The IT Nerd

Firefox users should be aware that Mozilla has switched on Firefox’s tracking protection feature for everyone on Windows and Android, dialing up its effort to protect privacy from website publishers and advertisers that would like to keep tabs on your online behavior. I am guessing that this is an attempt to match the feature set found in Apple’s new Safari browser that is due in macOS 10.15. Here’s what Mozilla had to say in a blog post:

For today’s release, Enhanced Tracking Protection will automatically be turned on by default for all users worldwide as part of the ‘Standard’ setting in the Firefox browser and will block known “third-party tracking cookies” according to the Disconnect list. We first enabled this default feature for new users in June 2019. As part of this journey we rigorously tested, refined, and ultimately landed on a new approach to anti-tracking that is core to delivering on our promise of privacy and security as central aspects of your Firefox experience.

Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default. Enhanced Tracking Protection works behind-the-scenes to keep a company from forming a profile of you based on their tracking of your browsing behavior across websites — often without your knowledge or consent. Those profiles and the information they contain may then be sold and used for purposes you never knew or intended. Enhanced Tracking Protection helps to mitigate this threat and puts you back in control of your online experience.

To get this protection, you’ll need to make sure that you’re running Firefox 69 which is available now.

Coming to a future version of Firefox is Firefox Monitor which is a service that is powered by the famous Have I Been Pwned Service. The tool will allow Firefox users to enter an email address to see if their account was part of a known breach. If so, Firefox Monitor will let them know the extent of the personal data exposed, and serve up recommendations on how to secure their account. The service will go into trials next week and then roll it out to everyone if the trial is successful. Watch this space for more details.

If you run Firefox as your browser, you should update it ASAP if you’re running anything less than version 58.0.1 because of an exploit that the Cisco security team found:

A vulnerability in Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.

Mozilla has confirmed the vulnerability and released software updates.

In English, that means that an attacker can pwn you if you run Firefox on a computer with administrative rights. And by pwn I mean that they can literally do anything they want. So to avoid pwnage, make sure you’re running the latest Firefox. Do it now. You’ll thank me later.

Last week I gave you a heads up on Firefox 57 and what it does with extensions. Today, Firefox 57 which is also known as Firefox Quantum has launched. Here’s what Mozilla had to say:

When you load it for the first time, you’ll notice that it looks different. Some highlights include a unified search bar that helps you get to what you’re looking for lickity-split, navigation icons are organized on the left and the far right side is where you can find all your personal items like downloads, history, screenshots). Even better, this bold new design and intelligent menus are easy to use and look amazing on PC, Macs, phones or tablets.

The new Firefox runs fast thanks to hundreds of performance improvements. This means that Firefox Quantum is 2 times faster and uses 30% less memory than Chrome, so you don’t have to sacrifice performance to use the browser backed by not-for-profit, champion for the user, Mozilla.

Great marketing. It will be interesting to see if actual users see those sorts of performance gains. You can update to it now as long as you’ve got extensions that play nice with it. Let us know via a comment how this new version of Firefox works for you.

On November 14, Mozilla will be releasing Firefox 57. It promises to be massively faster than any other Firefox that came before it because it will better leverage the hardware that you have to run faster.

However, it also brings a major change for those who use extensions to add functionality to the browser. Up until now Firefox has supported two types of extensions. The traditional legacy ones and the WebExtension ones that work more like what Chrome uses. As of Firefox 57, the browser will only support the latter. The reason for this change is that legacy extensions slow down Firefox and cause stability problems that end users often blame on Firefox. Thus Firefox becomes way more stable by taking away the ability to run legacy extensions. But it also means if you have the former installed and you happen to like them, you need to check for updates or they will stop working the second that you install Firefox 57.

My advice is that you should check Are we WebExtensions yet to see if the extensions that you use have WebExtenion versions and upgrade now to avoid some pain in a few days. But don’t be surprised if you favorite extension is missing a WebExtension version. Well known ones such as Lastpass, DownThemAll, HTTPSEverywhere and Flashblock are among the extensions that haven’t made the transition. Which is kind of odd as developers knew that this was coming for well over a year as Mozilla has been pretty public about this change. Thus if you want to be ticked off at someone, direct your outrage towards the developer and not towards Mozilla. Your other option is to remain on the version of Firefox that you’re running, but that’s a bit of a security risk as you’d be running a version that may have exploits that are patched in newer versions.

It will be interesting to see what happens when Firefox 57 ships next week. Will there be a lot of rage or will this be much ado about nothing? Stay tuned.

Here’s another reason for you to upgrade to Windows 10 if you’re still running Windows XP or Vista. Firefox, which is the last browser to support Vista and XP will drop support for those two operating systems next June:

Today we are announcing June 2018 as the final end of life date for Firefox support on Windows XP and Vista. As one of the few browsers that continues to support Windows XP and Vista, Firefox users on these platforms can expect security updates until that date. Users do not need to take additional action to receive those updates.

We strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use.

So consider this a big push for you to upgrade to a newer operating system so that you can run Firefox…. And pretty much anything else that’s out there at present. While you have six months or so before Firefox no longer supports Vista and XP, you should plan on making the move now as that would be less painful.

If your preferred browser is Firefox, make sure you’re running version 39.0.3. If you’re not, upgrade right now. Here’s why:

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.

Scary isn’t it. At least Mozilla (the people behind Firefox) reacted quickly to this. Thus all you need to do is upgrade yourself to be fully protected.