DRM

FirefoxOS-Based Matchstick Project Ends; All Money To Be Refunded 26 26

Kohenkatz writes: Matchstick, a project built on FirefoxOS that aimed to compete with Google's Chromecast, which was initially funded on Kickstarter, is shutting down and will be refunding all pledges. In a post to Kickstarter backers today, they announced that this decision was due to the difficulty of implementing the DRM components that are necessary for access to a lot of paid content. Rather than drag out the project on an unknown schedule, they have decided to end the project.
Mozilla

Mozilla CEO: Windows 10 Strips User Choice For Browsers and Other Software 366 366

puddingebola writes: Mozilla CEO Chris Beard has sent an open letter to Microsoft CEO Satya Nadella complaining about the default settings in Windows 10. Users who upgrade to 10 will have their default browser automatically changed to the new Edge browser. Beard said, "We appreciate that it’s still technically possible to preserve people’s previous settings and defaults, but the design of the whole upgrade experience and the default settings APIs have been changed to make this less obvious and more difficult. It now takes more than twice the number of mouse clicks, scrolling through content and some technical sophistication for people to reassert the choices they had previously made in earlier versions of Windows. It’s confusing, hard to navigate and easy to get lost. ... We strongly urge you to reconsider your business tactic here and again respect people’s right to choice and control of their online experience by making it easier, more obvious and intuitive for people to maintain the choices they have already made through the upgrade experience.
Chrome

Chrome Extension Thwarts User Profiling Based On Typing Behavior 61 61

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.
Firefox

Firefox Will Soon Show You Which Tabs Are Making Noise, and Let You Mute Them 151 151

An anonymous reader writes: Mozilla is working on identifying Firefox tabs that are currently playing audio. The feature will show an icon if a tab is making sounds and let the user mute the playback. It's worth noting that while Chrome has had audio indicators for more than a year now, it still doesn't let you easily mute tabs. The option is available in Google's browser, but it's not enabled by default (you have to turn on the #enable-tab-audio-muting flag in chrome://flags/).
Microsoft

Microsoft Edge Performance Evaluated 132 132

An anonymous reader writes: Now that Windows 10 is close to launch, Anandtech has put Microsoft's new browser, Edge, through a series of tests to see how it stacks up against other browsers. Edge has shown significant improvements since January. It handily beats Chrome and Firefox in Google's Octane 2.0 benchmark, and it managed the best score on the Sunspider benchmark as well. But Chrome and Firefox both still beat Edge in other tests, by small margins in the Kraken 1.1 and HTML5Test benchmarks, and larger ones in WebXPRT and Oort Online. The article says, "It is great to see Microsoft focusing on browser performance again, and especially not sitting idle since January, since the competition in this space has not been idle either."
Security

New Default: Mozilla Temporarily Disables Flash In Firefox 199 199

Trailrunner7 writes with news that "Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox." Two flaws that came to light from the recent document dump from Hacking Team could be used by an attacker to gain remote code execution. From Threatpost's article: One of the flaws is in Action Script 3 while the other is in the BitMapData component of Flash. Exploits for these vulnerabilities were found in the data taken from HackingTeam in the attack disclosed last week. An exploit for one of the Flash vulnerabilities, the one in ActionScript 3, has been integrated into the Angler exploit kit already and there's a module for it in the Metasploit Framework, as well. Reader Mickeycaskill adds a link to TechWeek Europe's article, which says these are the 37th and 38th flaws found in Flash so far this month, and that the development "is a blow for Flash after Alex Stamos, Facebook's new chief security officer, urged Adobe to set an 'end of life' date for the much-maligned software."
Firefox

Mozilla's Plans For Firefox: More Partnerships, Better Add-ons, Faster Updates 208 208

An anonymous reader writes: Mozilla is reexamining and revamping the way it builds, communicates, and decides features for its browser. In short, big changes are coming to Firefox. Dave Camp, Firefox's director of engineering, sent out two lengthy emails, just three minutes apart: Three Pillars and Revisiting how we build Firefox. Both offer a lot more detail into what Mozilla is hoping to achieve.
Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 172 172

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.
Firefox

Mozilla Responds To Firefox User Backlash Over Pocket Integration 351 351

An anonymous reader writes: Last week, Mozilla updated Firefox to add Pocket integration — software that lets you save web articles to read later. Over the weekend, some Firefox users began to voice their displeasure over the move on public forums like Bugzilla, Google Groups, and Hacker News. The complaints center around Pocket being a proprietary third-party service, which already exists as an add-on, and is not a required component for a browser. Integrating Pocket directly into Firefox means it cannot be removed, only disabled. In response, Mozilla has released a statement saying users like the integration and the integration code is open source.
Mozilla

Mozilla Plans To Build Virtual Reality APIs Into Firefox By the End of 2015 91 91

An anonymous reader writes: Mozilla's VR research team is hard at work making virtual reality native to the web. The group wants more than a few experimental VR-only websites, they want responsive VR websites that can adapt seamlessly between VR and non-VR, from mobile to desktop, built with HTML and CSS . Experimental work is already underway, and now the team says that they 'aim to have support for the WebVR API shipping with our release channel builds of Firefox Desktop by end of this year.' Those with the Oculus Rift developer kit can already try out a few native WebVR experiences using Firefox Nightly.
Chrome

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support? 208 208

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Cellphones

Mozilla Drops $25 Smartphone Plans, Will Focus On Higher Quality Devices 90 90

An anonymous reader writes: When Mozilla developed Firefox OS, its goal was not to provide the best smartphone experience, but to provide a "good enough" smartphone experience for a very low price. Unfortunately, these cheap handsets failed to make a dent in the overall smartphone market, and the organization is now shifting its strategy to start producing a better experience for better devices. CEO Chris Beard said, "If you are going to try to play in that world, you need to offer something that is so valuable that people are willing to give up access to the broader ecosystem. In the mass market, that's basically impossible." Of course, when moving to the midrange smartphone market, or even the high end, there's still plenty of competition, so the new strategy may not work any better. However, they've hinted at plans to start supporting Android apps, which could help them play catch-up. Beard seems fixated on this new goal: "We won't allow ourselves to be distracted, and we won't expand to new segments until significant traction is demonstrated." He adds, "We will build products that feel like Mozilla."
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 207 207

An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 531 531

An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Firefox

Adblock Plus Launches Adblock Browser: a Fork of Firefox For Android 111 111

An anonymous reader writes: Adblock Plus has launched Adblock Browser for Android. Currently in beta, the company's first browser was created by taking the open source Firefox for Android and including Adblock Plus out-of-the-box. The Firefox Sync functionality is disabled, as is the ability to use other addons. "Adblock Plus for Android got kicked out of Google Play along with other ad blocking apps in March 2013, because Google’s developer distribution agreement states apps cannot interfere with the functionality of other apps. Williams thus believes Adblock Browser “should be fine” as it only blocks ads that are shown as you browse the Web."
Encryption

'Logjam' Vulnerability Threatens Encrypted Connections 71 71

An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).
Firefox

First Smart TVs Powered By Firefox OS On Sale In Europe, Worldwide Soon 119 119

An anonymous reader writes: The first smart TVs powered by Firefox OS have gone on sale in Europe. Panasonic's line of Viera smart TVs includes six that are powered by Firefox OS — CR850, CR730, CX800, CX750, CX700 and CX680 — including their first curved LED LCD TV. The full global launch of the TVs is expected “in the coming months.” From the Mozilla blog: "We’re happy to partner with Panasonic to bring the first Smart TVs powered by Firefox OS to the world,” said Andreas Gal, Mozilla CTO. “With Firefox and Firefox OS powered devices, users can enjoy a custom and connected Web experience and take their favorite content (apps, videos, photos, websites) across devices without being locked into one proprietary ecosystem or brand.”
DRM

Firefox 38 Arrives With DRM Required To Watch Netflix 371 371

An anonymous reader writes with this excerpt from VentureBeat: Mozilla today launched Firefox 38 for Windows, Mac, Linux, and Android. Notable additions to the browser include Digital Rights Management (DRM) tech for playing protected content in the HTML5 video tag on Windows, Ruby annotation support, and improved user interfaces on Android. Firefox 38 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Note that there is a separate download for Firefox 38 without the DRM support. Our anonymous reader adds links to the release notes for desktop and Android.
Security

Microsoft Is Confident In Security of Edge Browser 133 133

jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.
Google

Superfish Injects Ads In 1 In 25 Google Page Views 91 91

An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.