Tópico do Firefox

[Jorge-Vieira]

Firefox prepara-se para dispensar a utilização do Flash Player

Um dos grandes problemas da Internet são algumas das tecnologias ainda usadas e que consomem recursos de forma anormal. Um desses problemas está no flash e nos conteúdos que ainda existem espalhados pela Internet.
Se a maioria dos browsers ainda depende da instalação do Flash Player, há já alguns que têm os seus players nativos. O Firefox foi o mais recente a aderir a este modelo e a sua versão Nightly tem já disponível a sua solução.



Para contornar o problema do Flash, que vai muito além do problema do consumo de recursos, a Mozilla criou uma solução que permite a todos os utilizadores acederem a estes conteúdos sem depender do Flash.
As versões Nightly do Firefox estão já preparadas para usar este componente de forma nativa e para reproduzir os conteúdos Flash.
Através da utilização do Shumway é já possível ter acesso a vários conteúdos de forma muito mais fluída e controlada dentro do browser da Mozilla.
Esta integração vai garantir que os utilizadores têm disponíveis as mais recentes versões dos players necessários para reproduzir os conteúdos Flash, mas sempre actualizados e livres de problemas de segurança.
Ao estar embebido no browser, o Shumway consegue uma integração plena e com o acesso mais controlado aos recursos que estão disponíveis, garantindo performances melhores, não apenas do próprio leitor de conteúdos Flash, mas também do próprio browser.
Apesar de estar já dentro do browser da Mozilla, o Shumway está ainda limitado nos conteúdos que consegue reproduzir e também não está activo por omissão.

Para o poderem usar precisam de aceder às definições do Firefox – about:config – e alterar o parâmetro shumway.disabled de true para false.
Existem ainda outras limitações, estando para já apenas preparado para reproduzir os conteúdos que estão na Amazon.com.
Esta mudança, que para já podem usar os utilizadores das versões Nightly do Firefox para Windows e para OSX, vem quebrar a dependência que existe do player Flash que todos nos habituámos a usar e que tantos problemas apresentam.
O Shumway chegará mais tarde às outras versões do Firefox, deixando também de estar limitadas ao Desktop, sendo alargada às versões móveis deste browser.
A chegada do Shumway vem abrir as portas para uma web ainda mais livre do Flash e de outras tecnologias que até agora a tem impedido de crescer.

Noticia:
http://pplware.sapo.pt/informacao/fi...-flash-player/

[Winjer]

Finalmente a Mozilla corrige a maior desvantagem do Firefox em relação ao Chrome.



Morte ao Flash!!!

[Jorge-Vieira]

Já era tempo, aquele degredo do Flash só causa breaks e paragens subitas

[Jorge-Vieira]

HTTP/2 finalised says IETF HTTP Working Group chair

HTTP/2 has been finalised, according to Mark Nottingham, chair the IETF HTTP Working Group and am a member of the W3C TAG. In a blog post today simply entitled 'HTTP/2 is Done', Nottingham said that the IESG has formally approved the HTTP/2 and HPACK specifications. Now the standard is going to go through some editorial tweaks before publishing.

The new version of the Hypertext Transfer Protocol is a "huge deal," reports The Next Web. It is the first major revamp of the protocol since 1999 when HTTP/1.1 was adopted. As such it will bring the protocol up to speed with several new web technologies and provide benefits as faster page loads, hold connections longer and help servers push data to your cache. According to the HTTP/2 homepage on Github "the focus of the protocol is on performance; specifically, end-user perceived latency, network and server resource usage. One major goal is to allow the use of a single connection from browsers to a Web site."
The key high level differences that HTTP/2 possesses compared to HTTP/1.X are as follows:

• HTTP/2 is binary, instead of textual
• It is fully multiplexed, instead of ordered and blocking
• It can therefore use one connection for parallelism
• It uses header compression to reduce overhead
• It allows servers to 'push' responses proactively into client caches

HTTP/2's multiplexing goes further than HTTP/1.1's parallelism to fix a problem called 'head of line blocking' where only one request can be outstanding on a connection at a time. The new protocol implements far fewer concurrent connections. Previously a single web page with multiple origins could easily open 30 or so data connections, causing problems such as buffer overflow, congestion and monopolising your network – effectively stealing resources from other internet services/apps. The implementation of header compression will also improve your browsing experience greatly, especially on mobiles, according to the HTTP/2 FAQ.

Mark Nottingham @mnot Follow
on the blog: HTTP/2 is Done http://bit.ly/1CFPzUW
12:47 AM - 18 Feb 2015




Only a few days back Google announced that it plans to fully switch to HTTP/2 in Chrome. Google's SPDY/2 was the basis of HTTP/2 and its core developers were involved in HTTP/2. TNW reports that developers can already test out the new protocol in both Chrome and Firefox. For more information please refer to the HTTP/2 FAQ.

Noticia:
http://hexus.net/business/news/inter...g-group-chair/

[Jorge-Vieira]

Vice President Of Firefox Is Leaving Mozilla

Mozilla's vice president of Firefox announced today that he is leaving the company. You can read the full statement in this blog post

Firefox today has a fierce momentum. None of which will stop the trolls, of course. When this news gets out, I imagine someone will say something stupid. That it’s a Sign Of Doom. Predictable, and dead wrong; it misunderstands us completely.

Noticia:
http://www.hardocp.com/news/2015/02/...a#.VOS8Ay5v7P4

[Jorge-Vieira]

Just wait, blacklisting dangerous root certificates will lead to a legal battle

Firefox can remove any threat that Superfish presents with a simple step and 24 hours; indeed they could prevent any similar issue using a questionable or downright poisonous SSL Certificate simply by blacklisting them. They specifically quote the ability of OneCRL to block even obfuscated certs before the Network Security Services level if the certs are properly recorded on the blacklist in this Register article. This would lead to a much more secure web, requiring attackers to invest significantly more effort when attempting to create fake or dangerous SSL certs. There is a flip side to this, for there are those who may attempt to have valid certs added to the Blacklist and so there must be a way of policing the list and a way to remove certs which should not be on the list due to being placed there in error or because of a change in the software associated with that certificate. It is also likely that there will be court cases attempting to have the blacklist removed if it does come into being as Superfish is not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices which will no longer be viable if we are allowed to block their mutant SSL certs.

"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."

Noticia:
http://www.pcper.com/news/General-Te...d-legal-battle

[Winjer]

Mozilla lançou o Firefox 36 e trouxe-o para uma nova Internet

Os browsers são já parte fundamental dos nossos computadores. Muita da informação e dos dados que necessitamos estão na Internet e é com estas ferramentas que lhes acedemos.A Mozilla tem estado na linha da frente no que toca a desenvolvimento e o seu browser, o Firefox, consegue ser uma das escolhas mais usadas na Internet.
Depois de uma versão 35 que trouxe grandes novidades, esta nova versão agora lançada, a versão 36, é mais comedida no que mostra, mas tem muito trabalho feito onde a vista não alcança.



A nova versão do Firefox, que saiu agora para os utilizadores, tem novidades de grande interesse para todos os que se dedicam a avaliar as qualidades deste browser, mas não de forma directa e bem visível.
São novidades que estão bem enraizadas no núcleo do Firefox e que vão dar a todos os utilizadores um acesso mais rápido e mais seguro à Internet.
Falamos da chegada ao Firefox do novo protocolo HTTP/2, que foi recentemente terminado e disponibilizado para ser usado por todos os que criam ferramentas para a Internet.
Esta novidade vai dar ao Firefox e aos seus utilizadores um acesso muito mais rápido aos conteúdos, garantindo que toda a informação circula de forma muito mais protegida e ao mesmo tempo também mais optimizada.
Mas a Mozilla reservou também para esta versão a chegada de uma pequena novidade, relacionada com a sincronização entre diferentes versões do Firefox, sempre com recurso à conta do utilizador.
A partir de agora passa a ser possível sincronizar também os tiles que os utilizadores tiverem bloqueados na página de abertura do Firefox.
Esta opção vem juntar-se a todas as restantes que estavam já disponíveis para sincronização e que permitem ao utilizador manter as suas sessões e configurações entre os diferentes Firefox que tiver a usar.

Para além destas duas novidades de peso, o Firefox 36 tem ainda outras melhorias, mais viradas para a correcção de problemas e de alguns bugs.
Destacamos uma melhoria que pode levar alguns utilizadores a terem alguns problemas na navegação em páginas HTTPS e que é o fim do aceitar de certificados com chaves de 1024 bits. De agora em diante apenas as de 2048 e superiores são suportadas pelo Firefox.
Há ainda a correcção de um problema que estava a afectar os utilizadores do Gmail e do Facebook e que levava a que os acessos às sua contas pedissem constantemente novas autenticações.
Tal como acontece sempre, esta nova versão já deve estar disponível para actualização no Firefox. Instalem-na e vejam o que existe de novo. Como referimos não existe muita coisa visível, mas este browser está novamente no caminho do sucesso.

[Jorge-Vieira]

Mozilla releases 64-bit Firefox for Windows with latest Developer Edition

Mozilla has finally released a 64-bit version of their Firefox web browser for Windows, joining other major browsers including Google Chrome, Internet Explorer and Opera in offering 64-bit variants.
However, at this stage the 64-bit version of Firefox is a Developer Edition build, which is one of Mozilla's beta builds of Firefox. While the Developer Edition channel is far more stable than the Nightly channel, it's not the same as the main builds of Firefox that users will typically download. As such, 64-bit Firefox could be considered as being in the beta phase at this stage.
If all goes to plan, Mozilla will release a stable version of 64-bit Firefox for Windows with Firefox 38, scheduled for release in May. At that point it will sit alongside the already-released 64-bit variants for OS X and Linux.
Firefox 38 Developer Edition, complete with 64-bit addressing, brings support for web applications larger than 4 GB, which is great for developers wanting to build large browser-based games. Thanks to new hardware registers and a larger address space, Mozilla claims the 64-bit version is also faster and more secure than before.
The latest Developer Edition also includes some WebRTC changes and fixes, as well as a few other improvements for developers. Anyone interested in upgrading to the 64-bit version of Firefox can do so via Mozilla's Developer Edition page.

Noticia:
http://www.techspot.com/news/59926-m...r-edition.html

[Sardo]

Finally

[Jorge-Vieira]

Since TLS connections mostly ignore OCSP, Firefox is creating yet another solution

It seems somehow strange that the vast majority of 'secure' connections still completely ignore what were developed as industry standards to ensure security in favour of creating their own solutions but that is the world a security professional lives in. The basic design of OCSP does carry with it a lot of extra bandwidth usage and while maintaining a time limited local cache, referred to as stapling, would ameliorate this your TLS connection is not likely to support that solution. Instead of fixing the root cause and utilizing existing standards it would seem that Firefox 37 will start a brand new solution, maintaining a list of revoked certificates ironically called OneCRL which will be pushed out to Firefox users, duplicating the CRLSet which Chrome has already developed and maintains.
This is good for the end user in that it does add security to their browsing session but for those truly worried about attempting to make the net a safer place it offers yet another list to keep track of and for attackers yet another vector of attack. At some point we will have to stop referring to standards when referencing networking technology. Pour through the links on the Slashdot post and read through the comments to share in the frustration or to familiarize yourself with these concepts if the acronyms are unfamiliar.

"The next version of Firefox will roll out a 'pushed' blocklist of revoked intermediate security certificates, in an effort to avoid using 'live' Online Certificate Status Protocol (OCSP) checks. The 'OneCRL' feature is similar to Google Chrome's CRLSet, but like that older offering, is limited to intermediate certificates, due to size restrictions in the browser."

Noticia:
http://www.pcper.com/news/General-Te...other-solution

[Jorge-Vieira]

Google Targets Firefox Users with Special Warnings

Made with Flare More Info'>
Mozilla users will soon see a new message in Google’s search engine urging them to switch their default search engine to Google. Users can also choose to ignore the message and hide it until clearing the browser’s cache by pressing the “No, Thanks” button.
This comes as a result of Mozilla changing its default search engine to Yahoo! in November 2014. Default search contracts are the main route to monetizing third-party browsers. Search providers like Google and Yahoo pay browser-makers tens, or even hundreds of millions of dollars for the unique access, as it is a major driver of search traffic from modern browsers.

Firefox has been working with Google as its default search engine since 2004, but the recent change terminated the long partnership with the top web search engine. Google’s new popups make it clear that the company isn’t happy with the shift and it’s also clear that it considers Firefox search traffic a primary target. Firefox is the third most-used personal computer browser after Google’s Chrome browser and Microsoft’s Internet Explorer.
Thank you Daily Tech for providing us with this information

Noticia:
http://www.eteknix.com/google-target...cial-warnings/

[Jorge-Vieira]

Firefox 37 Update Includes 'Opportunistic Encryption' And Other Security Improvements

Mozilla released version 37 of its Firefox browser to the stable channel. The company updates its browser on a six weeks schedule, just like Google.
The new version seems to be mainly about new security improvements and fixes, which comes at an ideal time, considering Firefox didn't do so well in the Pwn2Own browser security competition. Although Firefox finished among the last at Pwn2Own, Mozilla updated the browser quite quickly afterwards with the fixes for the vulnerabilities found by the security researchers attending the contest.
One of the bigger security features added to Firefox 37 is "opportunistic encryption" for servers and sites that support "HTTP/2 AltSvc." This allows Firefox to encrypt the traffic without having to authenticate it. This is better than no encryption at all, but still worse than authenticated encryption.

Unlike authenticated encryption (HTTPS), opportunistic encryption doesn't protect against active "man-in-the-middle" attacks. It only protects against passive (dragnet) surveillance (which is still of major benefit to most users).
Mozilla also added the OneCRL list of revoked certificates in Firefox 37, which is a feature similar to Chrome's CRLset. If a security incident requires the revocation of a certificate, then Mozilla can update its browser to disallow the forged certificate from being used.
The new Firefox also supports encrypted Bing search. While Google adopted HTTPS by default for its search engine years ago, Microsoft added optional encryption for Bing only last year, although recently the company made it mandatory, as well. Now, all Bing searches will be encrypted by default.
Mozilla also made some changes to the way the TLS encryption works in its browser:

• Disabled insecure TLS version fallback for site security
• Extended SSL error reporting for reporting non-certificate errors
• TLS False Start optimization now requires a cipher suite using AEAD construction
• Improved certificate and TLS communication security by removing support for DSA

Other features in Firefox 37 include Mozilla making Yandex the default search engine for Turkey, as well as adding its new Heartbeat feedback system into the browser. The Heartbeat system will randomly show some users a widget asking for a rating. Mozilla will then try to either improve or nurture the relationship with its users, depending on the ratings they give.

Noticia:
http://www.tomshardware.com/news/fir...ity,28857.html

[Jorge-Vieira]

Mozilla plans VR in the browser

It is doing something interesting after all
Big Cheeses at the Mozzarella Foundation have finally come up with an idea that could make Firefox relevant again.


For ages now Firefox has been losing users almost as it holds on to their memory and while it has made pushes into mobile, the outfit has not really done much cutting edge since it sank Internet Exploder in Europe.
All that is set to change as the Foundation starts putting Virtual Reality under the bonnet of the browser.
Mozilla researchers Vlad Vukicevic and Josh Carpenter have been telling Road to VR about Mozilla's cunning plans to build building native-feeling immersive VR sites.

"Ultimately, we want users to have a seamless, friction-free experience on the Web, whether browsing existing Web content or new VR content. We also want developers to have a clear path to creating new fully-immersive VR web sites as well as adding VR elements to their current sites. Finally, we want all of this to work on the widest possible range of hardware, as one of the strengths of the Web is its ability to scale from the lowest end mobile phones to the highest end desktops," they said.

Initially the Web VR has focused on creating content using WebGL, which is a full 3D graphics API. WebGL is powerful, but it's an API borrowed from the 3D world purely to enable high performance 3D graphics on the Web.


WebGL is a good place to get started with VR experiments on the Web, but HTML+CSS are still the languages we use to structure and lay out websites. So for VR Web to take off, it needs to enable Web developers to create VR experiences using these languages they already know.

So there has to been a way to view and interact with HTML and CSS websites in virtual reality and this will mean VR equivalents of scrolling, clicking links, zooming in, etc.
"We will need to determine how to display desktop and mobile sites that were never designed for virtual reality," they said.
WebVR is currently best supported on desktop browsers like Firefox Nightly, where it is experienced as a temporary mode within a traditional 2D browsing user interface. These interfaces were not designed with virtual reality in mind, and as a consequence we cannot "browse" inside VR.

"We do not believe Web VR will take off until we can truly surf the Web from inside virtual reality, with the functionality we expect from modern browsers. We have begun this work with our early 'Hiro' prototypes, and we have many more ideas!"

It is all looking jolly interesting and we have a soft spot for the Open Saucy Mozilla so we hope it comes off.

Noticia:
http://www.fudzilla.com/news/37969-m...in-the-browser

[Jorge-Vieira]

Mozilla outlines three-step plan to win back Firefox users

Mozilla’s Firefox was at one time a very popular browser among technology enthusiasts but over the years, it has seceded much of its market share to Google’s Chrome. Now, Mozilla is setting in motion a plan it hopes will win back some of its defectors.
Firefox Director of Engineering Dave Camp said in a recent e-mail to developers that Mozilla is using a “Three Pillars” approach to improving its browser.
The first pillar is uncompromised quality. Mozilla believes that every feature in the browser should be polished, function and a joy to use. Simply put, if a feature can’t reach that state, it shouldn’t exist.

Camp said that in some cases, that will involve making a feature great. In other cases, it’ll mean either removing the code for said feature or finding a third-party service or add-on that can do a better job than they can.
He added that there’s no shortcut available meaning it’ll take significant, sustained work to achieve. As such, we can expect to see some of the effort typically reserved for developing new features to be diverted to bringing existing features up to snuff. It’s not all that different than what Apple and Google are doing with their next major mobile OS releases.
The second pillar, best of the web, involves the add-on community and partners although its purpose isn’t quite as clear-cut. Camp mentioned partnering with Telefonica to build Firefox Hello and adding integration with Pocket, the latter of which drew some criticism in how it was handled.
Moving forward, Camp said Mozilla will devote a lot of effort to make add-ons even better by improving security and performance as well as building a better API to increase cross-platform compatibility for add-on authors and partners.
Last but not least is uniquely Firefox. This pillar focuses on giving users the “control to shape their web.” To start with, Mozilla will tackle an area that’s on a lot of people’s minds lately: online privacy. Early efforts, namely an improved Private Browsing mode, will land in Firefox soon, we’re told.

Noticia:
http://www.techspot.com/news/61277-m...k-firefox.html

[Jorge-Vieira]

Mozilla Firefox browser starts to block Flash by default

Mozilla's popular web browser, Firefox, has started to block Adobe Flash content as its default behaviour. If you are a Firefox user who has updated to the latest version of the browser you might have already noticed this change.
Earlier today the head of the Firefox support team at Mozilla, Mark Schmidt, Tweeted the 'big news'.

View image on Twitter

Follow
Mark Schmidt @MarkSchmidty

BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. https://addons.mozilla.org/en-US/firefox/blocked/p946 … #tech #infosec
3:35 AM - 14 Jul 2015





The move comes in the wake of a Tweet from Facebook's chief security officer, Alex Stamos, saying that "It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day." Mozilla's Schmidt retweeted Stamos and was perhaps inspired by the Anti-Flash proclamation from such an industry big hitter as Facebook.
After his 'big news' Tweet about the blocking of Flash Schmidt added "To be clear, Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities." Then added "For now... ".

Adobe Flash has seen more than its fair share of vulnerabilities during its history. It started off as a compact plugin to add animation and multimedia to the web with very efficient use of bandwidth. Over time the plugin grew in capabilities, complexity and size and it became increasingly common as an attack vector inside the various internet browsers. It's had some big name detractors for years now. Famously Apple's Steve Jobs wasn't fond of the plugin. In addition to Flash's vulnerabilities it has been known to eat battery life, be used to play unwanted bandwidth hogging video adverts and so on.
Some companies have already moved away from Flash, with the most notable of these being YouTube. In January this year it demoted Flash so that visitors to the video site were greeted by HTML5 video players by default.

Noticia:
http://hexus.net/tech/news/software/...flash-default/


Finalmente