Firefox

I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can't find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?

Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don't know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it's (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface."

On a side-note, they also say about Firefox's current Site Isolation on desktop being weaker, which I wasn't aware of. "Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole."

YouTube has worked fine for me using Firefox with Ublock Origin, with no lag, notifications telling me to turn off ad blocking, or any of the other issues users have reported here.

Hi, Once in a while I try to clean up my tabs. First thing I do is use "merge all windows" to put all tabs into one window.

This often causes a memory clog and firefox get stuck in this state for 10-20 minutes

I have recorded one such instance.

I have tried using the "discard all tabs" addon, unfortunately, it is also getting frozen by the memory clog.

Sometimes I will just reboot my PC as that is faster.

Unfortunately, killing firefox this way, does not save the new tab order, so when I start firefox again, it will have 20+ windows open, which I again, merge all pages and then it clogs again !

So far the only solution I have found is just wait the 20 minutes.

Once the "memory clog" is passed, it runs just fine.

I would like better control over tab discard. and maybe some way of limitting bloat. For instance, I would rather keep a lower number of undiscarded youtube that as they seem to be insanely bloated.

In other cases, for most website I would like to never discard the contents.

In my ideal world, I would like the tabs to get frozen and saved to disk permanently, rather than assuming discard tabs can be reloaded. As if the websites were going to exist forever and discarding a tab is like cleaning a cache.

I use it all the time and have for years. Just seems like a weird feature to lock behind about.config and say it's not supported while they still support things like Pocket.

Celebrating #Firefox’s 20th birthday! 😍

Now at #MozFest ❤️🚀

@firefox @mozilla

Hi, recently Firefox (technically Librewolf) presents me with weird whitespace as in the image. I tried to search for something similar, and I did find some post, suggesting I'll edit my font configs (in settings), but this has no effect. I tried to also open in incognito mode or disabled all my plugins or even create a new profile on my machine, but the spacings are always like this. On proper firefox, I don't see this issue.

Any idea?

I seeked into the API in order to write a plugin for myself. In order to aid my workflow I need to listen to two keystrokes closely followed.

Apparently there are only hacks available. I want to fire-and-forget about my plugin as long as the API to command firefox stays consistent.

I did not attempt to write any code (and any JS code, honestly that is) yet. Simply because I did not get that requirement addressed by the official API /& documentation.

Recompiling firefox would be the least favorable option; But I would still be hooked if it would enable me to observe keystrokes on my own.

As an practical example: Pressing Shift two times in sequence and within 100 ms should enable me to eat the event.

cross-posted from: https://mander.xyz/post/13981542

As Original forget we not is archived now Without giving sync functionality. So, Do anyone know of similar addon.

Must Available for android and active development

Plus Sync functionality already implemented.

We have a few sites on our intranet at work that I constantly end up searching on Google instead of visiting the site.

If I type in the address bar

https://site.work/customers/12345

it will navigate just fine, but if I just type

site.work/customers/12345

it executes a Google search

Is there any way for me to add a whitelist for a given hostname? I don't want to turn keyword.enabled off.. I only want to turn it off for one site.

Let be begin by saying: Selectively blocking Javascript is essential for online privacy.

Fundamental idea

• Javascript is needed for way too many websites to load correctly
• Websites often dont only use their own Javascript to display their own menus etc. but they load tons of external Javascript.
• There is often way more Javascript that you can block than what you need
• No "privacy browser" can protect you if you dont invest the work of blocking Javascript per origin
• there are many origins that just serve bullsh*t so you can always block them
• browser sandboxes, process isolation etc. is only needed because of Javascript or CSS exploits
• there are hacks that work through CSS only, but they are rare
• this is why browser isolate every website in a process. They isolate these processes from the system with strict filters and sandboxes

Sum up

Javascript is a technology used to display fancy websites, moving parts, responsive interfaces etc.

It is executed code, in your browser. Unlike normal applications, the code comes from random places on the internet, and is often malicious.

This is why browsers need to be so secure.

Many developers bundle random 3rd party javascript into their website, mostly for capitalist "get some more cents" purposes.

This is what a shitty website looks like (and yes it runs perfectly fine after blocking all that)

This means often: the website, AND the developers of the javascript will both get your personal data.

If you block Javascript, you avoid 99% of security issues, and automatically block most trackers.

Websites cannot place cookies in the browser, if you block javascript!

Some things to know

• Google reCaptcha is a nasty difference, as it requires many origins at once. NoScript has the "allow all Javascript on this tab" for this purpose
• some sites may load fine without Javascript, but menus dont work.

Setup of NoScript

Install the Addon and go into its settings.

per site permissions

It has some very loose, "security only" settings, so most of "Big Tech" is trusted by default. If you dont use it, set it to "untrusted".

general settings

Here you can select what "default", "trusted" and "untrusted" do.

Default

• I change it to "block all". Most websites dont load with the default settings anyways
• if you set "noscript", websites can see that "your browser does not support Javascript". This may cause them to display a no-js website, but that is really rare.
• The "noscript" makes you stand out from the crowd very likely. There are other methods to check if you support javascript, like just trying to run it.

Trusted

• I enable everything but these:
  • ping: pretty shady stuff, thanks @leanleft@lemmy.ml
  • noscript: you support Javascript so not useful
  • LAN: block requests to your local network, should not be needed in most cases
  • unverified CSS: important blocking this is more secure (see above, CSS-only exploits are possible) but drastically slows down the speed of your browser
  • other: better not enable random other Javascript types

Untrusted

• block everything
• maybe allow noscript (see above)

See the explanations for all Javascript variants here

Workflow of NoScript

I think the author didnt really consider the implications, so these loose settings make little sense.

NoScript makes most sense for "goodness enumeration". By default, all Javascript is blocked.

At the beginning it may be annoying, but it will become less and less work:

1. Open a website
2. It likely doesnt load
3. Click on the NoScript icon
4. Set the Javascript of this Website to "trusted"
5. NoScript automatically reloads the site
6. maybe: Repeat, you may need to allow CDNs, image hosts etc.

Once you did this to all your commonly visited sites, only new ones will need manual configuration.

This approach becomes less effort over time, unlike badness enumeration, which gets more and more.

(I thought about giving you my 2 years old configuration as a headstart, but it is basically my browsing history. I would be interested in sharing a config on some Git host though, as this makes starting with NoScript way more pleasant)

Background on "badness enumeration"

Adblockers use something called "badness enumeration".

Example of badness enumeration:

• Adblockers: allow all content to load, block a, b and c ONLY
• Malware scanners: allow all code to execute, but block hashes a, b, c
• Some Firewall Blocklists: allow all incoming traffic, but block all IPs coming from Russia

The system is fundamentally flawed, as

1. The authors of blocklists always need to be perfectly up to date
2. Once a new malware/site/ad comes out, it will stay unblocked for a while
3. It assumes every user needs the same
4. It needs always growing filterlists and malware databases, that get bigger and bigger

Avoid badness enumeration when possible. Btw, NoScript likely also blocks many Ads on websites.

Firefox 126.0.1, Fairphone 5, Android 13

I keep accidentally tapping it when trying to tap at the end of the address to edit it. Currently this is my biggest struggle with Firefox.

I have the an extension installed for Firefox and I see the green dot under my extension menu on every website visit and everytime I reload a website indicating that it asks for permission to read data on that website again. When I hover over it it tells me that I can allow it for this visit and the cog wheel menu has the option "only when clicked" for "extension can read and write data" ticked. Clicking on that option does nothing.

How do I give the permission permanently? It's annoying to have to click that everytime.

Screenshot from phone, but same warning message when i do it on my computer.

I have my bookmarks, history, etc. saved on my computer (in the firefox profile folder). But i'm afraid firefox may delete my data once i reset my password. If not, will firefox sync my local data to their cloud after pw reset?

How reliable is this? Is it VoIP based or actual phone numbers that will be accepted everywhere?

Does fennec get around this?

So I've been using Firefox's container function for a while now and recently discovered the multi account container extension. What does this add over the built in containers? I've seen a lot of people say they need multi account containers but are disappointed that it's an extension so I'm curious what it adds.