Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
davidshenba writes Intex and Mozilla have launched Cloud FX, a smartphone powered by Mozilla's Firefox OS. The phone has a 1 GHz processor, 2 Megapixel camera, dual SIM, 3.5 inch capacitive touchscreen. Though the phone has limited features, initial reviews say that the build quality is good for the price range. With a price tag of $33 (2000 INR), and local languages support the new Firefox phone is hitting the Indian market of nearly 1 billion mobile users.
New submitter MorgyTheMole writes Porting C++/OpenGL based games using Emscripten and WebGL has been an approach pushed by Mozilla for some time now. Games using the technology are compatible with most modern browsers and require no separate install. We've seen Epic Games demonstrate UnrealEngine 4 in browser as well as Unity show off a variety of games. Now as the technology matures, indie devs are looking to get into the mix, including this near one-to-one port of E McNeill's Auralux, a simplified RTS game, from Android and iOS. (Disclosure: I am a programmer who worked on this title.)
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
NotInHere (3654617) writes As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before. Note that only the particular copy of the implementation built and blessed by Cisco is licensed to use the h.264 patents.
An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."
An anonymous reader writes: Mozilla today announced the release of mozjpeg version 2.0. The JPEG encoder is now capable of reducing the size of both baseline and progressive JPEGs by 5 percent on average (compared to those produced by the standard JPEG library libjpeg-turbo upon which mozjpeg is based). Mozilla today also revealed that Facebook is testing mozjpeg 2.0 to see whether it can be used to improve the compression of images on Facebook.com. The company has even donated $60,000 to contribute to the ongoing development of the technology.
mpicpp (3454017) writes with word that Mozilla released a full development environment integrated into Firefox (available now in nightly builds). From the announcement: Developers tell us that they are not sure how to start app development on the Web, with so many different tools and templates that they need to download from a variety of different sources. We’re solving that problem with WebIDE, built directly into Firefox. Instead of starting from zero we provide you with a functioning blueprint app with the click of a button. You then have all the tools you need to start creating your own app based on a solid foundation. WebIDE helps you create, edit, and test a new Web application right from your browser. It lets you install and test apps on Firefox OS devices and simulators and integrates the Firefox Developer Tools for seamless debugging and inspection across those devices. This is a first step towards debugging across various platforms and devices over WiFi using open remote debugging APIs. The default editor is based on CodeMirror, but the protocol for interacting with the IDE is open and support for other editors (Emacs anyone?) should appear soon.
hypnosec writes A new movement dubbed the Open Wireless Movement is asking users to open up their private Wi-Fi networks to total strangers – a random act of kindness – with an aim of better securing networks and facilitating better use of finite broadband resources. The movement is supported by non-profit and pro-internet rights organizations like the Electronic Frontier Foundation (EFF), Mozilla, Open Rights Group, and Free Press among others. The EFF is planning to unveil one such innovation – Open Wireless Router – at the Hackers on Planet Earth (HOPE X) conference to be held next month on New York. This firmware will allow individuals to share their private Wi-Fi to total strangers to anyone without a password.
SmartAboutThings writes: Mozilla took the world by surprise when it announced that it was developing a Firefox operating system that would be used for mobile phones, particularly in developing markets. Such devices have already arrived, but they aren't the only targets for the new operating. According to a report from GigaOM, Mozilla is currently working on a secretive project to develop a Chromecast-like media streaming stick powered by Firefox-OS. Mozilla's Christian Heilmann shared a picture of a prototype.
sfcrazy writes Mozilla is working on developing a content and commenting platform in collaboration with The New York Times and The Washington Post. The platform aims to be the next-generation commenting and content creation platform which will give more control to readers. Mozilla says in a blog post, “The community platform will allow news organizations to connect with audiences beyond the comments section, deepening opportunities for engagement. Through the platform, readers will be able to submit pictures, links and other media; track discussions, and manage their contributions and online identities. Publishers will then be able to collect and use this content for other forms of storytelling and spark ongoing discussions by providing readers with targeted content and notifications.” The project is being funded by Knights Foundation.
mrspoonsi (2955715) writes Mozilla, the organisation behind the Firefox browser, has announced it will start selling low-cost smartphones in India within the "next few months". Speaking to the Wall Street Journal, the firm's chief operating officer suggested the handsets, which will be manufactured by two Indian companies, would retail at $25 (£15) [note: full article paywalled]. They will run Mozilla's HTML5 web-based mobile operating system, Firefox OS. The firm already sells Firefox-powered phones in Europe and Latin America. Firefox OS has come a long way even in the year since we saw a tech demo at Linux Fest Northwest.
sfcrazy (1542989) writes "Developers need access to device running the platform for which they develop. Nexus was Google's reference device and now Mozilla is coming out with its own device. Mozilla has opened pre-order for Flame, its Firefox OS reference devices for $170 including free shipping." Specs are, of course, modest: a dual core 1.2GHz snapdragon, 1G of RAM, 8G of flash, an 854×480 4.5" screen, and a 5MP camera. Now, if only they would release a device with a keyboard.
JimLynch (684194) writes "Mozilla has been in the news quite a lot over the last few months. This time the organization is being hammered by open source advocates for adding Adobe DRM to Firefox. But did the folks at Mozilla really have a choice when it comes adding DRM? An open source project like Mozilla is not immune to market pressures. And with so many competing browsers such as Chrome adding DRM for Netflix, etc. how could Firefox avoid adding it? Is it realistic to think that Firefox can simply ignore such things? I don't think so and the reason why is in Firefox's usage numbers over the last few years."
sfcrazy (1542989) writes "Chromecast is a great device, and concept, however it is more or less limited to Google's Chrome browser and supported apps. That seems to be changing: Mozilla is working on bringing Chromecast support to its Firefox browser. Mozilla meeting notes from 14 May clearly mention Chromecast support for the browser: 'Work week in SF, making good progress. Hoping to have Netcast and Chromecast support landed by the end of the week.'"
First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work. From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"
New submitter ptr_88 writes: "The Free Software Foundation has opposed Mozilla's move to support DRM in the Firefox browser, partnering with Adobe to do so. The FSF said, '[We're] deeply disappointed in Mozilla's announcement. The decision compromises important principles in order to alleviate misguided fears about loss of browser market share. It allies Mozilla with a company hostile to the free software movement and to Mozilla's own fundamental ideals. ... We recognize that Mozilla is doing this reluctantly, and we trust these words coming from Mozilla much more than we do when they come from Microsoft or Amazon. At the same time, nearly everyone who implements DRM says they are forced to do it, and this lack of accountability is how the practice sustains itself.'"
An anonymous reader writes "Last year the W3C approved the inclusion of DRM in future HTML revisions. It's called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, it had the support of several major browser makers, and now Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, 'This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. ... From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. ... Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.'"