From Mozilla Hacks ยท 18 stories
Firefox 148 Launches Sanitizer API for Enhanced XSS Protection
Firefox 148 introduces the Sanitizer API, allowing developers to sanitize untrusted HTML with the setHTML() method, improving security against XSS attacks. This API provides a standardized way to prevent vulnerabilities that have historically plagued the web, positioning Firefox as a leader in web safety enhancements.
Firefox Implements CRLite for Secure Certificate Revocation Checking
Firefox has introduced CRLite, allowing private and efficient certificate revocation checking, marking it the first browser to do so. This change enhances security by ensuring that revoked certificates, which pose security risks, are identified accurately without revealing user browsing activity.
New Proposal for Anonymous Web Credentials Addresses Bot and Privacy Conflicts
The proposal introduces anonymous credentials to balance user privacy with bot detection challenges on websites. This aims to reduce user friction while maintaining effective anti-bot measures, addressing both user and site operator concerns.
Firefox 151 Introduces Web Serial API Support for Direct Device Connectivity
Firefox 151 adds support for the Web Serial API, enabling direct communication between web applications and compatible serial devices. This enhancement simplifies the development and interaction process for hardware projects among hobbyists and developers.
Mozilla Reports Improved Bug Detection in Firefox Using AI Models
Mozilla has utilized Claude Mythos Preview and AI models to identify and rectify a high volume of latent security bugs in Firefox. This enhancement of AI capabilities has drastically reduced false positives and bolstered the browser's defenses against attacks.
New WAICT Standard Enhances Web Security Against Malicious Servers
The Web Application Integrity, Consistency and Transparency (WAICT) standard aims to strengthen security for web applications by ensuring code integrity and transparency. This is essential as traditional trust models can be compromised by malicious servers, especially in applications handling sensitive data.
Mozilla Releases Firefox Beta .rpm Package for Linux Distributions
Mozilla has launched a Firefox Beta package for RPM-based Linux distributions, allowing for easier installation and updates via package managers. This improves performance and security features while enabling users to test upcoming Firefox versions more conveniently.
Interop 2025 Launched to Improve Web Browser Compatibility
The Interop Project has launched Interop 2025 focusing on 19 areas to enhance browser compatibility. The initiative, involving major companies like Apple, Google, and Mozilla, follows a successful 2024 with improved test pass rates. Interop 2025 aims to further unify browser behavior, minimizing developer frustration.
Firefox 138 Introduces Alternative to DLL Injection for Enterprise DLP
Firefox version 138 will provide an alternative to DLL injection for Data Loss Prevention (DLP) in enterprise settings. This change aims to improve stability by eliminating common issues associated with third-party DLLs that can lead to crashes and security bypasses.
Mozilla and Filament Launch Uniffi for React Native, Enabling Rust Integration
Mozilla and Filament have launched Uniffi for React Native, a tool that allows developers to build Turbo Modules in Rust. This enables a single implementation of core app logic for cross-platform mobile applications, enhancing performance and reducing code duplication.
Mozilla's Llamafile v0.8.14 Boosts AI Model Performance and Usability
Mozilla's Llamafile v0.8.14 includes updates that enhance performance, usability, and model compatibility. Notable changes feature support for the latest open models, performance upgrades, and a new chat command line interface. These updates facilitate easier and faster use of AI applications on everyday hardware.
0Din Launches AI Bug Bounty Program to Enhance Security
0Din has launched a bug bounty program targeting vulnerabilities in generative AI systems. This initiative involves security researchers and developers in identifying and mitigating threats to ensure AI safety and integrity.
Puppeteer Version 23 Adds Official Support for Firefox
Puppeteer version 23 introduces first-class support for Firefox, allowing users to run automation tests on both Chrome and Firefox. This integration is based on the WebDriver BiDi protocol, enhancing cross-browser compatibility and user experience.
Firefox Enhances IPC Fuzzing Techniques for Improved Security
Firefox introduces enhanced fuzzing methods for testing Inter-Process Communication (IPC) interfaces. This innovation aims to bolster security by identifying vulnerabilities that could allow privilege escalation attacks.
Mozilla Builders program supports sqlite-vec for Local AI applications
Mozilla's Builders program has announced sqlite-vec, a project to enable vector search in SQLite databases for Local AI applications. This integration aims to enhance privacy and accessibility in AI development by facilitating on-device functionalities.
Firefox Nightly Introduces Experimental Alt Text Generation Using On-Device AI
Firefox 130 will include a new feature to automatically generate alt text for images using a private on-device AI model. This capability aims to improve accessibility for users with screen readers, addressing the widespread issue of missing alt text on the web.
Firefox Rewrites Crash Reporter in Rust for Improved Reliability
Firefox has initiated a rewrite of its crash reporter using Rust to enhance reliability and maintainability. This change addresses past difficulties in improving the existing codebase and aims to provide better insights into crash reports, which are critical for reducing overall crash rates.
WebAssembly's Integration Challenges Highlight Its Second-Class Status on the Web
Despite significant advancements since its launch in 2017, WebAssembly remains a second-class language on the web. Limited integration with existing web platforms hampers developer experience and wider adoption, as developers often prefer to use JavaScript for its simplicity.