Firefox 115 Released (mozilla.org) 61
* Hardware video decoding is now enabled for Intel GPUs on Linux..
* Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.
* The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.
* The Firefox for Android address bar's new search button allows you to easily switch between search engines and search your bookmarks and browsing history.
* We've refreshed and streamlined the user interface for importing data in from other browsers.
* Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.
But the most important feature is that this release is the new ESR. Why this is important? y'all ask, well:
* Many a "downstream" project depends on Firefox ESR, for example the famous email client Thunderbird, or KaiOS (a mobile OS very popular in India, SE Asia, Africa and LatAm), so, for better or worse, whatever made it to (or is lacking from) this version of the browser, those projects have to use for the next year.
* Firefox ESR is the default browser of many distros, like Debian and Kali Linux, so, whatever made it to this version will be there for next year, ditto to whatever is lacking.
* If you are on old -- unsupported OSs, like Windows 7, 8-8.1 or MacOS 10.14 (Mojave, the last MacOS with support for 32 Bit Apps), 10.13 or 10.12 you will automatically be migrated to Firefox ESR, so this will be your browser until Sept. 2024.
don't save credit card information in browsers (Score:5, Insightful)
Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.
This implies Firefox can read the Chrome payment methods. If firefox can do it, anyone can do it. Including malware. Maybe I'm old school, but don't save your credit card details in your browser.
Re: don't save credit card information in browsers (Score:2)
Re: (Score:3)
One would expect sensitive auto-fill data to be protected behind a master password and encryption. The master password protection is available in Firefox for at least since 2006 (when I think I started using it). Either Chrome does not implement any security at all, or the import only work for people who do not activate it.
Re: don't save credit card information in browser (Score:4, Informative)
Re: (Score:3)
Firefox also uses the native password vault in the OS but I do believe they offer some level of run time protection. I am not sure if they offer additional encryption or if this is merely a protection to prevent easy access
Firefox uses encryption https://kb.mozillazine.org/Mas... [mozillazine.org] , the key is stored in a file called key3.db https://kb.mozillazine.org/Key... [mozillazine.org] and it uses AES256 https://www.trustworthy.com/bl... [trustworthy.com] (AES256 is considered secure as of 2023) You can try to brute-force attack the master password with FireMaster specialized tool, first released 2006 https://securityxploded.com/fi... [securityxploded.com]
There used to be a very old bugzilla entry saying that passwords were encrypted using a trivially low encryption iteration steps making it u
Re: don't save credit card information in browsers (Score:4, Informative)
Chrome uses the OS to store sensitive data where possible, and for authentication. So for example your stored passwords are encrypted, and to view them in plaintext (e.g. to export them to Firefox) you must enter your Windows password. I don't know what it does on Linux but presumably it's similar.
Malware would have to get the user to enter their password to access that data.
On Android and ChromeOS malware can't even do that, it has no access at all to other apps' data, at least not without zero day exploits to gain system level privileges. As a result you can't export your passwords from Chrome on Android to Firefox on Android, you have to do it via the desktop version.
Re: (Score:2)
I am sort-of ok with it by now. But a) I get a code on my phone I have to transfer or no payment and b) I can dispute any claim and for the (very small) number of fraudulent charges I got the money back with no fuss. In fact I got the money back for a legitimate purchase once (which I did not remember), because the vendor could not produce any evidence of me buying it or even tell me what I supposedly had bought.
I also do not install anything on my phone unless I really need it.
Re: (Score:2)
A decent password manager (such as Bitwarden) can save payment info securely and is browser independent to boot. It's really a much better option than relying on the coders who write your current browser - they're having to focus on 1000 different things, while the coders who work on password managers can keep their attention on securely storing your information and controlling access to it.
Re: (Score:2)
"while the coders who work on password managers can keep their attention on securely storing your information and controlling access to it."
LOL
They care about their next pay check, not what you said
Re: (Score:2)
This implies Firefox can read the Chrome payment methods. If firefox can do it, anyone can do it. Including malware. Maybe I'm old school, but don't save your credit card details in your browser.
Relax. Chrome doesn't store enough information to make a payment without the user adding something. It can only pre-fill part of the credit card details. Your malware isn't going to empty your bank account.
Re: (Score:2)
Your malware isn't going to empty your bank account.
It would be really poorly written if it did. :-)
How about other people's malware emptying my bank account?
Dropping old operating systems is bad (Score:5, Insightful)
Re: Dropping old operating systems is bad (Score:3)
Re: (Score:2)
Linux has dropped some older CPUs too, due to lack of maintainers.
And even if they are supported, they are not necessarily secure. They don't support a secure boot process, or features like no-execute bits for memory pages. Linux supports them, but many important security mitigations have to be turned off.
Re:Dropping old operating systems is bad (Score:5, Insightful)
If you consider security a waste of money then you've got misplaced priorities.
Most people consider food, lodging, clothing or medical expenses as higher priority than buying a new computer - especially when the one they have still works well enough for their needs. They'll chose to fix the car or get braces for the kid rather than dropping hundreds or thousands of dollars on a new machine because of some vague or highly technical "security threats".
If security can't be ensured unless you run the latest and greatest browser, the failure is with the industry.
Re: (Score:2)
Most people consider food, lodging, clothing or medical expenses as higher priority than buying a new computer
If they do their transactions in cash, I agree. If digital, sadly, no.
Re: (Score:3)
Most people consider food, lodging, clothing or medical expenses as higher priority than buying a new computer
I didn't claim basic life support isn't a higher priority. You made that up in your head.
Do *you* consider security a waste of money?
Re: (Score:2)
Mozilla probably isn't the best to tackle this, maybe some fork (there might be one or two good ones left) but not Mozilla itself. It's been at war with the extensions for years and the latest escalation can be seen on Android. If you want to install any extension at all beyond the "recommended" two screens of extensions they have first you need to go through unbe
Re: (Score:2)
And again, you can't sideload it!
From the article you linked,
The developer says that they have updated the add-on to version 3.5.0. You may not see the update even if you already have the extension, because it has been delisted. You can, however, opt-to install the signed version by side-loading the XPI from the project's GitLab releases page. If you choose to go with that version, you should export your custom filters before switching.
From https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean [gitlab.com],
Installation
You can install the add-on from GitLab releases
Download the xpi-file (from latest release), go to downloads and install the add-on (or drag it from your file-manager anywhere on a page/tab in Firefox).
Or go to Tools > Add-ons (about:addons) > Extensions > Settings/Cogwheel - Install Add-on from File
You can add/pin the add-on icon to the toolbar with the toolbar extensions menu (jigsaw puzzle shaped icon).
Custom xpi-file has host permissions for all sites.
Minumum browser requirement: Firefox 86+.
PS although add-on was removed from Mozilla's add-on store (AMO) the add-on is still signed and checked for security by Mozilla ('minor' delays can in reality be a few days or up to a week though):
Please be aware of a recent change to AMO’s review process: All extension submissions with a significantly large number of users are now subject to human review by the add-ons review team before approval. This may, occasionally, result in minor delays publishing new versions of your extension on AMO. We’ve made this change to provide Firefox users with even greater security assurances for some of AMO’s most popular extensions.
If you want to permanently install the latest master ZIP-file from GitLab (with post-release fixes) use a Firefox browser which allows using unsigned add-ons like Firefox Developer Portable (go to about:config and set xpinstall.signatures.required to false) or LibreWolf (for both no automatic updates of add-on).
Or load a temporary add-on in regular Firefox (go to about:debugging#/runtime/this-firefox & load manifest.json from unpacked (master-zip) folder.
Re: Dropping old operating systems is bad (Score:2)
Your point, beside a wall of text? That's for non-mobile browsers.
Re: (Score:2)
Ah, I missed that you were focused on Android. Personally, I avoid browsing the web from a phone, and the main article was about firefox, which I associate with usage on a "big" computer (desktop/laptop). The point was that firefox still permits addon sideloading on a big computer.
Re: (Score:2)
Here's the instructions for Android from the developer's website (https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean [gitlab.com]):
Android
Add-on was removed by Mozilla from add-on store (AMO).
Current installations (by custom collection in Firefox Beta/Nightly or Firefox-clone) will stay active, but with no more updates.
There is still an elaborate workaround for regular Firefox (or Beta/Clone) though:
Specifically for the add-on you can also use Firefox Beta or a Firefox clone like Fennec F-Droid where you can set a custom add-on collection (for amo-listed add-ons); again first install an old version of Firefox Beta v68.7 or Fennec F-droid v68.11.0
The experimental Mozac/GeckoView-based browser SmartCookieWeb-Preview can also install/sideload a xpi-file by url (Settings > Advanced settings > Sideload XPI).
No option to enable the add-on in private browsing though.
Or switch to Kiwi browser (Chromium) or use the adblocker filter/userscripts
Chrome/Chromium
Visit the Chrome repository of Bypass Paywall Clean.
Re: (Score:2)
The "security issue" is not enough, a web browser should be responsible for its own sandbox. We are in a cost of living crisis not seen since the 70s. People don't want to waste money on new computers and in MacOS's case having to buy new 64 bit ARM software which might not be possible due to 32-bit abandonware. With Google flexing its muscles on drm and ad blocking detectors Mozilla must recommit to taking back the web for all computers regardless of age.
All machines with Win8.x can run Win10. Most machines with Win7 can run Win10. If your Win7 machine can not run Win10, you should think long and hard about replacing it (or swtching to Linux or *BSD) anyway. Win10 is a "free" (as in beer, some terms may apply) upgrade for all those machines.
Most machines running MacOS 10.12, 10.13 and 10.14 can run 11 and 12 free of charge, and run legally run free VMs with 10.14 (to keep 32bit apps happy) too. Other machines (My Air late 2014 included) can run 11, 12 and/o
Re: (Score:2)
MacOS on VM sucks because apple doesn't make it easy (possible?) for GPU acceleration in the VM. It's painfully slow while windows VM runs fast...
Re: (Score:3)
I've not really understood this mentality. I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.
People don't want to waste money on new computers and in MacOS's case
Hold up. Let me just stop you there by saying that people with MacOS literally bought into an ecosystem of "wasting money" because that's what the entire Apple ecosystem is tailored to, people who like to waste money. So that's two mutually exclusive groups you are talking about there.
Mozilla must recommit to taking back the web for all computers regardless of age
By all means, fire up your favorite IDE and help out. No shortag
Re: Dropping old operating systems is bad (Score:2)
I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.
In Windows, I can understand since the entire UI design is intrinsically tied to the OS vintage. So while you may be cool with a new kernel, that kernel comes with a redesigned start menu, or search experience. Notably when I had a system running win 11, a search by verbatim application name may still prioritize Internet results, or in some cases not even offer the application as an option at all.
Contrast with, say, Linux, where a 2023 kernel can be run with fvwm if you so felt like it. There are of cours
Re: (Score:2)
I've not really understood this mentality. I don't want to upgrade the OS but I want to upgrade some software that will run in the OS I don't want to upgrade.
I agree 99% with you.
To give you examples of the other 1%:
In the NT3.5 days, I had a conner parallel port travan tape drive. That thing only worked with NT3.5, we used it to do backups over the network on the nights. Come NT4, no driver. What to do? Scrap the tape backup? Or leave a lone underpowered NT3.5 machine just to do backups on the night? It would have been nice to update some apps on that machine (like the DB and reportying tools related to the backups), even though the OS was unsupported.
In Apple
Re: (Score:2)
Have you tried working on Firefox?
The code is an absolute mess, with a steep learning curve. The development environment is outdated at best, and difficult to set up on many platforms. It's really quite difficult to improve Firefox, and very time consuming if you are not already deeply familiar with it.
Re: (Score:2)
Indeed. Let's be real, here... almost all security on modern computers is handled at the application level and the OS doesn't really do much (even if it can, it simply does not).
If anyone really cared about security and privacy, we wouldn't be forcing people to be connected to the Internet 24/7 to get anything to work, and we sure as hell wouldn't force people to use full-blown web browsers as application launchers. [steampowered.com]
Video acceleration (Score:2)
Re: (Score:3)
The change here is it is enabled by default. VA-API has supported Quicksync for 2 years now, but it was disabled by default.
Re: Video acceleration (Score:2)
Re: (Score:2)
To be fair, that is the current state of any browser feature. They are almost universally available long before they are put in by default on the main channel. Your post could have been about any browser feature this past decade :-)
Huzzah (Score:2)
Huzzah!
Support for all add-ons in the new Firefox? (Score:2)
NoScript? https://noscript.net/ [noscript.net]
Cookies Manager?
https://addons.mozilla.org/en-... [mozilla.org]
Ghostery?
Ghostery – Privacy Ad Blocker https://addons.mozilla.org/en-... [mozilla.org]
uBlock Origin? https://addons.mozilla.org/en-... [mozilla.org]
Others?
Okay with Windows 7 operating system? (Score:2)
Re: (Score:2)
Will all those options in the new Firefox work with the Windows 7 operating system? Will the new Firefox itself work with Windows 7?
Yes, firefox 115 ESR will work full well with Win7 until Sept 2024
What will happen after Sept 2024? (Score:2)
What will happen after Sept 2024?
Re: (Score:2)
Quote: "Yes, Firefox 115 ESR will work full well with Win7 until Sept 2024."
What will happen after Sept 2024?
Firefox 115 ESR will continue working, burt will not be updated with any security fixes beyond that date. Also neither FF rapid release, nor the next ESR will work on win 7 or 8.x
Re: (Score:2)
Chrome is dropping support at the end of this year. They're not the heros in this story.
Re:Support for all add-ons in the new Firefox? (Score:4, Informative)
Is there support for all add-ons in this latest version of Firefox?
NoScript? https://noscript.net/ [noscript.net]
Cookies Manager?
https://addons.mozilla.org/en-... [mozilla.org]
Ghostery?
Ghostery – Privacy Ad Blocker
https://addons.mozilla.org/en-... [mozilla.org]
uBlock Origin?
https://addons.mozilla.org/en-... [mozilla.org]
Others?
I am using uBlock like right now, I know that ghostery, noscript and ghostery are supported. All Manifest V2 type ad-ons are still supported. Every Addon that worked since Firefox 100 is still working. XUL et al are still dead (and will remain dead)
Re: (Score:3)
Obviously. Stop spreading bullshit FUD. Chrome is the one trying to kill ad blockers with MV3. Mozilla, in contrast, continues to support MV2 and their own implementation of MV3 allows ad blockers to function like they did under MV2.
While Chrome has delayed sun-setting MV2 again (it was supposed end in January, then in June) but make no mistake, they're itching to kill content blocking on the desktop like the have on mobile. Remember that uBlock Origin works just fine in Firefox Mobile, not in Chrome.
Re: (Score:2)
On the contrary, Google has delayed the end of MV2 multiple times already because MV3 doesn't work well with popular ad blocking extensions. They are working with the author of uBlock Origin to fix the issues he finds.
If Google wanted to kill them, they wouldn't delay what they consider to be an important security and performance enhancement. In fact, they would have removed them from the Chrome Web Store long ago.
I have a feeling that MV3 is gearing up towards enabling extensions on Chrome for Android. Fir
video downloading (Score:2)
Re: (Score:2)
Has firefox repaired the Overflow menu THEY BROKE yet?
Has firefox made the Plug-in toolbar item not suck ass; yet?
Has firefox allowed movement or removal of the plug-in toolbar item? (especially when there are no plug-ins; it shouldn't even be visible.)
Have they allowed plug-ins to disable the tabs yet?? I only use vertical tabs with a plug-in. I don't need native, just stop this asshat policy of not allowing users freedom.
And what is an ESR? (Score:2)
It pays not to use too many TLA's (three letter acronyms), especially when they're not universal. I assume it's a long term release of some sort (no idea why it isn't an LTS or Long Term Services version).
Re: (Score:2)
Extended Support Release.
Re: (Score:2)
Eric S Raymond.
Re: (Score:2)
Firefox is like democracy. It sucks, but then it was taken over by big tech.
There, fixed that for you.
Re: (Score:2)
Taken over by people who think they know what's good for me better than I do. Sort of more like totalitarianism.
Pretty little to see or 600,000 LoC changed (Score:2)
OpenH264 (Score:2)
But kudos on them for not allowing HEVC decoding even if hardware acceleration is ther
Re: (Score:2)
who cares? (Score:3)
I stopped caring about new ways FF will impede my workflow when they broke everything I was using years ago. When I use FF it is only really old versions where I don't have to learn a new UI or find new workarounds every couple of months. Oh yeah, I'm really scared of lack of security. Hardly every use it, small window for damage.