Firefox Icon

Firefox

Firefox is an open-source web browser developed by Mozilla.
34 Stories
All Topics

Firefox hacks.mozilla.org

Fine-grained sandboxing in Firefox 95

In Firefox 95, we’re shipping a novel sandboxing technology called RLBox that makes it easy and efficient to isolate subcomponents to make the browser more secure. This technology opens up new opportunities beyond what’s been possible with traditional process-based sandboxing…

Turns out using WebAssembly to isolate potentially-buggy code is a pretty big win:

Going forward, we can treat these modules as untrusted code, and — assuming we did it right — even a zero-day vulnerability in any of them should pose no threat to Firefox.

Bozhidar Batsov batsov.com

Firefox is the only browser alternative

Bozhidar Batsov on the sad state of Chrome’s web rendering hegemony:

We’ve gotten to the point that Chrome-based browsers are so common that developers just stopped to bother supporting other browsers… Soon Google are going to be in complete control of web standards, unless something drastically changes. Do you want the future of browsing to lie solely in the hands of the biggest advertising business on Earth? I’m pretty sure that I don’t.

Marcel Klehr floccus.org

Sync bookmarks privately across browsers with a server of your choosing

Marcel Klehr:

Remember Xmarks? It was great. Floccus does the same thing and even allows you to sync with whatever server you want: any Google Drive, any Nextcloud, any WebDAV server. With more backends in the works.

Floccus has extensions for Chrome (and its derivatives), Firefox, and Edge browsers.

Mozilla Icon Mozilla

Firefox 85 cracks down on supercookies

supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.

To hell with these trackers and the tech they rode in on.

In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.

You gotta love it 🍻

JavaScript omar.website

TabFS mounts your browser tabs as a filesystem

A Chrome and Firefox extension that mounts your browser tabs as a filesystem on your computer.

This gives you a ton of power, because now you can apply all the existing tools on your computer that already know how to deal with files – terminal commands, scripting languages, point-and-click explorers, etc – and use them to control and communicate with your browser.

Now you don’t need to code up a browser extension from scratch every time you want to do anything. You can write a script that talks to your browser in, like, a melange of Python and bash, and you can save it as a single ordinary file that you can run whenever, and it’s no different from scripting any other part of your computer.

TabFS mounts your browser tabs as a filesystem

Firefox github.com

Firefox Reader View as a Linux CLI

Command line tool to extract the main content from a webpage, as done by the “Reader View” feature of most modern browsers. It’s intended to be used with terminal RSS readers, to make the articles more readable on web browsers such as lynx. The code is closely adapted from the Firefox version and the output is expected to be mostly equivalent.

I could see this fitting in nicely in a pipeline between curl and, well, lots of other commands.

Firefox github.com

Saying farewell to Firefox Send 😢

The fallout from Mozilla’s August shake-up is beginning to land and Firefox Send has been officially shuttered. The free file sharing service was already taken offline over the summer to fend off some spear phishing attacks, but any hopes of it coming back online are now dashed.

The project’s GitHub repo continues to trend in Changelog Nightly despite its now-archived status. Why all the posthumous starring? Maybe people are quietly paying their respects for the deceased… 🤔

Saying farewell to Firefox Send 😢

Mozilla Icon Mozilla

Innovating on web monetization: Coil and Firefox Reality

Coil is a web monetization effort where you subscribe for $5 a month and get access to various exclusive content things on participating websites. I think of it like Brave meets Patreon.

Firefox Reality is “mixed reality” (AR/VR) games and experiences from around the web.

The news here is that Mozilla is adopting Coil to experiment with monetization on Firefox Reality. Coil is for-profit, which adds a wrinkle to things. It uses Interledger to move money, which means creators can work in whichever currency they like. Lots of details and explanations in the linked post from Mozilla’s blog.

Firefox hacks.mozilla.org

Securing Firefox with WebAssembly

Firefox is mostly written in C and C++. These languages are notoriously difficult to use safely, since any mistake can lead to complete compromise of the program.

The team has thus far had 2 strategies for securing the codebase, breaking code into multiple sandboxed processes with reduced privileges and rewriting code in a safe language like Rust.

today, we’re adding a third approach to our arsenal. RLBox, a new sandboxing technology developed by researchers at the University of California, San Diego, the University of Texas, Austin, and Stanford University, allows us to quickly and efficiently convert existing Firefox components to run inside a WebAssembly sandbox.

This strikes me as a bonkers idea and kinda brilliant.

The core implementation idea behind wasm sandboxing is that you can compile C/C++ into wasm code, and then you can compile that wasm code into native code for the machine your program actually runs on.

Click through to read more about how they’re pulling this off.

Firefox krabby.netlify.com

Krabby – control your browser with your keyboard

The main differences with existing extensions are: multiple selections, keyboard layout agnostic, SOV (subject–object–verb) constructs and simple interaction with external programs. It is also quite usable with the mouse.

Demo videos are (temporarily?) unavailable, but there’s a fun tutorial that achieves a bunch of tasks on pokemon.com. Inspired by Kakoune.

Productivity github.com

Add full-text search to your browsing history & bookmarks

A fully private memory-boosting extension to eliminate time spent bookmarking, retracing steps to recall an old webpage, or copy-pasting notes into scattered documents. Its name and functionalities are heavily inspired by Vannevar Bush’s vision of a Memex.

“Memex” is thought by some to be a portmanteau of “memory” and “index”. Makes sense to me.

Add full-text search to your browsing history & bookmarks

Chrome webwewant.fyi

The web we want

A collective effort by browser makers (Microsoft, Mozilla, and Google) to understand where the dev community would like them to invest their energy.

We started this project to collect your feedback about the current state of the web and to give you a voice to help shape what the future of web.

They’re taking this effort on the road to various conferences, but there’s also a non-geographically-constrained way of sounding off as well: you can fill out the form on the website. 😄

Firefox zdnet.com

Firefox to add Tor Browser anti-fingerprinting technique called letterboxing

Called “letterboxing,” this new technique adds “gray spaces” to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.

This appears to be a major win for privacy advocates. It also seems like a chink in the armor of Chrome’s dominance, given that many people have lost trust in its privacy model.

0:00 / 0:00