Firefox Shield study to import Windows root certificates

Mozilla wants to evaluate the impact that the importing of Windows root certificates has on Firefox.
Firefox uses its own certificate store when it validates certificates of site connections by default. While that is beneficial in regards to control that Mozilla has over certificates, it recently introduces an issue that caused connections to secure sites to fail in the browser.
Mozilla had to halt the distribution of Firefox 65 to address the issue. The issue was caused by third-party antivirus engines that installed their own certificates into the Firefox certificate store to enable SSL scanning.
Firefox users would receive “your connection is not secure” and “SEC_ERROR_UNKNOWN_ISSUER” connection errors if affected by the issue.

Users could disable HTTPS scanning in the antivirus solution of choice or flip a preference in Firefox that would allow the browser to import certificates from the Windows Certificate store to mitigate the issue.
Mozilla discovered that the issue could have been prevented if Firefox would use certificates from the Windows Certificate store.
Mozilla wants to find out if using certificates from the Windows Certificate store has any negative effects on Firefox. The assumption is that there won’t be any ill-effects; if that is the case, Firefox will import Windows root certificates by default going forward.
The security team confirmed that having the preference security.enterprise_roots.enabled set to true would have fixed all of these issues without known regressions and we want to validate that in the presence of an AV, enabling this preference would have a positive impact on retention and engagement
The parameters of the Shield study:

Version: Firefox 66
Platform: Windows 8.1 and Windows 10.
Other: Antivirus installed that is not Windows Defender.

A test group and a control group is selected. The test group will have the preference security.enterprise_roots.enabled set to True while the control group won’t. The default value of the preference is false.
The preference defines whether Firefox will use certificates from the Windows Certificate store (True) or not (False). The parameter has been added in Firefox 49 with a default value of False.
Telemetry will be collected to determine the impact of the preference change. Firefox users who don’t want certificates from Windows to be imported can set the parameter to False to prevent that from happening.
Now You: Did you run into SSL connection issues recently? (via Bleeping Computer)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Firefox Shield study to import Windows root certificates appeared first on gHacks Technology News.
Source: ghacks.net/firefox

Display hidden results on Google Search with Google Unlocked

Google Unlocked is a browser extension for Google Chrome and Mozilla Firefox that displays hidden results on Google Search automatically.
Google hides results from Google Search when it receives DMCA complaints. The company does not just remove results with DMCA complaints from Google Search but adds information to search results pages to inform users of Google Search about it.
Users may follow these links to look up information and the links that Google removed from its search results pages.
Google Unlocked

Google Unlocked automates the process. The browser extension displays removed links at the end of the search results page so that you may access these directly.
The extension lists links that Google removed because it received complaints. The links lack titles which makes it difficult sometimes to find out more about the page without visiting it. A click on a link opens the result directly in the browser of choice. Note that some of these links may no longer work.
Google Unlocked is an open source extension that is available on the Chrome Web Store and Mozilla AMO. It should work in other Chromium-based and Firefox-based browsers such as Opera or Vivaldi (not tested).
The extension parses the pages the DMCA notices get published on and adds any link that it finds on the page to the search results. You can check out the source code to find out more about the process.
Who is this for?
Google Unlocked restores unfiltered Google results, at least when it comes to DCMA-based changes to the results. Many of the filtered results point to sites where users may download files or stream media, but some may also point to pages removed in error from the results.
Some may find the lack of page titles or options to open a cached copy of a page problematic; this is not the fault of the extension, however, as it can only return what is provided on the DCMA notices web pages.
It is worth a try if you find yourself clicking through to the notices page regularly or just want unfiltered results when it comes to DCMA notices and removed results.
Now You: How do you handle search result pages with removed links?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Display hidden results on Google Search with Google Unlocked appeared first on gHacks Technology News.
Source: ghacks.net/firefox

Google is working on an Extension Icon for Chrome

Recent versions of Google Chrome Canary include a new experimental feature that adds an extension icon to the main Chrome toolbar.
Most extensions for Google Chrome add an icon to the main toolbar. The icon supports default options, e.g. hiding the extension icon or uninstalling the extension, but often also functionality provided by the extension.
I prefer how Vivaldi, another Chromium-based browser, gives you more control over extension icons.
Chrome has a single toolbar only for navigational icons, the site address, menu, profile icon, and extension icons.
The new Extension icon that Google is working on may be a solution for extension icons taking up too much place on Google Chrome’s toolbar.
The functionality provided at this time is rather limited, on the other hand. It seems that Google is still working on the integration of the feature in Chrome.
Extensions Toolbar Menu

The feature is hidden behind an experimental flag right now. You need to run a recent version of Chrome Canary to enable it.
Note: Experimental features may come and go without announcement by Google. It is possible that a feature will land in Chrome Stable directly, that it remains hidden by a flag, or that it is removed at one point.
Here is how that is done:

Load chrome://flags/#extensions-toolbar-menu in the Chrome address bar to open the Experiments page in Chrome.
Toggle the status of the Extensions Toolbar Menu experiment to Enabled. (Set it to Default or Disabled to return to the status quo).
Restart Google Chrome.

You should see a new extension icon on the Chrome toolbar. A click on the icon displays all active extensions provided that you are not on an internal page, those beginning with chrome://, or another restricted page.
The functionality is limited to that right now. It would not make a whole lot of sense to add an icon to Chrome that would just display a list of installed extensions in the main interface.
More likely is that some functionality is not implemented yet. Google could integrate extension management functionality to the icon, e.g. to use functionality it exposes in its menu and options to hide or uninstall the extension.
Hiding extension icons has no effect on the listing in the extension menu. Chrome users could use the feature to hide some of the icons and access the functionality they provide from the extension menu instead.
The Extension Icon is just one of the new features that Google landed in Chrome recently. One of the best new features added to Chrome recently is Chrome’s extension activity monitor.
Now You: What is your take on the feature? What would you like to see?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Google is working on an Extension Icon for Chrome appeared first on gHacks Technology News.
Source: ghacks.net/chrome

Mozilla releases security updates Firefox 66.0.1 and 60.6.1 ESR

Mozilla has just released Firefox 66.0.1 and Firefox 60.6.1 ESR to the public. The two new versions of Firefox patch critical security vulnerabilities in the web browser.
Firefox users should receive the updates automatically if automatic updates is turned on in the browser (which it is by default). The new versions are also available as standalone downloads from Mozilla’s official website.
Firefox users may select Menu > Help > About Firefox to run a manual check for updates to download the new version immediately. It takes a while as Firefox does not run real-time update checks.
Firefox 66.0.1 and Firefox 60.6.1 ESR

Mozilla patched two critical security vulnerabilities in Firefox 66.0.1. and Firefox 60.6.1 ESR (Extended Support Release).
The vulnerabilities are listed on the official Firefox Security Advisories website:
CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
Additional information is not provided at this time, the linked bug listings are blocked from the public.
The two researchers that discovered the vulnerabilities are Richard Zhu and Amat Cama, and it is probably no coincidence that the researchers attacked Firefox successful in this year’s Pwn2Own competition.
The security researchers managed to use an exploit in Firefox to execute code at the system level if a user visited a specifically prepared website.
They leveraged a JIT bug in the browser, then used an out-of-bounds write in the Windows kernel to effectively take over the system. They were able to execute code at SYSTEM level just by using Firefox to visit their specially crafted website.
The competition saw another successful targeting Firefox. Niklas Baumstark exploited a JIT bug in Firefox to escape the sandbox which would allow an attacker to run code on the device with the same permissions as the signed-in user.
He used a JIT bug in the browser followed by a logic bug to escape the sandbox. In a real-world scenario, an attacker could use this to run their code on a target system at the level of the logged-on user.
It is recommended to update to the new patched versions of Firefox to protect the browser and underlying system from attacks targeting these vulnerabilities.
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Mozilla releases security updates Firefox 66.0.1 and 60.6.1 ESR appeared first on gHacks Technology News.
Source: ghacks.net/firefox

Firefox 66 has PowerPoint and Word bugs (Fix available)

Firefox users who upgraded the web browser to the recently released version 66 may experience text vanishing issues when they use the online version of Microsoft PowerPoint.
A new bug report on Bugzilla suggests that users cannot add any text permanently to PowerPoint as it vanishes immediately after typing it. Mozilla decided to throttle the distribution of Firefox 66 in the meantime until the bug is resolved.
I confirmed the issue using Firefox 66 and the PowerPoint application of Office Online. While you can type text just like you could before, text that you typed would vanish into thin air immediately after hitting the Return key or switching to another element. The sheet previews of PowerPoint don’t show the text either.
A quick test of Word and Excel online showed that these two applications worked fine, and that the issue is limited to PowerPoint only (and probably the reason why it was not detected earlier).
Two related bugs seem to affect Word online, however:

After selecting text using Ctrl-A, it is not possible to add or work with text as the focus is moved out of the application window. Using Ctrl-C to copy all does not work for instance.
Double-clicking on text prevents text input. You cannot replace the text.

Some users suggest that the issue affects newer versions of Firefox as well.
Here is a short video that I recorded that demonstrates the issue:

The issue affects Firefox 66 or newer users who use PowerPoint online. Mozilla is pushing out a patch already that modifies a preference in the Firefox web browser.
Firefox users who are affected by the issue may use the following workaround if that does not work or has not been done yet:

Load about:config in the Firefox address bar.
Search for dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.
Set the value to powerpoint.officeapps.live.com.
If you want to fix the Word issue as well, append word-edit.officeapps.live.com to the value and separate the two host names with a “,”. The value should be powerpoint.officeapps.live.com, word-edit.officeapps.live.com afterward.

A restart of the PowerPoint application should be enough to resolve the issue but if that does not work, try restarting the web browser to resolve it for good.

You should be able to type text without the typed text vanishing after you stop doing so.
Now You: did you notice these issues or others in Firefox 66 or newer? (via Günther Born, Techdows)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Firefox 66 has PowerPoint and Word bugs (Fix available) appeared first on gHacks Technology News.
Source: ghacks.net/firefox

A look at Chrome's new Focus this Tab feature

Focus Mode is a new experimental feature of Google’s Chrome web browser. Google added a Focus Mode flag to Chrome Canary in February 2019 but enabling it at that time did not do anything as the underlying functionality was not fully implemented back then.
The description did not reveal much, as it simply stated that enabling the flag would allow users to switch to Focus Mode.
Recent versions of Google Chrome Canary, the cutting edge development version of Google Chrome, support Focus Mode functionality. It is unclear whether the feature is fully implemented already or if it is only partially available.
Focus Mode in Chrome

It is still necessary at this point to enable Focus Mode in Chrome before the feature becomes available. Note that you do need to run Chrome Canary at this point to test it.

Make sure you run Google Chrome Canary and that the browser is up to date.
Load chrome://flags/#focus-mode.
Set the flag to Enabled.
Restart Google Chrome.

A right-click on a tab displays the new “Focus this tab” option after the restart. What it does? It loads the web page in a new browser window that lacks most interface elements.

Only the title bar and scroll bars remain; all other interface elements, the address bar, extension icons, Chrome’s menu, or bookmarks toolbar are hidden in that window.
The window spawns with its own icon in the taskbar of the operating system, and the icon that it the site’s favicon.
A right-click on the title bar displays more options than usually. You find options to go back or forward, reload the page, zoom in or out, or search for content on the page.
There is no option to bring the page displayed in the focus window back to the Chrome window it was launched from.
Closing words
Focus Mode displays a single web page in a headless window. Extensions continue to work in Focus Mode but you may get less control as you cannot interact with the extension icon while in that mode.
There is also no (obvious) option to access the menu to make configuration changes, or switch to a different URL that is not linked on the page that is active.
Focus Mode removes some distractions from Chrome and may display more content of a web page in the window due to the reduced browser interface. Whether that is sufficient for it to be used instead of fullscreen mode remains to be seen.
It is possible that Focus Mode is still in active development and that additional functionality will be added to the mode in future builds.
Now You: What is your take on Focus Mode?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post A look at Chrome's new Focus this Tab feature appeared first on gHacks Technology News.
Source: ghacks.net/chrome

Google adds Sensor permission controls to Chrome

Google added “Motion and light sensors” permission controls to Chrome Canary recently so that users of the web browser may control the functionality.
Browser makers like Mozilla or Google add new functionality to their browsers regularly. New APIs, the Sensor API is just one example, add new functionality that sites and applications may make use of.
APIs may expose data to sites and services, and may even give sites control over functionality. Web browsers like Firefox or Chrome support permissions that give users control over these features.
Sensor permissions are available in Chrome Canary only right now; the Android version and the desktop version supports the option.
Canary is a development version of Google Chrome; it takes months usually before features land in stable versions of the Chrome browser.

Google added global and per-site Sensor access controls to the Chrome web browser which users of the web browser may use to control access to the Sensor API in the browser.
Access to Sensors is enabled by default.

You may disable Sensors globally or on a per-site basis if you prefer that. Here is how you do that:

Load chrome://settings/content/sensors in the Chrome address bar. Doing so opens the Sensor permissions in the browser.
Toggle “Allow sites to use motion and light sensors” to enable or disable Sensors globally.
Sites that you added to the allow or block list are displayed there as well.

Tip: You can manage permissions for other APIs and features by loading chrome://settings/content/. Most, e.g Microphone or Camera are set to “ask” which means that Chrome displays a prompt whenever it detects attempts to access these APIs.

The option is also available for individual sites. Just activate the icon that Chrome places in front of the web address to get started.
Chrome may display a direct option to allow or block motion or light sensors on a specific site. You may also access the Site settings by activating that link.
These display all permissions that Chrome supports. Changes that you may to the site permissions are valid only for the selected site. You may use the options to override global permissions, e.g. to allow a feature on a site or to block it.

Closing Words
The option to block Sensor API access landed in Chrome Canary 75 and Google has not yet revealed when the feature will land in the stable version. Chrome 75 Stable could be that target, a release that is about 2-3 months away.
Now You: How do you handle site permissions in Chrome or other browsers? (via Genbeta / Techdows)
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Google adds Sensor permission controls to Chrome appeared first on gHacks Technology News.
Source: ghacks.net/chrome

A look at BleachBit 2.2

BleachBit is a long standing free alternative to CCleaner and other commercial system cleaners. The open source program was updated to version 2.2 recently. That, and the fact that some people don’t like the direction that CCleaner development has taken since the Avast acquisition of Piriform, justifies another look at the program.
First the basics: we followed BleachBit’s development ever since our first two reviews here on Ghacks in 2010. Jack Wallen reviewed BleachBit for Linux, and I took a look at the Windows version of the application in the same year. The developer released BleachBit 2.0 in 2018, the last major update of the software application.
BleachBit is a system cleaner that supports Winapp2.ini files to improve its cleaning, and also CCEnhancer which does the same thing basically.

You can download a portable version or installer from the BleachBit website to get started. The application itself is easy to use but requires some level of expertise when it comes to the choices that it presents to you.
BleachBit displays the available clean locations sorted into groups for easier access. Each has a checkmark associated with it to either check individual items or entire groups. BleachBit displays descriptions for each item when you select it. While it does not provide a detailed description or information, it should give a rough understanding.
A click on preview starts a dry run that scans all selected areas without making any changes to the application. The process adds information to the size column so that you know how much space you will free up when you run the clean operation.
The log on the right side of the interface displays all items that will get deleted or cleaned when you run the clean-up operation.
BleachBit supports other options: you can add custom locations to clean, add folders to the whitelist, or shred files or free space to remove traces.
BleachBit 2.2
BleachBit 2.2 comes with major improvements and features:

Additional programs to clean added, e.g. Waterfox, SmartFTP or aMule.
Cleaning improvements for Chrome, Firefox, and Chromium.
Support for Opera based on Chromium.
New -wipe-free-space command line option to remove traces from unused disk space.
Startup time improved.
Option to shred paths from Clipboard.

Closing Words
I like BleachBit: it is portable, open source, and does not nag you or try to sell you upgrades to professional versions. The program needs an interface update in my opinion to take it closer to CCleaner and make it more attractive to users who prefer that.
Now You: Which cleaner program, if any, do you use?
Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post A look at BleachBit 2.2 appeared first on gHacks Technology News.
Source: ghacks.net/software/

Paint.net 4.1.6: performance improvements and new options

Paint.net 4.1.6 was released earlier today. The new version of the image editor for Windows comes with performance improvements, new features, and several fixes.
Paint.net is my image editor of choice. I use different image editors, e.g. GIMP as well, but Paint.net offers the right functionality and performance for my use cases (mostly editing of screenshots or images before they are uploaded to the Internet).
The new version of the image editor was released on March 18, 2019 officially and is the first release of 2019. We reviewed the major release Paint.net 4.1 last year.
Users who run Paint.net already on their devices may select Preferences > Updates > Check Now to run a manual check for updates to get the update automatically.
New users and those who prefer manual updates can download it from the official project website. Microsoft Store versions of Paint.net get updated automatically as well.
Paint.net 4.1.6

Paint.net 4.1.6 comes with several new features; some focus on improving the application’s compatibility in high-res environments, another improves the save functionality significantly.
High-res icons were redone completely according to the changelog to support up to 400% scaling and to match the Microsoft Office style guidelines. Plugins get a new option to use a new class to make decisions “about DPI and scaling” easier.
Users who open and edit multiple images and photos in Paint.net regularly find a new useful Save All option under File to save changes of all images in one operation. You may also use the keyboard shortcut Ctrl-Alt-S to invoke the command if you prefer that.
Open Recent, an option that displays recently opened images in Paint.net displays ten entries now instead of eight. The menu won’t change its size if you move between monitors with different DPI settings.
Users who close Paint.net with many images open should notice that the application closes much faster in those scenarios thanks to improvements done to speed up the termination of the application.
What else is new or changed?

Image thumbnails react to horizontal mouse wheel or trackpad swiping.
Ctrl-Shift-F6 and Ctrl-Shift-F8 reset the floating window sizes for History and Layers.
Settings > Plugin Errors shows up even if there are no errors to distinguish between “all plugins loaded without errors” and “plugins still loading” states.
Prevented problematic plugins from affecting the “undo” system.
Fixed a crash issue.

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Paint.net 4.1.6: performance improvements and new options appeared first on gHacks Technology News.
Source: ghacks.net/software/

Firefox 66.0 Release Information

Firefox 66.0 will be released on March 19, 2019 to the Stable channel. The new Firefox version introduces new features such as sound autoplay blocking, a new storage format for extensions to improve performance, or support for the AV1 codec on Windows.
All versions of the web browser receive upgrades: Firefox Stable to version 66, Firefox Beta to version 67, Firefox Nightly to version 68, and Firefox ESR to 60.6.
Our release information guide offers detailed information. It covers major and minor changes, developer related changes, known issues, and security information.
Read up on the Firefox 65.0 release if you missed it.
Executive Summary

Firefox blocks autoplaying sound by default.
Support for AV1 codec on Windows and Windows Hello on Windows 10.
New extension storage format to improve performance and reduce memory usage.

Firefox 66.0 download and update

The distribution of Firefox 66 starts today. Firefox users should receive update notifications automatically when they run the web browser.
Those who don’t want to wait for the browser to pick up the update automatically, can run a manual update check or download the stable version from official sources to install it manually over the old version or anew.

Firefox Stable download
Firefox Beta download
Nightly download
Firefox ESR download
Firefox unbranded builds information

Firefox 66.0 Changes
Autoplaying audio is blocked by default

Mozilla Firefox 66 will block autoplaying (audible) sound on web pages that you visit. Mozilla plans to roll out the feature gradually starting with the release of Firefox 66.
Firefox users may whitelist sites to allow them to play autoplay media with sound.

You can enable or disable the feature, and manage exceptions in the following way:

Load about:preferences#privacy in the Firefox address bar.
Scroll down to the Permissions section.
Check or uncheck “Block websites from automatically playing sound” to enable or disable the feature.
A click on Exceptions gives you options to add sites to the list of exceptions to allow them to play sound automatically.

Extensions switched to a different storage type to improve performance

One of the major changes in Firefox 66 is a change in how extension’s store data in Firefox. The switch from JSON to IndexedDB should improve performance and reduce memory usage at the same time according to Mozilla.
Especially extensions that make “small changes to large structures”, e.g. content blockers, benefit from the change.
The migration happens automatically in the background, user interaction is not required.
Other changes

Support for AV1 codec is activated on Windows by default.
Windows Hello support on Windows 10.
Scroll anchoring support prevents content from jumping around while the page loads when the user scrolls during that time.
Certificate error pages have been redesigned to “be more useful” to users of the Firefox web browser.
New option to search all tabs from the tab overflow menu when too many tabs are open in Firefox to display all at once.
The number of content processes has been raised to 8 (from 4). The move should improve performance, reduce the crash rate, and increase memory.
Users may now override keyboard shortcuts that extensions support (and set) from about:addons. To do so, go to about:addons and select “Manage extension shortcuts” from the cogwheel menu on the page.
The Private Browsing window features a search field in Firefox 66.
Basic support for mac OS Touch Bar.
Pocket experiment to test different layouts and “more topical content”.
System title bar hidden by default under Gnome.

Firefox 66.0 known issues
None listed.
Developer Changes

Reduced memory usage when extensions load objects from storage into memory.
Scroll anchoring implemented.
DevTools Inspector may be used fully if the Debugger is paused.
Priority of setTimeout and setInterval lowered during page load to improve performance.

Firefox 66.0 for Android

Sound autoplay blocking functionality implemented in Firefox for Android.
Scroll anchoring support.
Files from external storage may be opened now.

Security updates / fixes
Security vulnerabilities and patches issues are revealed after the release. We will add a link once Mozilla publishes those.
Outlook
The next stable release is Firefox 67, scheduled to be released May 14, 2019.
Additional information / sources

Firefox 66 release notes
Firefox 66 Android release notes
Add-on compatibility for Firefox 66
Firefox 66 for Developers
Site compatibility for Firefox 66
Firefox Security Advisories
Firefox Release Schedule

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Firefox 66.0 Release Information appeared first on gHacks Technology News.
Source: ghacks.net/firefox