Firefox 29 Launches With Major Redesign, Firefox Account Integration

[JSixpack]

TV seems to be loading quicker today, perhaps nothing to do with the update but...............

V.29 is faster. Nothing earthshaking, but welcome.

[MJCM]

After installing FF 29, it somehow messed up my localstore.rdf (which is where FF stores customized data on the interface, such as toolbar customizations, window positions and sizes, and tree sort orders.

After a restore of a backup of this file, I couldn't get Firefox (in a new window) to get the screen Maximized without losing the "status bar" <- Where it says "waiting for Thaivisa .... " and more importantly the "Find" box.

This was the same after creating a new / empty profile.

Finally I managed to solve this by manually editing the localstore.rdf file (when FF is closed) and adding / changing this

The other problem I had was that for some extensions I use, I had to edit install.rdf and change the Maxversion to 29.0.

Edited April 30, 2014 by MJCM

[DaveBKK]

I'm still with FF 19. Made it look like FF 3, 5 with taps below, not on top. It is a slow cold starter and it uses too much RAM with more than 10 taps open , but it is stable , more than fast enough , speed is more a factor of internet speed (thailand !!) and the server of the requested site than how fast FF can load on my screen.

No security problems . No intentions to update to a newer version , certainly after what I just read about this new one.

Why is everybody so obsessed with updates or newer versions?

New is rarely better.

Actually if you are using Firefox 19 you are wide open to some pretty serious vulnerabilities and attacks. See here: http://www.pcmag.com/article2/0,2817,2416357,00.asp

Sent from my iPad using ThaiVisa app

Edited April 30, 2014 by DaveBKK

[wandasloan]

With security vulnerabilities like Heartbleed that rendered SSL ineffective, and Mozilla's history of buggy releases, you'd have the be very brave, very stupid, or not do anything important online (like banking or shopping) before you'd let your passwords be sent up to their cloud...

You almost got it, and then failed.

Password thefts, certainly including Heartbleed, has nothing to do with what YOU do with passwords (so far). Mozilla, Google, Apple and all the rest of the cloud storage of personal information has been fine. Password theft, certainly including Heartbleed (again) happens at the place you USE the passwords (the store, the internet company, the bank, the tax man) and not at the cloud site you personally use. To this moment, your own computer is a far, far more dangerous place to store passwords than the Mozilla cloud.

As you say, not doing anything important online would give you a very good boost in security. You'd still be vulnerable but not SO vulnerable. The problem is that shopping and banking online is very convenient and helps our quality of life. Security is always a tradeoff, because ....

The only secure computer system in the world is unplugged, locked in a vault at the bottom of the ocean and only one person knows the location and combination of that vault. And he is dead.

- Bruce Schneier, in "Applied Cryptography"

Actually if you are using Firefox 19 you are wide open to some pretty serious vulnerabilities and attacks.

Also, except for people who can't read this because they never access the internet, if you do not use Firefox 19, you are wide open to some pretty seriious vulnerabilities.

.

Edited April 30, 2014 by wandasloan

[IMHO]

With security vulnerabilities like Heartbleed that rendered SSL ineffective, and Mozilla's history of buggy releases, you'd have the be very brave, very stupid, or not do anything important online (like banking or shopping) before you'd let your passwords be sent up to their cloud...

You almost got it, and then failed.

Password thefts, certainly including Heartbleed, has nothing to do with what YOU do with passwords (so far). Mozilla, Google, Apple and all the rest of the cloud storage of personal information has been fine. Password theft, certainly including Heartbleed (again) happens at the place you USE the passwords (the store, the internet company, the bank, the tax man) and not at the cloud site you personally use. To this moment, your own computer is a far, far more dangerous place to store passwords than the Mozilla cloud.

As you say, not doing anything important online would give you a very good boost in security. You'd still be vulnerable but not SO vulnerable. The problem is that shopping and banking online is very convenient and helps our quality of life. Security is always a tradeoff, because ....

The only secure computer system in the world is unplugged, locked in a vault at the bottom of the ocean and only one person knows the location and combination of that vault. And he is dead.

- Bruce Schneier, in "Applied Cryptography"

Actually if you are using Firefox 19 you are wide open to some pretty serious vulnerabilities and attacks.

Also, except for people who can't read this because they never access the internet, if you do not use Firefox 19, you are wide open to some pretty seriious vulnerabilities.

.

Heartbleed is only one if 1000's of ways your sensitive data can be compromised (including directly from your own PC). The thing is, the more sensitive data you put into the cloud, the more points of failure there are, pure and simple. Even saving your web credentials in your browser locally is a security risk you have to consider.

My point is, given Mozilla's track record of bug after bug, memory leak after memory leak (have they *ever* had a non leaky release?), would you really feel confident string your credentials in their cloud?

[noodle]

The Cloud, Cloud Storage.....would be the big building run by the NSA?

[astral]

I was dubious, but a friend gave good reports so I took the plunge

I am happy and like the cleaner image.

Maybe a little faster.

The status bar has gone but the functionality is still there, just in a different place

All I am missing is ForcastFox.

Oh yes, it still eats memory.

[MJCM]

<snip>

All I am missing is ForcastFox.

<snip>

Install version 2.2.4 from this link:

https://static.getforecastfox.com/downloads/forecastfox-latest.xpi

Though unless you've moved it from the add-on bar, it won't appear unless you also install this addon:

https://addons.mozilla.org/en-US/firefox/addon/the-addon-bar

[astral]

Thanks

It would not install yesterday, and there was no new version

That seems to be fixed.

[wandasloan]

Heartbleed is only one if 1000's of ways your sensitive data can be compromised (including directly from your own PC). The thing is, the more sensitive data you put into the cloud, the more points of failure there are, pure and simple. Even saving your web credentials in your browser locally is a security risk you have to consider.

Again, you start out great, but don't finish as well. You are totally correct there are thousands of risks to your data, and Heartbleed was an example. But it was a pretty "good" example because there was nothing we could do about it. It was between the thieves and the places where we left our passwords - stores, banks, doctor's offices, Thai Visa administration.....

My point is, given Mozilla's track record of bug after bug, memory leak after memory leak (have they *ever* had a non leaky release?), would you really feel confident string your credentials in their cloud?

So I ask you, where DO you feel confident about storing your credentials?

This is not a trick question, it's an entirely personal one. You are the only person who can answer it. Well, you and I that is.

First. The only way to be secure is not to be on the internet at all and stay away from Thai Visa and everything else. Completely. So you haven't chosen that path.

Now. You can have 1 or 7 or 14 passwords that you remember, and you can re-use them and try to remember which is which, so they are stored in your brain only. Most people can't handle this well. So they have to store passwords - credentials as you say - SOMEWHERE. They write them down - on paper, on disk, ask the browser to keep them, get password managers.... on and on.

You would have to define "confident" for me, but compared with all the available places to store my credentials, as of now, I consider a well-designed and well-known (popular) cloud storage to be the second best. I don't think Mozilla is better or worse. Saying that, I would NEVER trust my banking login, for example, to the actual browser. "Would you like me to remember that banking login?" is not a question I ever answer "yes". I don't even type in the password, let alone ask the browser to keep it for me. But Thai Visa? Sure, Firefox and Chrome can help me out by saving that one. I try to evaluate the risk at each step, all the time.

Best system that gives me the most confidence is public key encryption, using a removable disk/device/thumb drive for credential storage, and keeping it with me. Neither that or the cloud is close to failsafe, but combined with the obscurity of the individual user, they're probably okay if you keep your wits about you.

Case after case after case, I find that ALMOST all people whose personal credentials are stolen from personal storage (not from Amazon or Target or HSBC or similar) have been quite careless in a very, very basic way. They didn't encrypt or they used the same password at Thai Visa and Bangkok Bank or something along that very witless line. Hackers are kind of like house-breakers. They're always looking for the easy score, the careless victim in waiting. If you do the computer version of solid doors, bolt locks and bars on all windows, the thieves might well take a look and go to the next soi to look for flimsy doors and fibreboard window frames.

People get bots on their PCs, combing through their information and keystrokes, almost always because they are careless, thoughtless, ignorant.... They are the same people who get burgled and have their cars and motorcycles stolen. Not all. There is always a random element of luck. But usually. People whose email gets hacked usually had a password of "password" or similar. Really careful people get hacked, but in tiny numbers.

Being really careful is a layer of security.

But you seem to agree, and it is true beyond any argument nothing, I will repeat that NOTHING is secure if you connect to the internet, and that knowledge is also something you should bring to your effort to stay as safe as possible.

.

[george]

Wanda: A correction to your post above.

Thaivisa was never vulnerable to Heartbleed, for the simple reason that we didn't/don't use SSL.

[travinski]

remember when firefox used to be good? ive been using version 4 and it is much faster/better than the new ones. http://orbitaldownloads.com/firefox/

[IMHO]

I rely on my own memory for any site that stores my CC details (PayPal, Banking, some Shops - I avoid cards on file where possible), plus email and social networking. For less critical sites (like TV for example) I use the remember me option with their autogen PW, then do a password reset when they no longer can Every site gets a different PW.

You're still going too broad on this though, IMHO. Yeah sure, there are all sorts of points of failure in internet security, but giving your sensitive login credentials to a firm that has never yet been able to write code one could call even "somewhat bug-free" is just something I wouldn't do. That's akin to doing all the dumb things you highlighted.

The other thing is, normally *you* have to be the target of hackers or fraudsters in order to be compromised. In the case of storing this data in Mozilla's cloud though, *they* are the target, and what a compelling one it's going to be...

Edited May 1, 2014 by astral
Removal of long quote - Please use Reply button a the bottom

[BB1950]

<snip>

All I am missing is ForcastFox.

<snip>

Install version 2.2.4 from this link:

https://static.getforecastfox.com/downloads/forecastfox-latest.xpi

Though unless you've moved it from the add-on bar, it won't appear unless you also install this addon:

https://addons.mozilla.org/en-US/firefox/addon/the-addon-bar

There's also this add-on that I use to get the addon-bar back:

https://addons.mozilla.org/en-US/firefox/addon/new-add-on-bar/

Edited April 30, 2014 by BB1950

[chubby]

you don't need to afaic

Am I the only person who doesn't want to have to sign up for accounts and memberships just to use a browser?

[chubby]

with all due respect, Pib, most ppl are sheep

FF with lastpass, and a Yubikey , and a VPN

ever tried to use noscript on chrome, flash is not enabled in my FF, i just use chrome for anything google myself, and Ghostery on both

http://lifehacker.com/5901674/collusion-for-chrome-shows-you-where-your-personal-data-is-going-on-the-web-as-you-browse

Here's how the major browsers "worldwide" market share compare for Mar 13 - Mar 14. Chrome #1 in market share at around 44%, IE second at around 23%, FF third at around 19%, Safari fourth at 10%, and Opera fifth around 1%. Also appears IE continues its slow lost of market share and all remaining browsers gaining just a little or flat-lining.

A person can go to this link and search via area of the world/by country if desired. Link. Like in Europe Chrome is still #1 with around 41% but FF is number #2 with around 25%. When looking at the U.S. Chrome and IE are neck-and-neck, swapping who is in the lead every few months with around a 32% market share with FF around 15%. And in good ol' Thailand Chrome in the lead with 55%, IE second with 19%, FF third with 13%.

Worldwide Market Share Chart

Capture.JPG

[MJCM]

you don't need to afaic

Am I the only person who doesn't want to have to sign up for accounts and memberships just to use a browser?

+1 you definitely don't need to sign up for anything to use Firefox. It's an option, and if you don't want you don't need to.

and if you don't want to see it in your menu's add this to your userchrome.css

#menu_socialToggle { display: none !important; }

#menu_socialAmbientMenu { display: none !important; }

#sync-setup,

#sync-syncnowitem

{ display: none !important; }

Edited May 1, 2014 by MJCM

[rwdrwdrwd]

Wanda: A correction to your post above.

Thaivisa was never vulnerable to Heartbleed, for the simple reason that we didn't/don't use SSL.

Just vulnerable to more easily executed man in the middle attacks then.. http://stackoverflow.com/questions/638745/understanding-the-risk-of-non-ssl-login-forms

Another good pointer to members for the need for distinct logins to each web service, especially if you ever connect to public wifi.

Edited May 1, 2014 by rwdrwdrwd

[MJCM]

What do hackers want on Thaivisa ? Get your email address ? My guess is that my email address I use for Thaivisa is already in the hands of 10 spam lists or more.

All data you type in Thaivsa is already publicly available. Do the following search and you know what for example Google knows about yourself

site:thaivisa.com/forum rwdrwdrwd

But this one

Another good pointer to members for the need for distinct logins to each web service, especially if you ever connect to public wifi.

Is always a good idea, and not only when you use Public Wifi.

Edited May 1, 2014 by MJCM

[rwdrwdrwd]

What do hackers want on Thaivisa ? Get your email address ? My guess is that my email address I use for Thaivisa is already in the hands of 10 spam lists or more.

All data you type in Thaivsa is already publicly available. Do the following search and you know what for example Google knows about yourself

site:thaivisa.com/forum rwdrwdrwd

The primary danger is if somebody happens to have used the same username and password for access to another, more lucrative service (like their email), it is quite easily possible for other users on the network to intercept login credentials in plain text when login forms or their handlers are located on non secure pages.

http://lifehacker.com/5853483/a-guide-to-sniffing-out-passwords-and-cookies-and-how-to-protect-yourself-against-it

Edited May 1, 2014 by rwdrwdrwd

[MJCM]

That's what I said in the 2nd part which you conveniently forgot to quote

Edited May 1, 2014 by MJCM

[rwdrwdrwd]

That's what I said in the 2nd part which you conveniently forgot to quote

I quoted your original post, before you made the edit.

Also, you questioned what a hacker would want to access and seemingly misunderstood the intent of my post to mean simply access to emails and post content. I wanted to clarify that it means full login details are vulnerable.

Glad you agree that having distinct credentials is a good thing though.

Edited May 1, 2014 by rwdrwdrwd

[MJCM]

[Tywais]

So far it seems OK to me and am running on both my computers now. The only thing I didn't like and that is the color and lack of delineation between the tabs. Non selected tabs had no border. I use tab mix plus and can completely control the colors and borders separating the active tab, non active, font color/type. Now it is the way I like it.

[KittenKong]

29 seems to be quite good and is somewhat faster than 28. Though 28 was also faster when first installed than it was after some use (even a "factory reset" didn't alter that).

Even Flash seems to work better on 29.

[JSixpack]

Did Mozilla jump the shark with Firefox 29?

[MJCM]

Look here https://input.mozilla.org/en-US/?date_start=2014-01-31&selected=90d

And then the massive spike on April 7th which is even bigger then the spike with FF 29.

Anyone knows what was going on then ?

It wasn't the release of FF 28, because that was released on 17-3-2014 (https://wiki.mozilla.org/RapidRelease/Calendar)

Heartbleed ??

[astral]

Thanks Tywais

Tab Mix works a treat.

[noodle]

FF29 installed itself today even though I had chosen the selection to advise of updates but not install.

So I installed Classic Theme restorer which fixes the tabs.

Now I can't find a way to get the reload button out of the address bar and back to where it was. Anyone found a way to do this?

Edited May 1, 2014 by noodle

[Tywais]

Thanks Tywais

Tab Mix works a treat.

Glad to help. Been using it about as long as I've been using FF as FF doesn't give you much look and feel control of the tabs.