Foxy pointer

My principal browser is still Firefox. In some ways, it’s just because it’s different but it also seems to have fewer security and privacy issues than the Chromium Industrial Complex. It’s far from perfect though and a nasty use after free bug was found and fixed this week. It’s somewhat amazing that bugs like this are still found in mature pieces of software, but that is par for the course. It’s easy to forget to set a pointer to NULL after you are done with it and, in a huge codebase, easy to overlook.

Read More

Boxed Browsers are Better

TechRepublic has some nice things to say about Firefox 95 and it’s RLBox technology. I talked about it the other day. It isn’t a fix for all possible browser security issues it is a step in the right direction to insulate the browser from problems in software supply chain and keep the baddies at bay. In general, TechRepublic likes Firefox so the positive press isn’t too surprising, but it’s good to see Firefox get some coverage for making important security improvements.

Read More

Fox in a box

One of the new features in Firefox 95 is component sandboxing in RLBox. The idea is to provide some level of protection across functional boundaries within the application. This is done by using WebAssembly to create a sandbox where modules can be called without exposing the memory space to attacks. It’s an interesting concept and the documentation on the RLBox site describes it quite well. I haven’t used Firefox 95 for long, but it doesn’t seem to have had any deleterious effects.

Read More

Firefox: I'm not dead yet

Firefox, my browser of choice, just released a new version. I’ve been running it and it seems nice. There are some nice new cookie management features and more HTTPS coverage in private windows. All good and claimed to be 10-20% faster (I haven’t noticed). Although I don’t run Firefox on Windows, the new Windows SSO feature seems very useful. The real problem is the decreasing market share. Despite some lackluster marketing efforts, Firefox is losing users at a pretty good clip.

Read More

He's dead Jim

Firefox is the last browser to remove FTP support pretty much killing widespread use of this rather insecure protocol. This is bittersweet as I got my start on the Internet using FTP and Gopher to download data for economic analysis in the early 1990s. But the Internet was much different then and I applaud the push for encryption everywhere. With tools like Let’s Encrypt there is really no reason to have any uncrypted traffic on the Internet.

Read More

Block it like a lineman

Although I’m in the minority, my go-to browser is Firefox. One of the chief reasons is privacy. Firefox is usually the leader in introducing privacy features into their browser. The recent introduction of SmartBlock is an example of that. Basically, it short-circuits third-party tracking scripts. This allows pages to use those scripts to work properly without actually passing information. One of the arguments against Firefox is that it is slow (which isn’t really true).

Read More

Firefox FTW

I try to maintain my privacy as much as possible online. I recognize there are limits to what we can reasonably do, but one of the easiest things to do is switch to Firefox. Chrome is a very nice browser, but I’ve switched to Firefox for all of my personal web use. I do sometimes use Chrome on my work computer as it is a “requirement” for some of the apps we use.

Read More