Firefox 115: new ESR base and some add-ons may be blocked from running on certain sites
Mozilla Firefox 115, the latest version of the organization's web browser, is a big update. It moves the browser's Extended Support Release (ESR) base and is the last stable channel version for Windows 7, Windows 8 and 8.1, and also for several macOS versions.
For Firefox ESR users, which are often found in organizations but also at home, Firefox 115 ESR is a massive update. It brings along with it all the changes introduced in Firefox since the release of Firefox 102 ESR. That browser was released a year ago and there have been plenty of changes in Firefox since then.
Windows 7, 8 and 8.1 installations of Firefox will be migrated automatically to Firefox 115 ESR. Mozilla continues to support these operating systems, while all Chromium-based browsers have dropped support by now. Firefox 115 ESR will be supported until September 2024.
Similarly, users of macOS 10.12, 10.13 and 10.14 devices will also be migrated to Firefox 115 ESR to stay supported until September 2024.
Executive Summary
- Firefox 115 ESR is the new base of the Extended Support Release channel.
Firefox 115 download and update
Mozilla Firefox 115's and 115 ESR's release date is July 4, 2023. Most browser installations will be updated automatically to the new version.
Firefox users may select Menu > Help > About Firefox to display the current version. Firefox runs a check for updates when the menu is opened and will download the latest version automatically or on the user's request.
Here are the official download locations:
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox for Android on Google Play
Firefox 115.0 new features and improvements
Some add-ons are blocked from running on certain sites
Firefox users who run add-ons that are not monitored by Mozilla may notice a new notification in Firefox when they visit certain sites. The notification informs them that "some extensions are not allowed" and were blocked from running on that site.
Mozilla writes on a support page: "As of Firefox version 115, we have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns".
Mozilla makes no mention of the scope of this and the support article is extremely vague. The change is called Quarantined Domains by Mozilla.
Firefox users may undo the change in the following way:
- Load about:config in the Firefox address bar.
- Click Accept the Risk and Continue, if the prompt appears.
- Search for extensions.quarantinedDomains.enabled.
- Set it to FALSE.
- Restart Firefox.
Mozilla should consider publishing detailed information about the blocking in which it reveals all blocking rules.
New Firefox ESR base
Firefox 115 ESR includes all the changes that went into Firefox since the release of Firefox 102 back in 2022.
You may want to consult the following resources to get up to speed regarding the changes:
- Firefox 103
- Toolbar access using the keyboard.
- Firefox 104
- UI throttling to reduce power usage on devices that run on battery.
- Power usage analysis
- Firefox 105
- Firefox 106
- Firefox View introduced to improve access to open and closed tabs.
- Firefox 107
- Firefox 108
- Support for Windows 11's efficiency mode added.
- Firefox 109
- Initial support for Manifest V3 extensions.
- Firefox 110
- GPU sandboxing support on Windows.
- Option to prevent third-party modules from injecting themselves into Firefox on Windows.
- Firefox 111
- Native notifications on Windows support added
- Firefox 112
- Firefox 113
- Search Terms in the URLbar (instead of the URL)
- Security improvements
- Redesigned accessibility engine
- Picture-in-Picture improvements
- Firefox 114
- Secure DNS settings in UI
- Search improvements
Other changes and fixes
- Firefox users who migrate from a Chrome-based browser may now import payment methods into Firefox, if they have saved them in the browser they migrate from.
- The interface for importing data from other browsers has been streamlined according to Mozilla.
- Firefox on Linux systems with Intel GPUs uses hardware video decoding now
- Firefox falls back to using Cisco's PpenH264 plugin for playback on systems that do not support H264.
- Windows users on "low-end / USB wifi drivers" who have geolocation disabled may now "approve geolocation on a case by case basis without causing system-wide network instability.".
- The password fields support undo and redo operations.
- A middle-click on the new tab button on Linux will now either load a site, if the clipboard contains an URL, or run a search using the default search provider, if it contains text.
- Firefox colorway themes will automatically be migrated to the same theme hosted on Mozilla's add-ons repository.
Developer changes
- The CSS animation-composition property is now supported by default.
- The Array.fromAsync() static method is now supported.
- The Array and TypedArray methods Array.toReversed(), Array.toSorted(), Array.toSpliced(), Array.with(), TypedArrays.toReversed(), TypedArrays.toSorted(), and TypedArrays.with() are now supported.
- The Response: json() static method is now supported, making it easier to construct Response objects for returning JSON data.
- The Sec-Purpose HTTP fetch metadata request header is now included in requests to Prefetch resources.
- The URL.canParse() static method can now be used to parse and validate an absolute URL, or a relative URL and base URL.
- The URLSearchParams.has() and URLSearchParams.delete() methods now support the optional value argument.
- Support has been added for storage.session, which provides the ability to store data in memory for the duration of the browser session.
- IndexedDB is now also supported in private browsing without memory limits thanks to encrypted storage on disk.
- The builtin editor now behaves similarly to other browsers with contenteditable and designMode when splitting a node.
Enterprise changes
- The FlashPlugin policy is no longer available.
- Firefox 102 ESR continues to be supported for another two releases before Firefox 115 ESR becomes the sole Extended Support Release.
Security updates / fixes
Mozilla patched 13 vulnerabilities in Firefox 115. The vulnerabilities have a severity rating of high or lower.
Additional information about the security fixes is available here.
Outlook
Firefox extension reviews and news
None
Recent Firefox news and tips
- Mozilla will launch data removal service Firefox Monitor Premium soon
- Mozilla transitions Pocket to use Firefox Accounts exclusively
- Time to update: Firefox 114.0.1 fixes a startup crash
- Firefox 114.0.2 fixes several crashes and Web Extensions regressions
Additional information / resources
- Firefox 115 release notes
- Firefox 115 for Developers
- Firefox 115 for Enterprise
- Firefox Security Advisories
- Firefox Release Schedule
@ owl,
Do you happen to know what the position is regarding Floorp continuing to receive security updates on Win 7/8 until September next year in the same way as Firefox will?
The reason I’m asking is because I’m being offered v11.0.0 now on Floorp, but on the Github site it states that Windows 7/8 aren’t supported: https://github.com/Floorp-Projects/Floorp
Therefore I dismissed it as an update otherwise the installer would automatically remove v10.16 which I’m running at the moment and I don’t want that to happen.
@TelV,
> v11.0.0 now on Floorp, but on the Github site it states that Windows 7/8 aren’t supported: https://github.com/Floorp-Projects/Floorp
Therefore I dismissed it as an update otherwise the installer would automatically remove v10.16 which I’m running at the moment and I don’t want that to happen.
In the official announcement,
https://github.com/Floorp-Projects/Floorp/issues/293#issuecomment-1623680667
(Windows 7/8 support)
Floorp is based on FirefoxESR115. Do not worry, existing user continue to use Floorp for 1 year.
Clean install is unsupported.
In preparation for unforeseen circumstances, “Floorp 10 v10.16.0” can be downloaded from the following.
https://github.com/Floorp-Projects/Floorp/releases/tag/v10.16.0
What I’d like to know is why is this technical article about a new version of Mozilla Firefox littered with completely off-topic comments debating about politics and racism.
I’m all for freedom of speech, but please do it in appropriate places. There is such a thing as SPAM, which is what all the above unrelated comments are.
I came here looking for relevant info about Firefox ESR 115, and I find it hard to get it because of all the off-topic drag. Moderators, please do your thing and keep the place clean so we can read the stuff Ghacks and this article’s subject matter are for. Thank you!
hello.
It seems some modules like osfile and other disappeared and some functions removed (can not invoke cu.import/components.utils.import anymore. does anyone know where this is documented to find something to replace it?
I found element’s name ”alltabs-button” and then I can hide it.
#alltabs-button {
display: none !important;
}
https://github.com/Aris-t2/CustomCSSforFx/blob/master/current/css/buttons/icons_custom_icons_noia.css
I found a solution how to remove Unified Extensions button:
#unified-extensions-button {
display: none !important;
}
https://github.com/Aris-t2/CustomCSSforFx/blob/master/current/css/buttons/unified_extensions_button_hidden.css
Now there only list of tabs button that I have to remove.
This doesn’t work in Firefox 115 ESR.
How to remove the Firefox Unified Extensions button and restore the Overflow Menu
https://www.ghacks.net/2023/01/18/how-to-remove-the-firefox-unified-extensions-button-and-restore-the-overflow-menu/
How can I remove Unified Extensions button and also button that contains list of tabs?
I can remove this button (userChrome.css):
#PanelUI-menu-button {display: none;}
@Martin Brinkmann
Thank you. I have been waiting this article about new ESR!
After updating to 115 I notice that Firefox starts as quick as previous version, but now takes 3-4 seconds (!) to load my home page Wikipedia (stays a white background for 3-4 seconds). Previous version loaded instantly.
I have of course also disabled extensions.quarantinedDomains.enabled.
I updated to 115 and I’m still on the non esr branch even though I run Windows 7 on my laptop, weird.
> I updated to 115 and I’m still on the non esr branch even though I run Windows 7 on my laptop, weird.
No weird.
There is no update to 116, and at the time “Release version updates to 116”, it will switch to “115ESR (its update schedule)”.
https://www.ghacks.net/2023/07/06/firefox-116-beta-adds-quick-actions-to-address-bar/#comment-4569769
I get what you’ll say about Firefox, all true, but if you still have a Windows 7 pc, what other choices are there? I don’t trust or like Waterfox at all anymore, and it uses more memory for me. LibreWolf apparently has some issues working on 7 past the 111 update. Floorp and Pulse require Windows 10 or above. Palemoon, never cared for that one. So on the Windows 7 pc I’m stuck with Firefox it would seem.
@ Purple,
Floorp current version 10.0x.0x supports Windows 7/8.
https://i.postimg.cc/QdBb39sW/v10-still-supported.png
Image taken from link at https://github.com/orgs/Floorp-Projects/projects/2/views/1
Subsequent versions i.e. from 11 onwards won’t be supported. But since Floorp is a fork of Firefox support for the current version will continue until September 2024. I’m using it on Windows 8.1
Best thing to do is to enable the setting: “Check for updates but let you choose to install them” so that the current version won’t be automatically removed when the time comes.
@ Sajadi,
In the civilised part of the world we live there are international rules which state that refugees are entitled to asylum in the EU if they’re migrating from a country which threatens their lives.
Unfortunately, migrants are influenced by people smugglers who tell them that the streets in western countries are paved with gold and for the fee the smugglers charge, they can go to those places and be welcomed. However, when they get here they discover this isn’t the case at all, but they still try to secure asylum rather than return to their previous miserable existence.
The problem for the countries where these people land is that they don’t have any ID, having burnt those to prevent their repatriation. Even for those individuals who didn’t destroy their identification documents there can be problems since some countries like Tunisia refuse to take them back.
So there lies the problem. They’ve made the journey in good faith based on the lies perpetrated by the smugglers and are now stuck in Limbo land. What to do with these people?
As for the ongoing riots in France at the moment I’ve read that this boy who was shot by police had been stopped before. He wasn’t entitled to a full driving licence because of his age and presumably tried to make a getaway knowing he was going to end up in jail if he didn’t.
But Macron recently widened police powers to try to get control of the situation where youths were intimidating French citizens and causing havoc and the officer who shot him only did so when he attempted to drive away as he had done on previous occasions.
I was being sympathetic because the boy was brought up by a single mother and he was her only child. But the situation in the suburbs where she and other migrants like her are ostracised by society means it becomes a tinder box over time. You only need a single spark to set events in motion which is what happened. Migrants circumstances need to be looked at and if they reside there legally, they should be entitled to support so that they don’t fall into the same poverty trap like the one they left their own country for.
@TelV
The only solution would be to remove everyone who is a migrant out of the country once the one is criminal in the slightest way. France has become the European Iranian country – and we all know what has happened their in the past. A minority of radicals took over a whole country and everyone – especially Girls and for example homosexuals and general non-binary people had to suffer.
And deny it or not – the main problem are not the one’s who make use of migrants unfortunate situation and tricks them into boarding their boats and trucks against tons of money – the main problem are the leftists which want today open borders and mass migration – as meaning to avoid any political success for their opponents which they denounce as bigots or Nazis.
One Problem – simple explanation
@Sajadi.
Indeed. But France is not alone, there are unfortunately many european countries, some in a way worse situation than others of course, and the situation has been allowed to slowly and steady grow and grow over a long, long time due to the “good” politics that has been put in place by “good” politicians under different governments. And non of them “saw this coming” they say, well many did, but those who warned were called racist and silenced by the “good” politicians, “good” people, “good” journalists etc. And now here we are, and the “good” people look like question marks. They created it, but don’t know how to solve it, and don’t want to take/feel any responsibility what so ever. And wonder why some people’s trust in politicians and journalists/media gets lower and lower day by day. Oh dear.
ahh ghacks, come for the tech news, stay for the xenophobia.
Firefox… the from Mozilla bastardized and abused once awesome but no longer power user browser… Today, just featureless trash with some privacy features, crippled add-ons, crippled customization.
The only way to use Firefox these days without getting a serious nauseating feeling is if you use either Floorp, Pulse browser or… Waterfox – as is now again ads-company “deownified”
Normal official Firefox… simplistic trash browser from a trash developer which only appeals to activists with certain ideology.
More on the subject and how to bypass the restriction:
https://support.mozilla.org/en-US/kb/addons-restricted-domains
Did they add a pref to stop FF hijacking the PDF default?
If I wanted FF to be the default PDF viewer I would have set it thus. To simply take over control is yet another reason FF is losing favoritism imho.
Will definitely be disabling the domain blocking.
Who really believes there is anything honorable in that blocking? “Security concerns”.. pfft.. like hell. Big brother is probably threatening tech companies “You vill censor everything and you vill be happy”
Covert actions from Mozilla. Next up stopping uBlock from functioning on particular websites? They shouldn’t be able to dictate which add-ons I use on specific websites.
Apparently here’s the list of the six domains affected: https://github.com/mozilla-extensions/addons-restricted-domains/blob/main/extension/api.js
The common feature seems to be that the domains do port scanning ( https://arstechnica.com/security/2023/06/brave-will-soon-control-which-sites-can-access-your-local-network-resources/ ), and apparently I don’t have the extensions involved, since Firefox doesn’t give me a warning.
@Yan,
> Apparently here’s the list of the six domains affected:
I’m not sure, but according to that GitHub page, that seems related to another preference:
“extensions.webextensions.restrictedDomains”.
(line 11)
I hope at every update that finally with ‘Confirm before quitting with command-Q’ enabled, Firefox will quit like normal after hitting ‘command-Q’ a second time, like another browser I remember using along time ago.
While I like a conspiracy theory as much as the next girl, let’s not get too excited here.
This is well-established open-source software, with a large community. Unaudited browser extensions have a lot more potential for abuse than FF itself. Mozilla’s explanation is rational (although it could have been communicated a heck of a lot better).
So until it’s shown to actually do something evil, there’s no need to start the mouth-frothing.
“This is well-established open-source software, with a large community.”
Mozilla software is well established as not better than Google’s. “Open source” or not, it remains malicious for obvious reasons. The browser sector is the best example of the failure of the open source philosophy, placing theoretical rights to fork the code without any consideration for ethics (and not even that, it’s rather about having gratis contributors) above the practical reality of capitalism controlling everything. It’s not the least signal of that that now everywhere is talking about “open source”, not free software. The first one being about hoping to protect the mass of users from the corporate dictatorship, the second one being about cost management for Google.
About the “community”, there is no such thing. Everything about Mozilla is a Google made caricature of the free software movement. There are only paid developers, paid shills, and manipulated people who fell for the raw power of Google cash in public manipulation. Those who contribute for the greater good do it only in spite of Mozilla.
“conspiracy theory”
That choice of words has to be some “trolling” again, especially coming from a Google advocate. The problem with Big Tech is not that we don’t trust them enough, it’s that we trust them too much.
“Mozilla’s explanation is rational”
There was no explanation. “Muh security” may be the closest of an explanation, and Google and Mozilla have a very long history of abusing that concept to hurt the users while being the first enemies of their security. No site list given (yeah open source ! dig it yourself in the code, scumbag. Then be aware that it will even change without warning between updates). But then the unusual was “Muh security and stuff” without thinking it’s even necessary to tell what the “stuff” is. Then they will blog passionate articles about transparency and due process.
Another strike of Mozilla solely with the goal of slowly killing extensions, after many previous ones.
The site blacklist was not even disclosed.
The reasons for the blocking were not even disclosed either. A false one was given, “security”, meaning adblockers, tracker blockers, antivirus extensions will stop running, “for security”. Worse, the existence of other reasons was stated but they were not disclosed. Maybe they don’t want youtube downloaders to work on youtube ? Or paywall bypasser extensions to work on their favorite garbage press partner sites ?
The secrecy and arbitrariness smells bad here, although it’s the ordinary from Mozilla unfortunately.
The setting to prevent this might disappear at any time. Or funnier, stay there but start doing nothing.
Of the top 25 extensions by number of users, I think 5 of them aren’t monitored by Mozilla and would thus not be allowed to run on blacklisted sites. Those 5 have between 500 000 and 1 million users each. There are two antivirus extensions among those, remotely disabled by Mozilla “for security”. The total number of unmonitored extensions is of course a lot higher and the corresponding number of users seeing their extensions disabled by Mozilla will be enormous.
Previously they had done something similar with their own web sites, more radically disabling extensions there, again “for security and privacy”. Glad to know that Google Analytics was no longer supposed to be blocked or Mozilla’s ads hidden, for our own good. This move from Mozilla was even used as an excuse by uBO filter maintainers not to add those ads to the uBO filter lists, because blockers would be disabled there anyway on Firefox (although only by default and not on other browsers…).
About the other commenters who talk about “potential for abuse” and “slippery slope”, you’re wrong: the abuse is already here in that case. It’s not like when they started blocking malicious extensions and then extended creatively the definition of malice.
I am well aware of the downward spiral of Mozilla but I appreciate you bringing up some of those points. In regards to the slippery slope comment I was just hinting that once this is applied and if it becomes a standard then it is open to abuse by other companies and as someone pointed out that google/youtube for example will be quick to put their hand up for this.
This will have to be carefully observed as it is a far too powerful option that may be open to abuse.
Once you create an exception for one then why not the others. This is a terrible move!
This is now basically becomes adblock plus with their ads whitelist program. Regardless of the intentions this will be scrutinized and looked at with contempt.
So they have buckled to Brazil? Who next China? North Korea? Russia? Facebook? Twitter? Reddit?
You simply cannot allow this to go unchecked.
“Who next China? North Korea? Russia?”
Is there a single commenter who’s not a “troll” on this site ?
I should probably have added other countries Australia, France (France is attempting something lately also), Italy, New Zealand, Canada the US, etc etc.
I’m sorry you were offended but perhaps the reason why the quoted countries came to mind first is because it is factually true that the government from these countries have a history of attempting to control the data you see and how you see it online.
I don’t have anything against the people of these countries the point is that it will be open for everyone to lobby and push for such things. I don’t think it even took much effort for Brazil to get this going so who knows.
What is worse is that the notification or warning that an extension has been disabled is hardly obvious too if you haven’t seen it yourself and one could argue that the damage is already done by the time you have already visited a page with your defenses down.
Perhaps if they continue to go down this idiotic path they should warn people before you access the site to accept the fact the following extensions you have installed will no longer function on said site if you agree to continue at which point you can deny it and simply opt out of visiting the website or force extensions to work on said website.
It will be another hindrance for sure but this kind of stupidity is really going too far.
Btw if anyone is interested this is what France is cooking up which is just as bad.
https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
I believe that the Brazilian authorities, who are notorious for their love of blocking access to resources that do not fulfill their requirements*, have requested that extensions be restricted from accessing critical Brazilian resources.
* example: http://www.uniindia.com/~/brazil-threatens-to-block-telegram-for-criticism-of-authorities-reports/World/news/2969698.html
Mozilla hastily made a system add-on and deployed it remotely: https://www.reddit.com/r/firefox/comments/144x26o/new_hidden_addons_restricted_domains_system/ as a temporary way to keep Brazilian authorities happy.
Now they are working on a full-fledged implementation in the browser (named Quarantined Domains).
The source you linked to makes no mention of Mozilla. Don’t let Iron heart use you as a tool.
Seems openh264 is no longer ludicrously outdated by several years. Firefox now fetches version 2.3.2
Big improvements with video decoding and animations that are actually h264 videos
Shame about addon blocking for specific domains. Big sites like youtube will definitely try forcing firefox users to disable addons while you browse them such as ad blockers, like by denying access to functionalty or even everything until you comply.
So basically, Mozzilla has hijacked all my web browsing with FF so they can control what I do online.
Except that they tell you in the release notes how to turn their control off if you want to do so. They also have indicated in Bugzilla that security to combat certain active in the wild attacks is driving this, and that the next update will give users the ability to bypass the control on a site specific basis. They should have been far more transparent regarding the reason(s) for this change, and hopefully they will be on or before the next update. However, ‘hijack’ is a bit strong a term for what has taken place here.
“Except that they tell you in the release notes how to turn their control off if you want to do so”
Most of users don’t read the releases notes and won’t even be aware that their defenses have once again be deliberately lowered by Mozilla under false pretexts on an undisclosed list of sites. The “warning” will not be seen unless the users click on the new single puzzle icon for all extensions. I discovered only recently that new change of hiding extension icons on toolbars by default by the way. Many ones relied on that for basic functioning. Now users would need to dig in the menus to find the way to display those icons, assuming they know it can even be done. And one has to be stupid to still believe Mozilla and Google lies about their motivations in 2023. Besides, the way to turn that off is to dig in about:config with a scary “don’t do it” warning, most of users not even knowing that existss, even those who know that there is a more available user interface for configuration.
About the uglily missing site list, I’ve found that there is a pref in about:config, named
extensions.quarantinedDomains.list
which is empty. Not sure if that means that there is a hidden blacklist somewhere and what is entered there by the user for some reason is added to it, or if it’s the only blacklist and it’s actually empty right now, just ready for filling remotely for a new but slower armaggadon. But I checked that adding for instance example.com in it will add it to the blacklist.
Mozilla, around 500 million dollar each year from Google essentially. Not even as a donation, which would already stink of course, but in exchange for personal data that is known to be exploited commercially and by the worst repressive state in the world outside of any bourgeois legality. For context.
When I upgraded to v115, I noticed that Smooth Scrolling was turned back on. Not sure why, but I turned it off again.
Same here.
@Mystique,
> Mozilla absolutely needs to be much more transparent about this as this is a slippery slope for sure!
ghacks article:
quote,
Firefox 115.0 new features and improvements
Some add-ons are blocked from running on certain sites
Firefox users who run add-ons that are not monitored by Mozilla may notice a new notification in Firefox when they visit certain sites. The notification informs them that “some extensions are not allowed” and were blocked from running on that site.
Mozilla writes on a support page: “As of Firefox version 115, we have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns”.
Mozilla makes no mention of the scope of this and the support article is extremely vague. The change is called Quarantined Domains by Mozilla.
In order to deal with recent serious cyber-attacks (abusing “SDK” and “Win32 API” in browser extensions), extensions that are not sufficiently audited will have to be blocked.
However, the blocking measures are not demand forced, leaving the option for the user to unblock.
Since the release schedule of milestone version “115” is scheduled, the official document is probably just not in time.
Once again, when I scrutinized the official document again, it was caused by @Martin’s mistranslation.
Its official documentation clearly mentions, so “a new back-end feature to only allow some extensions monitored by Mozilla”.
In other words, all extensions (add-ons) that Mozilla has not undergone human review are blocked.
It is a “default setting with the highest priority on safety”, and the user has an option to “unblock”.
In fact,
the “Update to v.115.x” for existing users seems to be pending.
On that expected date, a new update for v.102 was being pushed.
Firefox ESR 102.13.0
July 4, 2023
Version 102.13.0, first offered to ESR channel users on July 4, 2023
https://www.mozilla.org/en-US/firefox/102.13.0/releasenotes/
Existing users do not need to rush to move to “115”.
Probably, it seems that it was delayed because preparations such as official documents were insufficient.
Simply put,
At this time, milestone version ‘115’ is being released for new installation (new users).
Since common (popular) extensions are prioritized for auditing, so I think that may be blocked are “extensions that are clearly confirmed to be malicious or whose development support has stagnated and extensions with few users”.
It is wise posture for existing users to understand the situation in advance and be prepared to take appropriate action (such as whether to unblock) in the event of a blocked example.
Unecessarily, It is childish to make a big fuss.
Mozilla absolutely needs to be much more transparent about this as this is a slippery slope for sure!
Running Windows 7, updated Firefox 114.0.2 to Firefox 115.0 ESR
No issues at this time (115.0 or ESR related).
Having been a Firefox user since always, this is the first time I switch to its ESR. Quiet until September 2024.
About Firefox 115 new Quarantined Domains pref (extensions.quarantinedDomains.enabled) : I’ve disabled it until Mozilla provides more information about this restriction.
Anybody knows what happens if you download Firefox 115.0 (not ESR) and try to install or update on Windows 7? Or how Firefox installations where administrator block updates can be migrated to ESR?
@Steve,
I think you’re confusing Firefox versions with security updates. FF 115 is the last version which supports Windows 7 and 8, but that version will continue to be supported with security updates until September 2024.
I’m running Windows 8.1 and fall under the same blanket policy. I’ve just installed version 115 and didn’t come across any issues.
See: https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
@Steve, Firefox 115.0 (not ESR) is the latest version to support Windows 7/8 :
Firefox 115.0 – Windows – Operating Systems (32-bit and 64-bit) : Windows 7 or later.
[https://www.mozilla.org/en-US/firefox/115.0/system-requirements/]
Version 115.0,is the last version of Firefox that users on those operating systems [Windows 7/8] will receive.
[https://www.mozilla.org/en-US/firefox/115.0/releasenotes/]
Firefox installations where administrator block updates can be migrated to whatever version manually : download from [https://ftp.mozilla.org/pub/firefox/releases/] and install. If downgrading in particular backup the Firefox profile(s) first.
I also immediately disabled this. There is no good reason for Mozilla to withhold information as to the actual reasons for this change. “Various reasons including security concerns”. Really?
Having said that, at least Mozilla did provide details about how to use about:config to disable this ‘feature’ in the release notes, which they do not normally do.
until they quietly remove that about:config pref…
That would be the day, Firefox dies.
> Firefox users who run add-ons that are not monitored by Mozilla may notice a new notification in Firefox when they visit certain sites. The notification informs them that “some extensions are not allowed” and were blocked from running on that site.
LOL, what could possibly go wrong. I see no potential for abuse here at all.
Half-OT: @Martin Brinkmann, have you seen the new propsed bill in France that would force browsers to include a government-mandated blocklist, to be enforced by the browser? Mozilla is currently (hypocritically) screaming about it here:
https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
Might be worth an article discussing it regardless, this could potentially be interesting to your readers.
@Iron Heart
Half-OT: @Martin Brinkmann, have you seen the new propsed (sic) bill in France that would force browsers to include a government-mandated blocklist, to be enforced by the browser? Mozilla is currently (hypocritically) screaming about it here:
Hyprocritical is when a self proclaimed free speech absolutist attacks Mozilla for supporting free speech, while claiming a bunch of nonsense about how Mozilla censors websites, but has no evidence Mozilla has blocked any website. Then when called out on his hyprocritical BS he changes his story to say they MIGHT block a website in the future, just so he can support his far left freedom hating pro-Google agenda.
@Jek Porkins
> Hyprocritical is when a self proclaimed free speech absolutist attacks Mozilla for supporting free speech, while claiming a bunch of nonsense about how Mozilla censors websites, but has no evidence Mozilla has blocked any website.
Mozilla is not supporting free speech, this is the company that proudly proclaims that “We need more than deplatforming.”, whatever that means. @Alexander below has pointed out already that Mozilla blocks websites to please authorities.
I am critical of this change and I do call it out (see above). I also support people like you uttering their opinion, even if it’s clear as day nonsense. That’s your right.
> Then when called out on his hyprocritical BS he changes his story to say they MIGHT block a website in the future, just so he can support his far left freedom hating pro-Google agenda.
There is no “might” involved here, they do. And I never said that Google, especially some of their products like Google Search and YouTube, are not part of the censorship apparatus. That would be silly. I never claimed that, stop making shit up about me.
@Iron Heart
We do not agree in much for sure, but it is a true fact that Mozilla’s remaining users are just Progressives/Liberals – who support anti-free speech policies like the ideology to de-platform/silencing Conservatives and more moderate non-Leftists – and so does Mozilla itself. Allowing to hunting down a CEO which took the freedom in his own hands to believe in traditional marriage and privately disagreed with the opposite. Mozilla and a big part of their remaining user-base are living in a self-created ideological walled-garden – and they want to expand this to everyone else, no matter if they want or not.
Also they are speech police…. Master password renamed for example…. and why? oh my god because of the word slave! Even on their Mastodon instance free speech is a discouraged value, and that says a LOT about them as organization.
> Also they are speech police…. Master password renamed for example…. and why?
Master:
You Americans may not know,
In areas where the United Kingdom is a former sovereign nation,
Master is also the name of a “repressive status system: the relationship between ruler and servant,”
and in those countries there is an international recommendation that Master should be replaced with another name because it is a “forbidden word” that evokes trauma (an abhorrent past).
The Web isn’t just for Americans, You should understand the “hard feelings” of those people (Respect diverse national conditions and cultures, and do not participate in discrimination).
> Also they are speech police…. Master password renamed for example…. and why?
Master:
You Americans may not know,
In areas where the United Kingdom is a former sovereign nation, master is also the name of a “repressive status system: the relationship between ruler and servant,” and in those countries there is an international recommendation that master should be replaced with another name because it is a “forbidden word” that evokes trauma (an abhorrent past).
The Web isn’t just for Americans, You should understand the “hard feelings” of those people.
@Iron Heart
You have yet to link to any website blocked by Mozilla
@Iron Heart
It’s well known at ghacks that you are a liberal who has supported and defended Google numerous times. and you have yet to name a single blocked website.
https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
From what I read, it’s partly about censoring the foreign press from countries considered by them as enemies, deemed by definition as “disinformative” and “interfering”, contrary to the french garbage press of course. And the local press still deemed too foreign to be trusted together with it.
“Such a move will overturn decades of established content moderation norms”
Every time they say that and once it’s passed they forget about it and repeat it again the next time.
“and provide a playbook for authoritarian governments”
“It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes”
So my self-described non-authoritarian government doing arbitrary censorship to support its pillage wars and internal repression is not really the problem here ? It’s those bad allegedly more authoritarian guys who according to you aren’t even doing it themselves who are the problem here ? And of course the french or US governments are supposed not to be very high on the “nefarious guys” list ? Thinking about it, I don’t think I can find something higher than Mozilla’s own US government on that list. The worst record as a source of blood, oppression and human misery in all its forms, but seems determined to keep this unknowned, with Mozilla’s diligent help of course.
But wait, in that case, didn’t Mozilla already kick out of its store exactly the same foreign press extensions for the reason that they were judged “disinformative” ? More exactly in order to “elevate critical thinking, reasoned argument, shared knowledge, and verifiable facts”. They even used that quote from their manifesto, ironically.
https://discourse.mozilla.org/t/rt-news-add-on/94342
https://reddit.com/r/firefox/comments/t15p9q/firefox_should_shut_down_rt_media_addons/
https://addons.mozilla.org/firefox/addon/rt-news/
(note also the bunch of authoritarian [removed] comments from the firefox subreddit thread)
The worse part is that, not just happy with censoring for instance the above, Firefox on the contrary now displays by default a summary of all the french press crap on the home page, no longer having a problem with disinformation for those. They even make some bucks from that. And even help those local billionaire press detritus gather some data about Firefox users in the process.
“While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud”
No, that’s only one of the motives involved. The same law also “brings new protections against disinformation and foreign interference from media that are under international sanctions”. Although I’m not sure that this part involves blocking at the browser level like the fraud case. Interestingly the political censorship part here is not a part Mozilla seems concerned about.
“Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.”
Oh, that’s all it was about. They want it added to the Google safebrowsing lists for more efficient coding.
“Firefox has used Google’s Safe Browsing offering for more than a decade and has a unique, privacy preserving implementation that protects user privacy while simultaneously preventing them from becoming victims of malware and phishing.”
What ? Firefox tells Google most of the files that users download thanks to safebrowsing, and when and where. Most of all files, not just most of binaries. It’s even less private than the dumbest implementation by a local blocklist.
“This setting can also be turned off by users at any time, leaving them in control of their experience on the web.”
Untrue on mobile. The former ghacks user.js stopped disabling it ages ago. That wave of love for safebrowing seemed as intense as the Mozworld loved extension signing before.
“In fact, a government being able to mandate that a certain website not open at all on a browser/system is uncharted territory and even the most repressive regimes in the world prefer to block websites further up the network (ISPs, etc.) so far.”
Yes, the french government likes to use the DNS for that. Thankfully Firefox’s default policy, in countries where it modifies the DNS provider of the users, is to comply with censorship when the network (the censor) requests Firefox to do it, so Firefox won’t be an obstacle for such censorship. In about:preferences#privacy, it’s spelled “Turn off when a network tells Firefox it shouldn’t use secure DNS”. They however reserve the right not to comply if they don’t want to, although that would require them modifying the code compared to that default behavior. But see the few links above for a prediction of how they might react in practice.
“Forcing browsers to create capabilities that enable website blocking at the browser level is a slippery slope. While it might be leveraged only for malware and phishing in France today, it will set a precedent and create the technical capability within browsers for whatever a government might want to restrict or criminalize in a given jurisdiction forever. A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.”
Scary. So they say, let’s not make that a new capability at the browser level, we’re too busy improving our Pocket spyware algorithm, let’s just use the already existing Google safebrowsing at the browser level, “a far better route”.
“Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers – services such as Safe Browsing”
So in fact, Mozilla even thinks that this would “improve” safebrowsing.
“The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies.”
Oh, wait, it gets better. In fact, they had nothing against this being government mandated as opposed to decided by the Google CEO, despite what they said before. They just want a reasonable time for Google to add the sites that the cops tell them to add to the blocking list.
For some reason, their slippery slope argument about this mandated blocking risking to be no longer limited to phishing and malware seems to vanish as soon as Google’s safebrowsing lists are used for the blocking. I must have missed a piece of their argumentation. Ah, yes, maybe. Google and Microsoft are in USA. The enemies of glorious USA have no say on what safebrowsing and smartscreen block. Only USA and friends do. And they are not nefarious. I think that’s how that Mozilla post could be summarized in one sentence.
Then they also talk about public criteria, judicial appeals and so on, which is the same words they used in their previous campaign to ban so-called disinformation from the internet. The good guys had talked, don’t worry all will be fine, with safeguards and all. The end result that has since then been observed was instead massive, abusive, arbitrary bans to please the Pentagon, including by Mozilla itself as exemplified in the few links above. And the deadly lies of the french billionaire press on the Firefox home page.
@Anonymous/ Iron Heart
TLDR
“US government on that list. The worst record as a source of blood, oppression and human misery in all its forms”
Talking about troll factories, the day after writing that I got some funny guy with a van painted as a blood donation one parked under my windows today screaming nazi shit pretending he’s just talking in the phone. Years of that daily. Ordinary day in France for “nefarious soviet oligarchy guys”.
And no, Putin is not a communist and there was no such thing as a Soviet empire.
@Anonymous,
I don’t think this is solely aimed at France since there’s an EU directive in place to ban RT from broadcasting its Russian propaganda over the airwaves: https://www.consilium.europa.eu/en/press/press-releases/2022/03/02/eu-imposes-sanctions-on-state-owned-outlets-rt-russia-today-and-sputnik-s-broadcasting-in-the-eu/
On the subject of goverments blocking certain addons, it depends on what purpose they serve. If they’re related to Russian troll factories, then all well and good. After all, Putin can’t be considered to be a benefactor to anyone except his own oligarchs who support him financially regardless of whether his aims are the recreation of the Soviet Empire or some other nefarious project he has in mind.
Wow, not telling the users why Firefox is not allowing extensions to run on some sites, or which sites and which extensions are not allowed? That’s super creepy behavior. This is another example of why you really can’t trust Mozilla, and another reason not to use the default Firefox. I’m assuming that the Arkenfox user.js and Librewolf and Mullvad browser will all disable this config option, or hopefully find a way not to build it into the browser at all.
It’s interesting if the current commotion in France has caused a rushed decision, OR it’s just a great opportunity to sneak a censorship tool into their traffic. I think the two events are related.
@Iron Heart–“According to the Electronic Frontier Foundation, this type of blocking and filtering of the global Internet constitutes a violation of article 19 of the Universal Declaration of Human Rights which grants everyone the right ‘to seek, receive and impart, regardless of frontiers, information and ideas by any means of expression.”
Can’t say France is much of a leader for global initiatives–seems the government would expel all immigrants if it could [and have a “blocklist” pages and pages long–mostly Islamic sites, which the government loathes, dreads and fears].
Or, if that won’t work, it will find other ways of eliminating the “undesirables” that pollute the French “white” blood. I think point-blank shooting of citizens is a “violation” of Human Rights. Macron is a “puppet” for an alien culture and form of government that is far removed from original French Ideals.
The US is no model, either.
https://www.wsj.com/articles/the-french-riots-and-the-broader-european-underclass-paris-macron-police-shooting-killing-21019f0b
@VioletMoon,
What I find so distasteful about that is a far right activist setting up a GoFundMe page with a target sum of €50,000 to support the family of the police officer who shot the kid for a meer driving offence and pledges exceeding €1 million being achieved at virtually a flick of a switch.
In the meantime, a similar GFM page for the mother of the victim barely reaching €200,000.
That portends a bad outcome for Macron at the next French election with Marine Le Pen gaining the presidency and subsequently pussy-footing up to Putin with all that entails for the future of France.
@TelV
Do you know that Israel citizens are afraid already in Europe of rising Islamic anti-semitidm or that Islamists feel right now they already have the upper hand in France?
You believe an Islamic France will respect the L*/Non-Binary community? I guarantee you – that it will not.
Better be careful what you support!
@Sajadi
“You believe an Islamic France will respect the L*/Non-Binary community? I guarantee you – that it will not.”
Why are you promoting wokeness? Woke liberals like yourself are the problem. Stop spreading your woke mind virus.
@TelV All that would not have happened if France would not have allowed mass migration. That is the wrong way. Same as Open borders are false.
The more non European culture compatible migrants are incoming, their number rising, the more they demand from the guest country. Logical result is once they are the majority, that Shariah is implemented.
All this mess in Europe and in the US is only the fault of leftists who are unwilling to realize and understand that danger.
France is already a war zone, it is impossible for the police to just have a relaxed attitude. They too are living constantly with the danger to be attacked and killed. Anyway, everyone who will reverse course…. all Conservative parties and also Le Pen in France – i see as the good guys.
Leftist migration dreams will only end in Europe and the US being ruined. That is a fact, and not bigotry or racism.
Ah yes ghacks, come for the tech news, stay for the xenophobia.
*proposed