- - - - - -

web hosting

 

A+ R A-

Latest Firefox update: Firefox 71 plays picture-in-picture catch-up

  • Category: IT News
  • Published: Tuesday, 10 December 2019 09:38
  • Written by Chuks Obinnwa
  • Hits: 117

Firefox finally gets a picture-in-picture option for streaming video and continues to work toward release of its "Firefox Private Network" (FPN), which provides access to a VPN-like service.

 
TABLE OF CONTENTS

Mozilla this week released Firefox 71, touting a picture-in-picture video mode and new ways to preview a VPN (virtual private networking) service that will be offered to customers next year.

Security engineers included patches for 11 vulnerabilities, six marked "High," the second-most-serious threat rating. None were tagged "Critical." Some of these flaws might be exploitable by cyber criminals, Mozilla said. "This could have caused heap corruption and a potentially exploitable crash," the firm noted of one vulnerability, labeled CVE-2019-11745.

Firefox 71 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or describes the refresh process.

 
 

Mozilla refreshes Firefox every six to eight weeks; it last upgraded the browser Oct. 22.

PiP PiP, and all that

Mozilla trumpeted a new Picture-in-Picture (PiP) mode within Firefox 71. "Picture-in-Picture allows a video to be contained in a separate and small window, and still be viewable whether you switch from tab-to-tab or outside the Firefox browser," wrote Marissa Wood, vice president of product, in a Dec. 3 post to a company blog._

Although PiP was available only in Windows' version of Firefox 71, the feature will be baked into the next upgrades for macOS and Linux, Mozilla said. Currently, Firefox 72 has been pegged with a Jan. 7 release date.

(If that January ship date for Firefox 72 seems earlier than it should, it is. In September 2019, Mozilla announced it would speed up Firefox releases by reducing the interval between upgrades. Starting with Firefox 74, set to debut March 10, the interval will drop to just four weeks. Mozilla will shorten the interval in steps; the six-week stretch between Firefox 70 and 71 will be reduced to five weeks between 71 and 72, and between 72 and 73.)

Not every video will play in PiP; those that do will display a small blue-backed "Picture-in-Picture" when the mouse cursor is hovered over the image. Clicking on that message deposits a frame on the desktop, video inside. The frame can be moved and resized at will.

Firefox pip
 
Firefox

Firefox 71 debuts Picture-in-Picture (PiP), letting users pull video off a tab so that viewing can continue even when working in another tab or application. 

And as Wood mentioned, the video is independent of the tab from which it spawned; that tab does not need to remain active and, in fact, the user can step outside the browser to another application's window and the video will continue.

Firefox is somewhat late to the PiP party. Apple's Safari now has PiP - as of the October upgrade, macOS Catalina - and Google's browser has had it since Chrome 70 (an October 2018 upgrade). But Firefox's implementation is significantly easier to use than Chrome's, which required two right-clicks to initiate in Windows (and Computerworld was never able to successful call up PiP in Chrome on macOS).

Testing, testing of services

Other than PiP, Mozilla's other Firefox 71 area of attention is further testing of its "Firefox Private Network" (FPN), the browser extension the company released in September. FPN accesses a VPN-like service that encrypts browser-to-site-and-back traffic and was free to Firefox Account holders in the test phase that kicked off then. Website security vendor Cloudflare provided the proxy server for FPV.

That September offer, however, has been shuttered.

Instead, a second testing phase launched alongside the debut of Firefox 71. Like the first, this "limited-time free service" relies on the FPN add-on to encrypt to-and-from-browser transmissions but comes with a major restriction: Usage tops out at 12 hours each month.

After signing up for the free deal, users are given a dozen passes, each good for an hour of encrypted traffic. "To claim a pass, simply turn Private Network on," the beta's explanatory page stated. "Use Firefox as usual, and your browsing will be encrypted and sent through a proxy service provided by our trusted partner Cloudflare. Passes expire after one hour, even if you turn Private Network off. You'll receive 12 new passes at the beginning of each month."

Mozilla suggested that users switch on FPV (and so use one of the month's 12 passes) when relying on a public network, such as at a coffee shop or an airport.

As an alternative, Firefox users can request an invitation to a full VPN service, which for $4.99 month encrypts traffic to and from up to five devices. Mozilla called this a "paid beta." The VPN service uses servers around the globe controlled by Mullvad, a Swedish VPN that sells its services for €5 per month. Initially, the Firefox offer only applies to users running Windows 10, although Mozilla said, "other platforms coming soon."

Mozilla has struggled to create non-search related revenue streams - in 2018, the vast bulk of its income came from deals that put various search engines as the Firefox default - and this effort is the second time the organization has tapped a paid VPN as one solution.

Elsewhere in Firefox 71, Mozilla added a "kiosk" mode for businesses and the browser now notifies users when Enhanced Tracking Protection (ETP) blocks cryptominers.

 

Firefox 70

Mozilla on Tuesday upgraded Firefox to version 70, enhancing its anti-tracking technology with new blockers that automatically stymie social media trackers and compiling reports so users can see what spying the browser has stopped.

Security engineers at Mozilla also included patches for 13 vulnerabilities, one marked "Critical" and three marked "High," the organization's two top threat ratings. The critical flaw was described as "memory safety bugs," a label that's present in virtually every Firefox upgrade's patch list. "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code," Mozilla wrote in the accompanying security advisory.

Firefox 70 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or describes the refresh process.

Mozilla updates Firefox every six to eight weeks; it last upgraded the browser on Sept. 3.

Stops trackers from Twitter, Facebook, LinkedIn

Mozilla amped up its assault on trackers, the bits and pieces in websites and on pages that collectively allow advertisers — primarily but not exclusively them — to watch where users go on the web in an effort to piece together profiles, which in turn are used to deliver advertisements that, theoretically at least, should be more appealing and likely to trigger a purchase.

On the heels of Firefox 69, which switched on Enhanced Tracking Protection (ETP) for all users, Mozilla this version added trackers from several social media giants — Facebook, Twitter and the jobs-related LinkedIn (owned by Microsoft) — to the browser's block list.

"Social networks place trackers on other websites to follow what you do, see, and watch online," Mozilla wrote. "This allows social media companies to collect data about your browsing history and improve their ad targeting."

Users can set social media blockers at two strength levels — Standard (the default) and Strict — just as they can blockers for other classes of trackers.

Privacy report card

Firefox 70 also introduced a basic privacy report that describes the number of times the browser blocked a tracker — broken down by cross-site, social media, fingerprinter and cryptominer categories — over the past week with totals segregated by day.

The report also displays the number of email addresses monitored for inclusion in publicly-known data breaches, the number of those breaches and how many passwords were leaked in those hacks. (The data comes from Firefox Monitor, which Mozilla introduced a year ago.)

To access the report, click the shield-like icon in the address bar — it's at the far left of the bar — then select "Show Report" from the drop-down menu. Or type about:protections in the address bar and hit Enter to bring up the report.

firefox70 privacy report
 
IDG

The new privacy report card breaks down the trackers Firefox has blocked over the past week. But it also keeps tabs on the total tally since Sept. 3, when Mozilla switched ETS on for everyone.

Mozilla has ulterior motives in pushing the report. The more impressed users are by the report's totals — particularly the number of blocked trackers, cookies and content both — the more likely they are to stick with Firefox and recommend it to others.

Firefox has held on for the last two months in the fight over user share, but it's still in the sub-9% cellar. Mozilla has banked on its privacy work, notably ETP, to bring in new users (or bring back deserters), so the only surprise is that it waited until now to debut a report lauding its accomplishments.

Lock 'em up, Danno!

During the summer, Mozilla started showing off a built-in Lockwise password manager in an under-baked preliminary version of Firefox 70. In that same preview, Mozilla demonstrated how Lockwise worked alongside its already-available Firefox Monitor, a service that provides warnings to users when their saved passwords have been revealed by a data hack.

The release version of Firefox 70 puts the two — the Lockwise password manager and the Monitor password revelation tool — in the hands of all users. And almost the way Mozilla outlined it earlier.

While Lockwise will crank out a password for the user when she creates a new account on a site, it's not possible to ask the manager to craft one of those very strong passwords for an existing, stored account. That's a pity, because that feature comes in handy in a third-party password manager when its user is told — because of a data breach, for instance — to change a password. And make it strong while they're at it.

Other parts of Lockwise, notably those that come courtesy of the marriage between Lockwise and Firefox Monitor, are there, said Mozilla, but not testable because Computerworld couldn't come up with an account revealed by a breach. The collaboration as described sounds slick: Exposed accounts are to be marked on the Lockwise page with both an icon in the list on the left and with a more prominent note in the main section on the right. (A Mozilla video shows how it's supposed to look and work.)

One bit that was planned for the merger between Lockwise and Monitor — the ability to sort accounts so that revealed-by-hack usernames and passwords would be at the top of the list — didn't make the cut with Firefox 70, as it was absent in the version pushed to users Oct. 22.

Elsewhere in Firefox 70, Mozilla claimed that it significantly reduced the browser's power consumption on macOS (and published a technical thicket of a piece explaining that).

The next version, Firefox 71 — and the last of the year — should launch Dec. 3.

 

Firefox 69

Mozilla on Tuesday released Firefox 69 with the browser's anti-tracking technology switched on by default for all users.

The organization's security engineers also patched 20 vulnerabilities, one tagged "Critical" and 11 marked "High," the organization's two top threat ratings. The single critical flaw only affected Windows, Mozilla said in its patching commentary.

Firefox 69 can be downloaded from Mozilla's site for Windows, macOS and Linux. Because it updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or explains the refresh process.

Mozilla updates Firefox every six to eight weeks; it last upgraded the browser on July 9.

You get ETP and you get ETP and ...

Mozilla first turned on Enhanced Tracking Protection (ETP) in June, but at the time limited the setting to new-to-Firefox users. However, existing customers could flip the ETP switch themselves using the Preferences screen.

With Firefox 69, Mozilla has enabled ETP for all users. By default, "Content Blocking" — the feature's name in Firefox's Preferences — is set to "Strict," the strongest protection available. Users can reset that to "Standard" or "Custom," or even turn off everything by clearing all choices in the latter.

Mozilla said that prior to Firefox 69's debut, more than 20% of all Firefox users had ETP engaged, signaling that a significant number of existing users had manually enabled ETP in the past three months. "With today's release, we expect to provide protection for 100% of our users by default," wrote Marissa Wood, vice president of product at Mozilla, in a Sept. 3 post to a company blog.

ETP has taken a crooked road to release. Tracing its linage to 2015's "Tracking Protection," Mozilla got serious about the concept two years ago, when it broke the technology out of the private-browsing bubble. In October 2018, it named the feature ETP and set Firefox 65, slated to release in January 2019, as the on-by-default target. Problems persisted, however — in several instances Mozilla said the technology was breaking too many sites — and delays were inserted for more testing. Finally, Mozilla used a "soft opening" for ETP in June, limiting the automatic on-by-default to new users as a final quality control check.

Wood spelled out additional information about ETP in her Tuesday post.

screen shot 2019 09 03 at 5.32.33 pm
 
Mozilla

All Firefox users now have the browser's anti-tracking feature switched on, set to the strongest protection. Changes can be made in the Preferences pane.

Block this, block that

Also in Firefox 69, Mozilla's developers enhanced the choices for autoplay, the habit by sites to immediately start playing video on the computer screen and blasting audio from its speakers.

Firefox has automatically blocked autoplay of audio since March and version 66. Video with accompanying audio was also stopped from playing. But if a video provider muted the audio, Firefox let the former play. With Firefox 69, users can select "Block Audio and Video" to stop such video from automatically playing.

That setting is at Preferences > Privacy & Security > Permissions > Autoplay > Settings > Default for all websites.

This version of Firefox also took the next step in Mozilla's kill-Flash process.

The browser lost the "Always Activate" option for Flash, meaning that every request to run the player software must be user approved. From this point forward, the only settings are "Ask to Activate," the default, and "Never Activate."

This move was previously announced by Mozilla (check out the "Plugin Roadmap for Firefox" here) and should be the last step before all Flash support is yanked from non-enterprise copies. (The Extended Support Release, or ESR, will continue to support Flash until the end of 2020.)

The next version of the browser, Firefox 70, should release Oct. 22.

 

Firefox 68

Mozilla on Tuesday released Firefox 68 for Windows, macOS and Linux, packing more insights into the browser's add-ons and adding a slew of new group policies that enterprise IT administrators can use to better manage the browser.

Mozilla's security engineers also patched 21 vulnerabilities, two labeled "Critical" and four marked "High," the organization's top two threat ratings. "We presume that with enough effort that some of these could be exploited to run arbitrary code," Mozilla reported in one advisory.

Firefox 68 can be downloaded from Mozilla's site. Because it updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or explains the refresh process.

Mozilla updates Firefox every six to eight weeks; the last time it upgraded the browser was May 21.

Mozilla now recommends add-ons

Among the few noticeable changes to Firefox as of version 68, Mozilla trumpeted those affecting the browser's add-ons — "extensions" in its terminology — that historically were one of its biggest weapons.

"We curated a list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness," wrote Marissa Wood, vice president of product at Mozilla, in a post to the firm's blog.

Earlier this year, Mozilla announced it would try to make add-ons more secure, saying it was launching an effort to "secure the extension ecosystem to better fulfill our brand promise of security and privacy for Firefox users."

Firefox 68 recommended add-ons
 
Mozilla

Within Firefox 68, Mozilla will recommend add-ons it believes the user will like, based on telemetry sent from the browser.

There's no reason to doubt Mozilla's sincerity, but the outfit must also be wondering how to restore Firefox's reputation related to add-ons. When it shifted technologies, and demanded extension developers rewrite their work, that reputation suffered as some add-ons vanished. It didn't help that Chrome continued to gain not only user share by leaps and bounds, but also grew the count of its browser extensions.

Banging the drum with recommendations is one way to again trumpet Firefox through add-ons.

Recommended add-ons are tagged with a special badge in the official add-on mart and are posted below the already-installed extensions in Firefox's add-on manager. "Some of these recommendations are personalized," claimed a note in the manager after upgrading to version 68. "They are based on other extensions you've installed, profile preferences, and usage statistics."

Mozilla knows the above from the telemetry Firefox transmits from users to the company's servers.

In documentation about the feature, Mozilla made clear that there's no pay-for-play involved in the add-on recommendations. "Extension developers cannot pay for placement in the recommendation program, and Firefox does not receive any compensation as a result of this process," Mozilla stated.

Also new to add-ons in Firefox 68: a way to report suspiciously malicious extensions, those that alter settings without permission or fly a false flag by claiming to be something they aren't. In the add-on manager, users can now select "Report" from the same menu where they've long found "Disable" and "Remove."

More enterprise policies

Another area of Firefox 68 that Mozilla emphasized involves group policies for IT managers. Enhancements to policies — and thus the browser's suitability to enterprise use — were linked to the simultaneous release of Firefox ESR (Extended Support Release) 68, the version which stresses stability over sexy new features.

Unlike the standard Firefox, ESR receives only security updates during its tenure. (Prior to this week, the current ESR was based on Firefox 60, which debuted in early May 2018.) Every 14 months, Mozilla replaces the existing ESR with the then-current Firefox, then maintains both the old and new ESR versions during a multi-month overlap. Firefox ESR 60's support overlap with ESR 68 began July 9, when the latter launched, and will end Oct. 22, when that date's security patches will not be provided for the former.

"Today we're adding a number of new enterprise policies for IT leads who want to customize Firefox for their employees," said Mozilla's Wood.

Among the new policies are ones that will allow administrators to remove the new tab page (NewTabPage) — perhaps to replace it with the business's own intranet — and set and lock the downloads destination (DownloadDirectory) to comply with company guidelines of depositing files in the cloud, say.

A list of all policies supported by Firefox is available here, on GitHub; searches using 68 will find those new to this ESR. (The Firefox ESR 68-only policies are also listed at the top of this GitHub page.)

The next version of the browser, Firefox 69, should release Sept. 3.

Credit: Gregg Keizer, Computerworld

previous arrow
next arrow
Slider
Has no item to show!


Emex Place

Login

Remember Me

       

Site Traffic

132003
Today
Yesterday
This Week
Last Week
This Month
Last Month
All days
157
373
157
128221
9071
17746
132003

Your IP: 35.175.201.14
2020-01-19 06:25