HOWTO Disable HTML5 Video Autoplay in Firefox

about:config
media.autoplay.enabled = false [default true]

Does not work until Firefox 41:

  • 1242713media.autoplay.enabled=false does not prevent videos on youtube to autostart; In Bugzilla of Mozilla; 2016-01-25→current.; still open.
    tl;dr → describes Firefox 42, on Linux.
  • 659285Extend media.autoplay.enabled to provide a way to disable untrusted play() invocations; In Bugzilla of Mozilla; 2011-04-24→2016-01-25; resolved as fixed.

Fetch API of HTML5

Notable

  • Fetch bodies are read “at most once.”
  • Fetch responses may use streams, some day.
    … to deliver data to the applicatino “as it arrives.”
  • <quote cite=”ref“>Along with the transition to streams, Fetch will eventually have the ability to abort running fetch()es and some way to report the progress of a fetch. These are provided by XHR, but are a little tricky to fit in the Promise-based nature of the Fetch API.</quote>

Promotions

Related

Example

Via: article

GET
fetch("/data.json").then(function(res) {
  // res instanceof Response == true.
  if (res.ok) {
    res.json().then(function(data) {
      console.log(data.entries);
    });
  } else {
    console.log("Looks like the response wasn't perfect, got status", res.status);
  }
}, function(e) {
  console.log("Fetch failed!", e);
});
POST
fetch("http://www.example.org/submit.php", {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  body: "firstName=Nikhil&favColor=blue&password=easytoguess"
}).then(function(res) {
  if (res.ok) {
    alert("Perfect! Your settings are saved.");
  } else if (res.status == 401) {
    alert("Oops! You are not authorized.");
  }
}, function(e) {
  alert("Error submitting form!");
});

Opportunistic Encryption in Firefox 37

(Mozilla); Opportunistic Encryption For Firefox; In His Blog entitled Bits Up!; 2015-03-27.

Mentioned

  • Firefox 37
  • Opportunistic Encryption (OE)
  • HTTP/2
  • (response header) Alt-Svc: h2=":443" or spdy/3.1
  • Requirements
    • HTTP/2
    • <quote>OE is not available with HTTP/1 servers because that protocol does not carry the scheme as part of each transaction which is a necessary ingredient for the Alt-Svc approach.</quote>
  • Recipe
    1. <quote>Install a TLS based h2 or SPDY server on a separate port. 443 is a good choice :) . You can use a self-signed certificate if you like because OE is not authenticated.
    2. Add a response header Alt-Svc: h2=":443" or Alt-Svc: spdy/3.1=":443" if you are using a SPDY-enabled server like nginx.</quote>
  • draft-ietf-httpbis-alt-svc-04HTTP Alternative Services; M. Nottingham (Akamai), P. McManus (Mozilla), J. Reschke (greenbytes); Internet Draft; IETF; 2014-10-27, expires: 2015-04-30.

Context

From: draft-ietf-httpbis-alt-svc-04

9.4. Tracking Clients Using Alternative Services

   The Alt-Used header field (Section 5) provides a server with one
   additional bit of information that can be used to correlate requests.

   Clients concerned by the additional fingerprinting can choose to
   ignore alternative service advertisements.

   In a browser, any alternative service information MUST be removed
   when origin-specific data is cleared (for instance, when cookies are
   cleared).

Firefox Tiles

Tiles

Dashboard

ScreenshotGeneral

Factoids

about:newtab
about:config

Sizes

  • 290×180
  • 142×70

browser.newtabpage.directory.source

browser.newtabpage.directory.source = https://tiles.services.mozilla.com/v2/links/fetch

This preference can be set to anything that returns JSON, setting this to an empty JSON object will disable Tiles from showing and fetching new Tiles. With the change below a new user would only see empty Tiles and Firefox could no longer fetch new Tiles.

browser.newtabpage.directory.source =   data:application/json,{}

browser.newtabpage.directory.ping

browser.newtabpage.directory.ping = https://tiles.services.mozilla.com/v2/links/

This is the tile reporting interface back to the Mozilla mother ship. Changing or disabling this pref maywill prevent Firefox from being able to report metrics on Tiles. Setting this to nothing will disable the ping.

Other Preferences

about:config for the newtab cluster

Preference Name Status Type Value
browser.newtab.preload default boolean true
browser.newtab.url default string about:newtab
browser.newtabpage.blocked user set string …JSON blob…
browser.newtabpage.columns default integer 3
browser.newtabpage.enabled default boolean true
browser.newtabpage.pinned user set string …JSON blob…
browser.newtabpage.rows default integer 3
browser.newtabpage.storageVersion default integer 1

Example

Query

$ curl --location --verbose https://tiles.services.mozilla.com/v2/links/fetch/en-US
* About to connect() to tiles.services.mozilla.com port 443 (#0)
*   Trying 54.69.234.30...
* Connected to tiles.services.mozilla.com (54.69.234.30) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* 	subject: CN=*.services.mozilla.com,O=Mozilla Foundation,L=Mountain View,ST=CA,C=US
* 	start date: Apr 08 00:00:00 2014 GMT
* 	expire date: Oct 26 12:00:00 2016 GMT
* 	common name: *.services.mozilla.com
* 	issuer: CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
> GET /v2/links/fetch/en-US HTTP/1.1
> User-Agent: curl/7.29.0
> Host: tiles.services.mozilla.com
> Accept: */*
> 
&lt HTTP/1.1 303 SEE OTHER
< Content-Type: text/html; charset=utf-8
< Date: Thu, 26 Mar 2015 14:02:03 GMT
< Location: https://dtex4kvbppovt.cloudfront.net/desktop/US/en-US.eb4cb64172c72f108cbb2301b958ecf3c9895373.json
< Content-Length: 405
< Connection: keep-alive
< 
* Ignoring the response-body
* Connection #0 to host tiles.services.mozilla.com left intact
* Issue another request to this URL: 'https://dtex4kvbppovt.cloudfront.net/desktop/US/en-US.eb4cb64172c72f108cbb2301b958ecf3c9895373.json'
* About to connect() to dtex4kvbppovt.cloudfront.net port 443 (#1)
*   Trying 54.230.119.24...
* Connected to dtex4kvbppovt.cloudfront.net (54.230.119.24) port 443 (#1)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA>
* Server certificate:
* 	subject: CN=*.cloudfront.net,O="Amazon.com, Inc.",L=Seattle,ST=Washington,C=US
* 	start date: Feb 19 00:00:00 2015 GMT
* 	expire date: Oct 19 23:59:59 2015 GMT
* 	common name: *.cloudfront.net
* 	issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> GET /desktop/US/en-US.eb4cb64172c72f108cbb2301b958ecf3c9895373.json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: dtex4kvbppovt.cloudfront.net
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 3909
< Connection: keep-alive
< Date: Tue, 24 Mar 2015 17:43:48 GMT
< Content-Disposition: inline
< Cache-Control: public, max-age=31536000
< Last-Modified: Tue, 24 Mar 2015 00:30:12 GMT
< ETag: "a90166163cf89dd1e2d6c2591b18a988"
< Accept-Ranges: bytes
< Server: AmazonS3
< Age: 159496
< X-Cache: Hit from cloudfront
< Via: 1.1 4a8038c47562ecd3b42c2e1694a9d708.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: ZjFMeI8aQEwExP2f9Xp4LFPW09Gqo87vJBW3BSue79xeYOHbTgi_nw==
< 
{"en-US": [{"bgColor": "", "directoryId": 498, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/d11ba0b3095bb19d8092cd29be9cbb9e197671ea.28088.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/1332a68badf11e3f7f69bf7364e79c0a7e2753bc.5316.png", "title": "Mozilla Community", "type": "affiliate", "url": "http://contribute.mozilla.org/"}, {"bgColor": "#ffffff", "directoryId": 499, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/1ddd27484ee94475bff83cf81d2bc50d7762508c.13811.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/942999d58ef3d83d0e8f88ad38f20dad1d498f39.3500.png", "title": "Firefox for Android", "type": "affiliate", "url": "https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dmozilla%26utm_medium%3Dbanner%26utm_campaign%3Ddesktop01"}, {"bgColor": "", "directoryId": 701, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/f60af738ea30deb592e856035b077e1047868fe5.9323.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/5262b95fe33a62e8de33bd66c7db3e39355cfbba.9425.png", "title": "TurboTax", "type": "sponsored", "url": "https://turbotax.intuit.com/lp/ty14/bn/tmp_1_hp.jsp?znM=mind3&cid=bn_moz_12_hp_1855513_116638939_56708720&cvosrc=display.1855513.116638939&m_field9=nt&m_field10=56708720&"}, {"bgColor": "", "directoryId": 500, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/cc63774b7a9aae02fe36bc5caf90c1e25e66a2bc.13791.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/e822cd4628c5162313f49f5d4556f8aafdf38750.11513.png", "title": "Mozilla Manifesto", "type": "affiliate", "url": "https://www.mozilla.org/about/manifesto/"}, {"bgColor": "", "directoryId": 502, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/40e5630405d5031ca73393bd7bc0064156f2cc82.10984.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/490d42d1f9a76c07739626d1b8a569169aec8fbe.11039.png", "title": "Customize Firefox", "type": "affiliate", "url": "http://fastestfirefox.com/firefox/desktop/customize/"}, {"bgColor": "#fff", "directoryId": 690, "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/8acf9436e1b315f5f04b9435a518bcd1aef131f8.5663.png", "title": "Mozilla Developer Network", "type": "affiliate", "url": "https://developer.mozilla.org/en-US/?utm_source=mozilla&utm_medium=firefox-tile&utm_campaign=default"}, {"bgColor": "", "directoryId": 504, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/877f1c561e735f7b9f419ff9ac79eb8c7481119d.16744.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/25c9fbb07308b84d160fc1b7959364a2c18f93b9.6404.png", "title": "Firefox Marketplace", "type": "affiliate", "url": "https://marketplace.firefox.com/"}, {"bgColor": "#3fb58e", "directoryId": 505, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/720121e7462d8c7863b4dd8fa7b5c1089b5f5fb2.33862.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/0e6031675a9c491dd0c65e9c67cfbf54a5880f17.2295.svg", "title": "Mozilla Webmaker", "type": "affiliate", "url": "https://webmaker.org/?utm_source=directory-tiles&utm_medium=firefox-browser"}, {"bgColor": "", "directoryId": 506, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/d971cbafa0309a201e518acdac4f1ee4dabc7eaa.15109.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/b4adc58dd3c02da355104977b910255060cfd6d8.10350.png", "title": "Firefox Sync", "type": "affiliate", "url": "http://mozilla-europe.org/firefox/sync"}, {"bgColor": "", "directoryId": 507, "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/22fb856cd58365855eb725b1565f08a72464e039.18717.png", "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/068e0ccbd8701a28e2f078c640ee072b9a16e2e1.12490.png", "title": "Privacy Principles", "type": "affiliate", "url": "http://europe.mozilla.org/privacy/you"}]}
 * Connection #1 to host dtex4kvbppovt.cloudfront.net left intact

Reformatted

{"en-US":
 [{"bgColor": "",
   "directoryId": 498,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/d11ba0b3095bb19d8092cd29be9cbb9e197671ea.28088.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/1332a68badf11e3f7f69bf7364e79c0a7e2753bc.5316.png",
   "title": "Mozilla Community",
   "type": "affiliate",
   "url": "http://contribute.mozilla.org/"},
  {"bgColor": "#ffffff",
   "directoryId": 499,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/1ddd27484ee94475bff83cf81d2bc50d7762508c.13811.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/942999d58ef3d83d0e8f88ad38f20dad1d498f39.3500.png",
   "title": "Firefox for Android",
   "type": "affiliate",
   "url": "https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dmozilla%26utm_medium%3Dbanner%26utm_campaign%3Ddesktop01"},
  {"bgColor": "",
   "directoryId": 701,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/f60af738ea30deb592e856035b077e1047868fe5.9323.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/5262b95fe33a62e8de33bd66c7db3e39355cfbba.9425.png",
   "title": "TurboTax",
   "type": "sponsored",
   "url": "https://turbotax.intuit.com/lp/ty14/bn/tmp_1_hp.jsp?znM=mind3&cid=bn_moz_12_hp_1855513_116638939_56708720&cvosrc=display.1855513.116638939&m_field9=nt&m_field10=56708720&"},
  {"bgColor": "",
   "directoryId": 500,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/cc63774b7a9aae02fe36bc5caf90c1e25e66a2bc.13791.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/e822cd4628c5162313f49f5d4556f8aafdf38750.11513.png",
   "title": "Mozilla Manifesto",
   "type": "affiliate",
   "url": "https://www.mozilla.org/about/manifesto/"},
  {"bgColor": "",
   "directoryId": 502,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/40e5630405d5031ca73393bd7bc0064156f2cc82.10984.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/490d42d1f9a76c07739626d1b8a569169aec8fbe.11039.png",
   "title": "Customize Firefox",
   "type": "affiliate",
   "url": "http://fastestfirefox.com/firefox/desktop/customize/"},
  {"bgColor": "#fff",
   "directoryId": 690,
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/8acf9436e1b315f5f04b9435a518bcd1aef131f8.5663.png",
   "title": "Mozilla Developer Network",
   "type": "affiliate",
   "url": "https://developer.mozilla.org/en-US/?utm_source=mozilla&utm_medium=firefox-tile&utm_campaign=default"},
  {"bgColor": "",
   "directoryId": 504,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/877f1c561e735f7b9f419ff9ac79eb8c7481119d.16744.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/25c9fbb07308b84d160fc1b7959364a2c18f93b9.6404.png",
   "title": "Firefox Marketplace",
   "type": "affiliate",
   "url": "https://marketplace.firefox.com/"},
  {"bgColor": "#3fb58e",
   "directoryId": 505,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/720121e7462d8c7863b4dd8fa7b5c1089b5f5fb2.33862.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/0e6031675a9c491dd0c65e9c67cfbf54a5880f17.2295.svg",
   "title": "Mozilla Webmaker",
   "type": "affiliate",
   "url": "https://webmaker.org/?utm_source=directory-tiles&utm_medium=firefox-browser"},
  {"bgColor": "",
   "directoryId": 506,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/d971cbafa0309a201e518acdac4f1ee4dabc7eaa.15109.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/b4adc58dd3c02da355104977b910255060cfd6d8.10350.png",
   "title": "Firefox Sync",
   "type": "affiliate",
   "url": "http://mozilla-europe.org/firefox/sync"},
  {"bgColor": "",
   "directoryId": 507,
   "enhancedImageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/22fb856cd58365855eb725b1565f08a72464e039.18717.png",
   "imageURI": "https://d1zcd8sq4oecon.cloudfront.net/images/068e0ccbd8701a28e2f078c640ee072b9a16e2e1.12490.png",
   "title": "Privacy Principles",
   "type": "affiliate",
   "url": "http://europe.mozilla.org/privacy/you"}]}

Table

bgColor directoryId title type url enhancedImageURI imageURI
498 Mozilla Community affiliate http://contribute.mozilla.org/ https://d1zcd8sq4oecon.cloudfront.net/images/d11ba0b3095bb19d8092cd29be9cbb9e197671ea.28088.png https://d1zcd8sq4oecon.cloudfront.net/images/1332a68badf11e3f7f69bf7364e79c0a7e2753bc.5316.png
#ffffff 499 Firefox for Android affiliate https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dmozilla%26utm_medium%3Dbanner%26utm_campaign%3Ddesktop01 https://d1zcd8sq4oecon.cloudfront.net/images/1ddd27484ee94475bff83cf81d2bc50d7762508c.13811.png https://d1zcd8sq4oecon.cloudfront.net/images/942999d58ef3d83d0e8f88ad38f20dad1d498f39.3500.png
701 TurboTax sponsored https://turbotax.intuit.com/lp/ty14/bn/tmp_1_hp.jsp?znM=mind3&cid=bn_moz_12_hp_1855513_116638939_56708720&cvosrc=display.1855513.116638939&m_field9=nt&m_field10=56708720& https://d1zcd8sq4oecon.cloudfront.net/images/f60af738ea30deb592e856035b077e1047868fe5.9323.png https://d1zcd8sq4oecon.cloudfront.net/images/5262b95fe33a62e8de33bd66c7db3e39355cfbba.9425.png
500 Mozilla Manifesto affiliate https://www.mozilla.org/about/manifesto/ https://d1zcd8sq4oecon.cloudfront.net/images/e822cd4628c5162313f49f5d4556f8aafdf38750.11513.png https://d1zcd8sq4oecon.cloudfront.net/images/cc63774b7a9aae02fe36bc5caf90c1e25e66a2bc.13791.png
502 Customize Firefox affiliate http://fastestfirefox.com/firefox/desktop/customize/ https://d1zcd8sq4oecon.cloudfront.net/images/40e5630405d5031ca73393bd7bc0064156f2cc82.10984.png https://d1zcd8sq4oecon.cloudfront.net/images/490d42d1f9a76c07739626d1b8a569169aec8fbe.11039.png
#fff 690 Mozilla Developer Network affiliate https://developer.mozilla.org/en-US/?utm_source=mozilla&utm_medium=firefox-tile&utm_campaign=default (empty) https://d1zcd8sq4oecon.cloudfront.net/images/8acf9436e1b315f5f04b9435a518bcd1aef131f8.5663.png
504 Firefox Marketplace affiliate https://marketplace.firefox.com/ https://d1zcd8sq4oecon.cloudfront.net/images/877f1c561e735f7b9f419ff9ac79eb8c7481119d.16744.png https://d1zcd8sq4oecon.cloudfront.net/images/25c9fbb07308b84d160fc1b7959364a2c18f93b9.6404.png
#3fb58e 505 Mozilla Webmaker affiliate https://webmaker.org/?utm_source=directory-tiles&utm_medium=firefox-browser https://d1zcd8sq4oecon.cloudfront.net/images/720121e7462d8c7863b4dd8fa7b5c1089b5f5fb2.33862.png https://d1zcd8sq4oecon.cloudfront.net/images/0e6031675a9c491dd0c65e9c67cfbf54a5880f17.2295.svg
506 Firefox Sync affiliate http://mozilla-europe.org/firefox/sync https://d1zcd8sq4oecon.cloudfront.net/images/d971cbafa0309a201e518acdac4f1ee4dabc7eaa.15109.png https://d1zcd8sq4oecon.cloudfront.net/images/b4adc58dd3c02da355104977b910255060cfd6d8.10350.png
507 Privacy Principles affiliate http://europe.mozilla.org/privacy/you https://d1zcd8sq4oecon.cloudfront.net/images/22fb856cd58365855eb725b1565f08a72464e039.18717.png https://d1zcd8sq4oecon.cloudfront.net/images/068e0ccbd8701a28e2f078c640ee072b9a16e2e1.12490.png

Images

Indeed there is an advertisement in there., It’s a native advertisement, perhaps you can spot it?

enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
(empty) imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI
enhancedImageURI imageURI

Google Mail “no longer supports” Thunderbird (or other IMAP clients)

Seems that at some point in there Google ceased to provide direct support for IMAP clients. Upon enrolling a new Thunderbird for Google mail, I vailed to be ab le to set up the account. In my gmail stream I get the notice declaring that to allow Thunderbird, I have to accept the bargin that my account t is no longer protected by modern security standards, whatver they may be.


Google’s Documentation

Application-Application-Specific Password Required

Allowing less secure apps to access your account

My client isn’t accepting my username and password

Application-Application-Specific Password Required

Spamness for Thunderbird (requires a folder rebuild)

Spamntess for Thunderbird: (sometimes) Does. Not. Work.  But if it did, it would be great!

Sees to work on some folders, but not on others.  Even with the folder rebuild. But, specifically, it isn’t working with inbox where  it is needed the most (because after inbox you have, by definition, refiled the mail so you pretty much know whether it’s spam or not).

thunderbird-24.5.0-1.fc19.x86_64

Recall that Thunderbird is consciously uncoupling from Mozilla (long live Thunderbird!).
c.f. Thunderbird Reorganizes at the 2014 Toronto Summit; In Their Blog; 2014-11-25.


Firefox blocks Flash v11.202.424 and prior because CVE-2014-9163 (APSB14-27)


Get Flash Player; Adobe

Details

broken Linux 11.2.202.424 and earlier APSB14-27
fixed flash-plugin-11.2.202.425-release.x86_64.rpm Download

Adobe

  • APSB14-27 Security updates available for Adobe Flash Player

Mozilla

  • 1109795Blocklist Flash versions vulnerable to CVE-2014-9163 (15.0.0.242 and below, 11.2.202.424 on linux)

Mitre

  • CVE-2014-9163 Stack-based buffer overflow in Adobe Flash Player
    before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in 2014-12.

Adobe

Background

General

Firefox
Chrome
Flashblock FlashControl
NoScript ScriptBlock, ScriptSafe NotScripts

$ sudo yum update -y flash-plugin
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package flash-plugin.x86_64 0:11.2.202.359-release will be updated
---> Package flash-plugin.x86_64 0:11.2.202.425-release will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package         Arch      Version                  Repository             Size
================================================================================
Updating:
flash-plugin    x86_64    11.2.202.425-release     adobe-linux-x86_64    6.9 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 6.9 M
Downloading packages:
No Presto metadata available for adobe-linux-x86_64
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating   : flash-plugin-11.2.202.425-release.x86_64                     1/2
Cleanup    : flash-plugin-11.2.202.359-release.x86_64                     2/2
Verifying  : flash-plugin-11.2.202.425-release.x86_64                     1/2
Verifying  : flash-plugin-11.2.202.359-release.x86_64                     2/2

Updated:
flash-plugin.x86_64 0:11.2.202.425-release

Complete!

Pure URL for Firefox removes garbage like ‘utm_source’ from URLs

Pure URL for Firefox

Data

More than the default settings (cut & paste this into) the config settings in about:addons

utm_cid, smprod, smid,it_source,wpmp_tp, utm_hp_ref,mod,tag,mbid, mtid,ncid,utm_cid,utm_source, utm_medium, utm_term, utm_content, utm_campaign, utm_reader, utm_place, ga_source, ga_medium, ga_term, ga_content, ga_campaign, ga_place, yclid, _openstat, feature@youtube.com, fb_action_ids, fb_action_types, fb_ref, fb_source, action_object_map, action_type_map, action_ref_map, ref@facebook.com, fref@facebook.com, hc_location@facebook.com, ref_@imdb.com, src@addons.mozilla.org

Click-to-Play in Mozilla’s Firefox

Promotions

Via: backfill, backfill

, Mozilla Wiki

; In Mozilla Support

Lightbeam for Firefox

Lightbeam

Concept

  • Visualizations
    1. Graph
    2. Clock
    3. List
  • Sharing
    • Data stored locally

Background

Previously

Promotions

Via: backfill

Actualities

Mozilla Persona & Identity Bridges

 Concepts

  • Persona Identity Provider (IdP)
  • Persona Identity Bridge
    • OpenID
    • OAuth
  • Bridges
    • Identity Bridge for Yahoo! Mail.
    • Identity Bridge for Google Mail.
  • Mozilla Identity

Capability

You sign into a site with your email address, which is validated as true, correct & yours by the Persona rigging&redirecting.

  • Users can sign into sites with Persona, but the IdP can’t track which sites they sign into.
  • Users can sign into sites with Persona, but Yahoo! can’t track which sites they sign into.
  • Users can sign into sites with Persona, but Google can’t track which sites they sign into.
  • … you get the idea.

Puzzle

Question: Where’s your password?
Answer: held at your email provider

Therefore:

  • You trust your email provider as a holder of a master secret, with a trust level above all others.
  • If your email provider gives up your email password, your accounts are “open.”
  • In this eventuality, it’s unclear what your remedial actions can be.

Persona-enabled Websites

Promotions

At Mozilla

Derivatives

Technical Details

Via backfill

Nightingale

Nightingale

Via: backfill

Availabilities

Fedora

Install on Fedora / Korora and rpm-based distros (gnome/cinnamon); forum discussion; 2013-05-04 -> 2013-05-15.

Basic Fedora RPM Packaging; forum discussion; 2012-03-31 -> 2012-04-18.

  • Trial Packaging: nightingale-1.11.0-2.fc16.src.rpm
  • Summary of issues
    • Bundled libs
    • Downloading external dependencies during building
    • Downloading BINARY dependencies during building
    • No FHS compliant “make install” target.

Mozilla Firefox Social API in Firefox Facebook Messenger (and others)

Instructions

Turn Off Facebook ServiceDisable Facebook Service

Overview

Mentions

Concepts

  • Control Messages
  • Service Works
  • Ambient Notification Control
  • Active Notification Control
  • Page Marks (Recommendations)
  • Link Recommendation Control
  • Messages Sent to Widgets
  • from Firefox 23
    • Share (button)
    • Service Discovery

Announcements

By Mozilla …

Promotions

Ahem … surely there’s more of a following for Mozilla’s product offerings than one beat reporter over at AOL (TechCrunch).  But that’s not what the search engines are telling me…

Actualities


CliqzFinal

MSN-Screen-shot

Network Monitor in Firefox 23 & 24

Network Monitor, now in Firefox Beta; In Their Blog; 2013-06-27.
, and (Editor)

Instructions

Open the tool:

  • menu: Tools => Web Developer => Network
  • keyboard: Ctrl + Alt + Q

Actualities

Estimation

Feels like:

  • Absent other clear direction for the evolution of the browser
  • They are “building at the factory” in the features of the popular addons:
    e.g. firebug.

Up next:

  • Request Policy, NoScript, Ghostery, Flash Block, Ad Block Plus, Calomel, Cert Watch, Conspiracy, Flagfox
  • (newer) Cookie Manager, Foundstone.

Already

  • Collusion
  • about:trackers

Via: backfill

Mozilla Prospector is User Personalization Built Into the Browser

Prospector by Mozilla Labs

Firefox

What is It?

  • Seems to be a concept, a vision.
  • A set of collaborations with publishing businesses.
  • A solicitation of feedback, a call for a vote of confidence in the vision.

Not yet

  • Running code
  • Released feature set
  • An experience
  • Not yet at the wireframe/screen shot stage.

Concept

  • Content preferences managed in the browser
  • Content targeting preferences communicated to web servers (e.g. advertisers)
  • Service destinations, e.g. Firefox Marketplace, could recommend based on declared interests.

Claimed

  • <quote><snip/>we’ve begun testing this concept with volunteer participants<snip/>sharing their interests on their own terms in order to see personalized content, and the results are promising.</quote>
  • <quote>We think this type of offering could bring transparent, effective personalization to users all across the Web in ways we haven’t even thought of yet. What do you think <snip/>? </quote>

Mentions

Promotions

Previously

Via backfill, backfill, backfill and noted.

Dates for Phasing out MD5-based signatures and 1024-bit moduli | Mozilla

Mozilla; Dates for Phasing out MD5-based signatures and 1024-bit moduli; last updated 2012-09-12 (as seen 2013-01-21).
Mentions

  • 2013-12-31 – Mozilla will disable or remove all root certificates with RSA key sizes smaller than 2048 bits.
  • Mozilla’s Root Change Process
  • NIST SP 800-57 Recommendation for Key Management; Part 1 (2012-07), Part 2 (2005-08), Part 3(2009-12).
    • minimum key sizes recited inline
  • SP-800-131 DRAFT Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes SP-800-131A

Thunderbird stops displaying HTML email, maybe after an Enigmail update

Indications

  • You typed random characters at Thunderbird because you weren’t watching where the input focus was located
  • You know something has changed in Thunderbird, but you’re unclear what
  • You installed Enigmail
  • Email that you know is available in HTML no longer shows in formatted form
  • Email that contains embedded images does not display the images, just links to the images.

Remedy

Menu View > Message body as > Original HTML