An anonymous reader writes: Mozilla today launched Firefox for iOS worldwide. You can download the new browser for iPhone, iPad, and iPod touch now directly from Apple's App Store (iOS 8.2 or later required). Until today, Firefox for iOS was available as a public preview, and only in New Zealand. Also at Ars Technica.

digitalPhant0m writes: Six years ago today the Go language was released as an open source project. Since then, more than 780 contributors have made over 30,000 commits to the project's 22 repositories. The ecosystem continues to grow, with GitHub reporting more than 90,000 Go repositories. And, offline, we see new Go events and user groups pop up around the world with regularity And Opensource.com notes that Mozilla Firefox has just hit 11 years of age, too.

An anonymous reader writes: Mozilla today launched Firefox 42 for Windows, Mac, Linux, and Android. Notable additions to the browser include tracking protection, tab audio indicators, and background link opening on Android. The new private browsing mode goes further than just not saving your browsing history (read: porn sites) — the added tracking protection means Firefox also blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web, and it works on all four platforms. The feature is almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through.

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

Mark Wilson writes: With Apple embracing ad blocking and the likes of AdBlock Plus proving more popular than ever, content blocking is making the headlines at the moment. There are many sides to the debate about blocking ads — revenue for sites, privacy concerns for visitors, speeding up page loads times (Google even allows for the display of ads with its AMP Project), and so on — but there are no signs that it is going to go away. Getting in on the action, Mozilla has set out what it believes are some reasonable principles for content blocking that will benefit everyone involved. Three cornerstones have been devised with a view to ensuring that content providers and content consumers get a fair deal, and you can help to shape how they develop.

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the OpenIndiana.org release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

An anonymous reader writes: Mozilla launched Firefox 41 yesterday. Today, Adblock Plus confirmed the update "massively improves" the memory usage of its Firefox add-on. This particular memory issue was brought up in May 2014 by Mozilla and by Adblock Plus. But one of the bugs that contributed to the problem was actually first reported on Bugzilla in April 2001 (bug 77999).

We mentioned a few months back Microsoft's beta of a browser-based intrerface to Skype. Now, reports Engadget, Skype will be able to work without a plug-in (as was required for the beta). However, it will work -- at least at first -- only with Microsoft's Edge browser. The latest Windows 10 Insider Preview build comes with Object RTC API. That's the element that allows real-time audio and video communication without the need for any installation not just for Skype for Web and Outlook.com, but also for other WebRTC-compatible services. To note, Chrome, Firefox and Safari all support WebRTC standards, but it's unclear if and when Skype will enable a plug-in-less experience for those browsers, as well.

New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false google.com cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)

An anonymous reader writes: The next browser battle is upon us. Edge has been out for more than a month, and its two biggest competitors have received significant updates: Chrome 45 and Firefox 40. This article puts all three through their paces, and each manages to win a few tests. Edge convincingly won the JetSteam and SunSpider JavaScript benchmarks, while also eking out a victory in Google's Octane test. Chrome was victorious in Mozilla's Kraken benchmark for JavaScript performance, while also edging out Firefox in HTML5Test and the Oort Online WebGL test. Firefox won the WebXPRT test that combines HTML5 and JavaScript performance, and also the Peacekeeper test for general browser performance. There's no clear dominant browser for performance, and none of the three are obvious laggards, either. Browser competition seems to be in a good place right now.

An anonymous reader writes: With all the recent brouhaha about Windows 10 privacy violations and forced updates, I'm one of those that wants to thank Microsoft very gently, while taking it by the hand, and slamming the door behind it for good. Fortunately for me, I don't use any special software that is tied to Windows, except games, of course. One program I would really miss though is Total Commander file manager, which is basically my interface to the whole OS. So, I know there are Linux alternatives, but which one is the best? Also, I currently use PaleMoon fork of Firefox as my main browser, but there doesn't seem to be a Linux variant. What other software would you want to transplant to Linux, if any?

darthcamaro writes: Mozilla today publicly announced that secured areas of bugzilla, where non-public zero days are stored, were accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. They say, "We believe they used that information to attack Firefox users." The whole hack raises the issue of Mozilla's own security, since it was a user password that was stolen and the bugzilla accounts weren't using two-factor authentication. According to Mozilla's FAQ about the breach (PDF), "The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013."

msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.

Yes, it's 3-D, and works with the Firefox browser. But that's not all. The MozVR virtual reality system is not just for Firefox, and it can incorporate infrared and other sensors to give a more complete picture than can be derived from visible light alone. In theory, the user's (client) computer needs no special hardware beyond a decent GPU and an Oculus Rift headset. Everything else lives on a server.

Is this the future of consumer displays? Even if not, the development is fun to watch, which you can start doing at mozvr.com -- and if you're serious about learning about this project you may want to read our interview transcript in addition to watching the video, because the transcript contains additional information.

Mozilla announced yesterday a few high-level changes to the way Firefox and Firefox extensions will be developed; among them, the introduction of "a new extension API, called WebExtensions—largely compatible with the model used by Chrome and Opera—to make it easier to develop extensions across multiple browsers." (Liliputing has a nice breakdown of the changes.) ZDNet reports that at the same time, "Mozilla will be deprecating XPCOM and XUL, the foundations of its extension system, and many Firefox developers are ticked off at these moves."

An anonymous reader writes: Starting on September 1, Amazon will no longer support Flash across its advertising platform. The online retailer sites changes to browser support and a desire for customers to have a better experience as their reasons for blocking it. Google has been quite active recently in efforts to kill Flash; the Chrome beta channel has begun automatically pausing Flash, Google has converted ads from Flash to HTML5, and YouTube uses HTML5 by default now as well. Safari and Firefox also place limits on Flash content. Is Flash finally on its way out?

An anonymous reader writes: Today Mozilla announced some big changes to its extension support. Their new addon API, WebExtensions, is mostly compatible with the extension model used by Chrome and Opera. In short, this means we'll soon see cross-platform browser extensions. They say, "For some time we've heard from add-on developers that our APIs could be better documented and easier to use. In addition, we've noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors."

vivaoporto writes: Clint Ruoho reports on gnu.gl blog the process of discovery, exploitation and reporting of multiple vulnerabilities in Pocket, the third party web-based service chosen by Mozilla (with some backslash) as the default way to save articles for future reading in Firefox. The vulnerabilities, exploitable by an attacker with only a browser, the Pocket mobile app and access to a server in Amazon EC2 costing 2 cents an hour, would give an attacker unrestricted root access to the server hosting the application.

The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password. With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access. All the vulnerabilities were reported by the researcher to Pocket, and the disclosure was voluntarily delayed for 21 days from the initial report to allow Pocket time to remediate the issues identified. Pocket does not provide monetary compensation for any identified or possible vulnerability.

An anonymous reader writes: Firefox's privacy mode stops your computer from keeping track of where you've browsed, but it doesn't do anything about external tracking. A new feature just rolled out to the Developer Edition and the Aurora channel now actively tries to block online services from tracking you. "Our hypothesis is that when you open a Private Browsing window in Firefox you're sending a signal that you want more control over your privacy than current private browsing experiences actually provide." The feature uses a blocklist maintained by Disconnect.me to stop you from navigating to sites known to log your personal data.