Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.

Mozilla today launched Firefox Quantum, which the company is calling "the biggest update since Firefox 1.0 in 2004." It brings massive performance improvements and a visual redesign. It also sets Google as the default search engine again if you live in the U.S., Canada, Hong Kong and Taiwan. TechCrunch reports: In 2014, Mozilla struck a deal with Yahoo to make it the default search engine provider for users in the U.S., with Google, Bing, DuckDuckGo and others as options. While it was a small change, it was part of a number of moves that turned users against Firefox because it didn't always feel as if Mozilla had the user's best interests in mind. Firefox Quantum (aka, Firefox 57), is the company's effort to correct its mistakes and it's good to see that Google is back in the default slot. When Mozilla announced the Yahoo deal in 2014, it said that this was a five-year deal. Those five years are obviously not up yet. We asked Mozilla for a bit more information about what happened here.

"We exercised our contractual right to terminate our agreement with Yahoo! based on a number of factors including doing what's best for our brand, our effort to provide quality web search, and the broader content experience for our users. We believe there are opportunities to work with Oath and Verizon outside of search," Mozilla Chief Business and Legal Officer Denelle Dixon said in a statement. "As part of our focus on user experience and performance in Firefox Quantum, Google will also become our new default search provider in the United States, Canada, Hong Kong and Taiwan. With over 60 search providers pre-installed as defaults or secondary options across more than 90 language versions, Firefox has more choice in search providers than any other browser."

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.
"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.

An anonymous reader writes: Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. The technique is widely used in the advertising industry to track users across sites. Firefox 58 is scheduled for release on January 16, 2018.

Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox.

Last week, Ethan Marcotte, an independent web designer, shared how Google describes AMP (Accelerated Mobile Pages). People at Google says AMP "isn't a 'proprietary format'; it's an open standard that anyone can contribute to." But that definition, Marcotte argues, isn't necessarily an honest one. He writes: On the face of it, this statement's true. AMP's markup isn't proprietary as such: rather, all those odd-looking amp- tags are custom elements, part of the HTML standard. And the specification's published, edited, and distributed on GitHub, under one of the more permissive licenses available. So, yes. The HTML standard does allow for the creation of custom elements, it's true, and AMP's license is quite liberal. But spend a bit of time with the rules that outline AMP's governance. Significant features and changes require the approval of AMP's Technical Lead and one Core Committer -- and if you peruse the list of AMP's Core Committers, that list seems exclusively staffed and led by Google employees. Now, there's nothing wrong with this. After all, AMP is a Google-backed project, and they're free to establish any governance model they deem appropriate. But when I hear AMP described as an open, community-led project, it strikes me as incredibly problematic, and more than a little troubling. AMP is, I think, best described as nominally open-source. It's a corporate-led product initiative built with, and distributed on, open web technologies. Jeremy Keith, a web developer, further adds: If AMP were actually the product of working web developers, this justification would make sense. As it is, we've got one team at Google citing the preference of another team at Google but representing it as the will of the people. This is just one example of AMP's sneaky marketing where some finely-shaved semantics allows them to appear far more reasonable than they actually are. At AMP Conf, the Google Search team were at pains to repeat over and over that AMP pages wouldn't get any preferential treatment in search results ... but they appear in a carousel above the search results. Now, if you were to ask any right-thinking person whether they think having their page appear right at the top of a list of search results would be considered preferential treatment, I think they would say hell, yes! This is the only reason why The Guardian, for instance, even have AMP versions of their content -- it's not for the performance benefits (their non-AMP pages are faster); it's for that prime real estate in the carousel. The same semantic nit-picking can be found in their defence of caching. See, they've even got me calling it caching! It's hosting. If I click on a search result, and I am taken to page that has a URL beginning with https://www.google.com/amp/s/... then that page is being hosted on the domain google.com. That is literally what hosting means. Now, you might argue that the original version was hosted on a different domain, but the version that the user gets sent to is the Google copy. You can call it caching if you like, but you can't tell me that Google aren't hosting AMP pages. That's a particularly low blow, because it's such a bait'n'switch.

Catalin Cimpanu, reporting for BleepingComputer: Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." Mozilla released the new extension for employee-use only at first, but users can install it by going to this or this links. Lockbox revamps Firefox's antiquated password management utility with a new user interface (UI). A new Firefox UI button is also included, in case users want to add a shortcut in their browser's main interface to open Lockbox without going through all the menu options. Support for a master password is included, helping users secure their passwords from unauthorized access by co-workers, family members, or others.

An anonymous reader quotes InfoWorld: The Firebug web development tool, an open source add-on to the Firefox browser, is being discontinued after 12 years, replaced by Firefox Developer Tools. Firebug will be dropped with next month's release of Firefox Quantum (version 57). The Firebug tool lets developers inspect, edit, and debug code in the Firefox browser as well as monitor CSS, HTML, and JavaScript in webpages. It still has more than a million people using it, said Jan Honza Odvarko, who has been the leader of the Firebug project. Many extensions were built for Firebug, which is itself is an extension to Firefox... The goal is to make debugging native to Firefox. "Sometimes, it's better to start from scratch, which is especially true for software development," Odvarko said.

Mozilla has announced deeper partnerships with Microsoft, Google, Samsung, and web standards body W3C to create cross-browser documentation on MDN Web Docs, a web development documentation portal created by Mozilla. From a report: MDN Web Docs first came to fruition in 2005, and it has since been known under various names, including the Mozilla Developer Network and Mozilla Developer Center. Today, MDN Web Docs serves as a community and library of sorts covering all things related to web technologies and standards, including JavaScript, HTML, CSS, open web app development, Firefox add-on development, and more. The web constitutes multiple players from across the technology spectrum and, of course, multiple browsers, including Microsoft's Edge, Google's Chrome, Mozilla's Firefox, and the Samsung Internet Browser. To avoid fragmentation and ensure end-users have a (fairly) consistent browsing experience, it helps if all the players involved adhere to a similar set of standards.

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.
The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.

Now that it is evident that Microsoft doesn't see any future with Windows Phone (or Windows 10 Mobile), it has become clear that there is no real, or potential competitor left to fight Android and iOS for a slice of the mobile operating system market. Mozilla tried Firefox OS, but that didn't work out either. BlackBerry's BBOS also couldn't find enough taker. Ideally, the market is more consumer friendly when there are more than one or two dominant forces. Do you think some company, or individual, should attempt to create their own mobile operating system?

An anonymous reader quotes a report from Bleeping Computer: Mozilla announced today plans to stop all support for the Firefox browser on Windows XP and Vista in June 2018. Earlier this year, Mozilla already moved Firefox users on XP and Vista machines to the Firefox 52 ESR (Extended Support Release). The move of XP and Vista users to Firefox ESR was previously announced in December 2016, when Mozilla also said it would provide a final answer on Firefox support for XP and Vista in September 2017. Well, that date has arrived (and passed), and after an internal review, Mozilla announced it would sunset all support for Firefox on the two Windows platforms. Mozilla joins Google, who dropped support for XP and Vista back at version 50, released in April 2016. Microsoft has stopped XP and Vista support in April 2014 and April 2017, respectively.

Mozilla-backed researchers are working on a real-time noise suppression algorithm using a neural network -- and they want your noise! Long-time Slashdot reader jmv writes: The Mozilla Research RRNoise project combines classic signal processing with deep learning, but it's small and fast. No expensive GPUs required -- it runs easily on a Raspberry Pi. The result is easier to tune and sounds better than traditional noise suppression systems (been there!). And you can help!
From the site: Click on this link to let us record one minute of noise from where you are... We're interested in noise from any environment where you might communicate using voice. That can be your office, your car, on the street, or anywhere you might use your phone or computer.
They claim it already sounds better than traditional noise suppression systems, and even though the code isn't optmized yet, "it already runs about 60x faster than real-time on an x86 CPU."

The next version of Firefox, aptly named Firefox Quantum, is getting a big speed boost. "The idea, of course, is that the upcoming version 57 is a quantum leap over predecessors -- or, in the words of Mozilla CEO Chris Beard, a 'big bang,'" reports CNET. While Mozilla stopped short of declaring victory over Chrome, Nick Nguyen, vice president of Firefox product, said Firefox Quantum's page-load speed "is often perceivably faster" while using 30 percent less memory. From the report: The new Firefox revamp includes lots of under-the-covers improvements, like Quantum Flow, which stamps out dozens of performance bugs, and Quantum CSS, aka Stylo, which speeds up website formatting. More obvious from the outside is a new interface called Photon that wipes out Firefox's rounded tabs and adds a "page action" menu into the address bar. It also builds in the Pocket bookmarking service Mozilla acquired and uses it to recommend sites you might be interested in. A screenshot tool generates a website link so you can easily share what you see by email or Twitter. Mozilla even simplified the Firefox logo, a fox wrapping itself around the globe. More improvements are in the pipeline for later Firefox versions, too, including Quantum Render, which should speed up Firefox's ability to paint web pages onto your screen.

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."

An anonymous reader quotes the Guardian: A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on September 26 in Washington DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet... The activist groups are encouraging internet users to meet their lawmakers and tell them how a free and open internet is vital to their lives and their livelihoods...

"The FCC seems dead set on killing net neutrality, but they have to answer to Congress, and Congress has to answer to us, their constituents," said Evan Greer, campaign director for Fight for the Future, one of the protest's organisers. "With this day of advocacy, we're harnessing the power of the web to make it possible for ordinary internet users to meet directly with their senators and representatives to tell their stories, and make sure that lawmakers hear from the public, not just lobbyists for AT&T and Verizon," she said.
Monday Mozilla and the Internet Archive are also inviting the public to a free panel discussion featuring former FCC Chairman Tom Wheeler on ways the American public can act to preserve net neutrality.

An anonymous reader quotes a report from Bleeping Computer: Mozilla will drop an iconic section of its UI -- the search bar -- and will use one singular input bar atop the browser, similar to the approach of most Chromium browsers. This change will go live in Firefox 57, scheduled for release on November 14, and will be part of Photon -- the codename used to describe Firefox's new user interface (UI) -- also scheduled for a public release in v57. Mozilla engineers aren't removing the search bar altogether, but Firefox will hide this UI element by default. Users can still re-enable it by going to "Preferences -> Search -> Search Bar" and choosing the second option. The current Firefox search bar is redundant since most of its features can be performed by the URL address bar.