If your using a kernel built in 2008, it is not secure as there has been hundreds or thousands of both software and hardware vulnerabilities discovered that have to be mitigated by the kernel. The Linux kernel still supports CPUs from the mid 90s so the issue is with commercial, proprietary platforms such as
      • by AmiMoJo ( 196126 )

        Linux has dropped some older CPUs too, due to lack of maintainers.

        And even if they are supported, they are not necessarily secure. They don't support a secure boot process, or features like no-execute bits for memory pages. Linux supports them, but many important security mitigations have to be turned off.

    • With Google flexing its muscles on drm and ad blocking detectors Mozilla must recommit to taking back the web for all computers regardless of age.

      Mozilla probably isn't the best to tackle this, maybe some fork (there might be one or two good ones left) but not Mozilla itself. It's been at war with the extensions for years and the latest escalation can be seen on Android. If you want to install any extension at all beyond the "recommended" two screens of extensions they have first you need to go through unbe

      • And again, you can't sideload it!

        From the article you linked,

        The developer says that they have updated the add-on to version 3.5.0. You may not see the update even if you already have the extension, because it has been delisted. You can, however, opt-to install the signed version by side-loading the XPI from the project's GitLab releases page. If you choose to go with that version, you should export your custom filters before switching.

        From https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean [gitlab.com],

        Installation

        You can install the add-on from GitLab releases
        Download the xpi-file (from latest release), go to downloads and install the add-on (or drag it from your file-manager anywhere on a page/tab in Firefox).
        Or go to Tools > Add-ons (about:addons) > Extensions > Settings/Cogwheel - Install Add-on from File
        You can add/pin the add-on icon to the toolbar with the toolbar extensions menu (jigsaw puzzle shaped icon).
        Custom xpi-file has host permissions for all sites.
        Minumum browser requirement: Firefox 86+.

        PS although add-on was removed from Mozilla's add-on store (AMO) the add-on is still signed and checked for security by Mozilla ('minor' delays can in reality be a few days or up to a week though):

        Please be aware of a recent change to AMO’s review process: All extension submissions with a significantly large number of users are now subject to human review by the add-ons review team before approval. This may, occasionally, result in minor delays publishing new versions of your extension on AMO. We’ve made this change to provide Firefox users with even greater security assurances for some of AMO’s most popular extensions.

        If you want to permanently install the latest master ZIP-file from GitLab (with post-release fixes) use a Firefox browser which allows using unsigned add-ons like Firefox Developer Portable (go to about:config and set xpinstall.signatures.required to false) or LibreWolf (for both no automatic updates of add-on).
        Or load a temporary add-on in regular Firefox (go to about:debugging#/runtime/this-firefox & load manifest.json from unpacked (master-zip) folder.

        • Your point, beside a wall of text? That's for non-mobile browsers.

          • Ah, I missed that you were focused on Android. Personally, I avoid browsing the web from a phone, and the main article was about firefox, which I associate with usage on a "big" computer (desktop/laptop). The point was that firefox still permits addon sideloading on a big computer.

          • Here's the instructions for Android from the developer's website (https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean [gitlab.com]):

            Android
            Add-on was removed by Mozilla from add-on store (AMO).
            Current installations (by custom collection in Firefox Beta/Nightly or Firefox-clone) will stay active, but with no more updates.
            There is still an elaborate workaround for regular Firefox (or Beta/Clone) though:

            • install an old version of Firefox (like v68.11.0 from archive.mozilla.org or apkmirror.com); first you have to remove your current Firefox app.
              Specifically for the add-on you can also use Firefox Beta or a Firefox clone like Fennec F-Droid where you can set a custom add-on collection (for amo-listed add-ons); again first install an old version of Firefox Beta v68.7 or Fennec F-droid v68.11.0
            • download add-on's xpi-file (custom version if you want to use custom sites) from releases and install/open in Firefox
            • now you can update Firefox to the latest version
            • add-on will stay active & automatically updates to the latest version
            • in add-ons it will be labeled as not yet available and also has no more option to enable the add-on in private browsing

            The experimental Mozac/GeckoView-based browser SmartCookieWeb-Preview can also install/sideload a xpi-file by url (Settings > Advanced settings > Sideload XPI).
            No option to enable the add-on in private browsing though.

            Or switch to Kiwi browser (Chromium) or use the adblocker filter/userscripts

            Chrome/Chromium
            Visit the Chrome repository of Bypass Paywall Clean.

    • The "security issue" is not enough, a web browser should be responsible for its own sandbox. We are in a cost of living crisis not seen since the 70s. People don't want to waste money on new computers and in MacOS's case having to buy new 64 bit ARM software which might not be possible due to 32-bit abandonware. With Google flexing its muscles on drm and ad blocking detectors Mozilla must recommit to taking back the web for all computers regardless of age.

      All machines with Win8.x can run Win10. Most machines with Win7 can run Win10. If your Win7 machine can not run Win10, you should think long and hard about replacing it (or swtching to Linux or *BSD) anyway. Win10 is a "free" (as in beer, some terms may apply) upgrade for all those machines.

      Most machines running MacOS 10.12, 10.13 and 10.14 can run 11 and 12 free of charge, and run legally run free VMs with 10.14 (to keep 32bit apps happy) too. Other machines (My Air late 2014 included) can run 11, 12 and/o

      • MacOS on VM sucks because apple doesn't make it easy (possible?) for GPU acceleration in the VM. It's painfully slow while windows VM runs fast...

    • I've not really understood this mentality. I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.

      People don't want to waste money on new computers and in MacOS's case

      Hold up. Let me just stop you there by saying that people with MacOS literally bought into an ecosystem of "wasting money" because that's what the entire Apple ecosystem is tailored to, people who like to waste money. So that's two mutually exclusive groups you are talking about there.

      Mozilla must recommit to taking back the web for all computers regardless of age

      By all means, fire up your favorite IDE and help out. No shortag

      • I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.

        In Windows, I can understand since the entire UI design is intrinsically tied to the OS vintage. So while you may be cool with a new kernel, that kernel comes with a redesigned start menu, or search experience. Notably when I had a system running win 11, a search by verbatim application name may still prioritize Internet results, or in some cases not even offer the application as an option at all.

        Contrast with, say, Linux, where a 2023 kernel can be run with fvwm if you so felt like it. There are of cours

      • I've not really understood this mentality. I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.

        I agree 99% with you.
        To give you examples of the other 1%:
        In the NT3.5 days, I had a conner parallel port travan tape drive. That thing only worked with NT3.5, we used it to do backups over the network on the nights. Come NT4, no driver. What to do? Scrap the tape backup? Or leave a lone underpowered NT3.5 machine just to do backups on the night? It would have been nice to update some apps on that machine (like the DB and reportying tools related to the backups), even though the OS was unsupported.

        In Apple

      • by AmiMoJo ( 196126 )

        Have you tried working on Firefox?

        The code is an absolute mess, with a steep learning curve. The development environment is outdated at best, and difficult to set up on many platforms. It's really quite difficult to improve Firefox, and very time consuming if you are not already deeply familiar with it.

    • Indeed. Let's be real, here... almost all security on modern computers is handled at the application level and the OS doesn't really do much (even if it can, it simply does not).

      If anyone really cared about security and privacy, we wouldn't be forcing people to be connected to the Internet 24/7 to get anything to work, and we sure as hell wouldn't force people to use full-blown web browsers as application launchers. [steampowered.com]

  • Prior this version, on Linux and wayland, on integrated Intel gpu, I had video acceleration...
    • The change here is it is enabled by default. VA-API has supported Quicksync for 2 years now, but it was disabled by default.

      • Ha indeed. I had to force it.
        • To be fair, that is the current state of any browser feature. They are almost universally available long before they are put in by default on the main channel. Your post could have been about any browser feature this past decade :-)

  • Huzzah!

  • Is there support for all add-ons in this latest version of Firefox?

    NoScript? https://noscript.net/ [noscript.net]

    Cookies Manager?
    https://addons.mozilla.org/en-... [mozilla.org]

    Ghostery?
    Ghostery – Privacy Ad Blocker https://addons.mozilla.org/en-... [mozilla.org]

    uBlock Origin? https://addons.mozilla.org/en-... [mozilla.org]

    Others?
    • Will all those options in the new Firefox work with the Windows 7 operating system? Will the new Firefox itself work with Windows 7?
      • Will all those options in the new Firefox work with the Windows 7 operating system? Will the new Firefox itself work with Windows 7?

        Yes, firefox 115 ESR will work full well with Win7 until Sept 2024

        • Quote: "Yes, Firefox 115 ESR will work full well with Win7 until Sept 2024."

          What will happen after Sept 2024?
          • Quote: "Yes, Firefox 115 ESR will work full well with Win7 until Sept 2024."

            What will happen after Sept 2024?

            Firefox 115 ESR will continue working, burt will not be updated with any security fixes beyond that date. Also neither FF rapid release, nor the next ESR will work on win 7 or 8.x

          • by narcc ( 412956 )

            Chrome is dropping support at the end of this year. They're not the heros in this story.

    • by williamyf ( 227051 ) on Tuesday July 04, 2023 @04:17PM (#63656670)

      Is there support for all add-ons in this latest version of Firefox?

      NoScript? https://noscript.net/ [noscript.net]

      Cookies Manager?

      https://addons.mozilla.org/en-... [mozilla.org]

      Ghostery?

      Ghostery – Privacy Ad Blocker
      https://addons.mozilla.org/en-... [mozilla.org]

      uBlock Origin?
      https://addons.mozilla.org/en-... [mozilla.org]

      Others?

      I am using uBlock like right now, I know that ghostery, noscript and ghostery are supported. All Manifest V2 type ad-ons are still supported. Every Addon that worked since Firefox 100 is still working. XUL et al are still dead (and will remain dead)

    • by narcc ( 412956 )

      Obviously. Stop spreading bullshit FUD. Chrome is the one trying to kill ad blockers with MV3. Mozilla, in contrast, continues to support MV2 and their own implementation of MV3 allows ad blockers to function like they did under MV2.

      While Chrome has delayed sun-setting MV2 again (it was supposed end in January, then in June) but make no mistake, they're itching to kill content blocking on the desktop like the have on mobile. Remember that uBlock Origin works just fine in Firefox Mobile, not in Chrome.

      • by AmiMoJo ( 196126 )

        On the contrary, Google has delayed the end of MV2 multiple times already because MV3 doesn't work well with popular ad blocking extensions. They are working with the author of uBlock Origin to fix the issues he finds.

        If Google wanted to kill them, they wouldn't delay what they consider to be an important security and performance enhancement. In fact, they would have removed them from the Chrome Web Store long ago.

        I have a feeling that MV3 is gearing up towards enabling extensions on Chrome for Android. Fir

  • Recent versions seem to have broken video downloading. I hope this release fixes that.
  • It pays not to use too many TLA's (three letter acronyms), especially when they're not universal. I assume it's a long term release of some sort (no idea why it isn't an LTS or Long Term Services version).

  • As usually I have to wonder what they are doing, changing over 600,000 lines of code in over 23,000 files with so little change to see for that: https://www.youtube.com/watch?... [youtube.com]
  • I'm just glad that Firefox finally allows H.264 decoding via OpenH264. For better or worse, H.264 is the de facto format for HD videos, and since there is a way to get H.264 decoding on PCs for no cost and the parents expire in about 4 years, the whole attempt to get everyone to switch to VP8 from H.264 is misguided. Even YouTube streams H.264 (up to 1080p resolution) to devices that don't support any of the VP formats.

    But kudos on them for not allowing HEVC decoding even if hardware acceleration is ther
  • by groobly ( 6155920 ) on Wednesday July 05, 2023 @12:15PM (#63659142)

    I stopped caring about new ways FF will impede my workflow when they broke everything I was using years ago. When I use FF it is only really old versions where I don't have to learn a new UI or find new workarounds every couple of months. Oh yeah, I'm really scared of lack of security. Hardly every use it, small window for damage.

You are always doing something marginal when the boss drops by your desk.

Working...