Master password in Firefox or Thunderbird? Do not bother!
Master password in Firefox or Thunderbird? Do not bother! There is a weakness common to any software letting you protect a piece of data with a password: how does that password translate into an encryption key? If that conversion is a fast one, then you better don’t expect the encryption to hold. Somebody who gets hold of that encrypted data will try to guess the password you used to protect it. A
On Web Extensions shortcomings and their impact on add-on security
On Web Extensions shortcomings and their impact on add-on security Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was running within the Web Extensions sandbox, meaning that it didn’t have full privileges like regular Firefox code. This code was also well-designe
Revisiting permission prompt for Firefox extensions
Almost exactly a year ago I wrote a blog post explaining how permission prompts are a particularly problematic area for a functioning extension ecosystem. While at this point it was already clear that Firefox would show some kind of permission prompt, I hoped that Mozilla would put more thought into it than Chrome did. Unfortunately, this didn’t quite happen. In fact, as I now experienced, the per
Why Mozilla shouldn’t copy Chrome’s permission prompt for extensions
Why Mozilla shouldn’t copy Chrome’s permission prompt for extensions As Mozilla’s Web Extensions project is getting closer towards being usable, quite a few people seem to expect some variant of Chrome’s permission prompt to be implemented in Firefox. So instead of just asking you whether you want to trust an add-on Firefox should list exactly what kind of permissions an add-on needs. So users wil
Mozilla: What constitutes “open source”?
I became a Mozillian more than twelve years ago. I’m not sure whether the term “Mozillian” was even being used back then, I definitely didn’t hear it. Also, I didn’t actually realize what happened — to me it was simply a fascinating piece of software, one that allowed me to do a lot more than merely consume it passively. I implemented changes to scratch my own itch, yet these changes had an enormo
Using WebExtensions APIs in a “classic” extension
So WebExtensions are the great new way to build Firefox extensions, and soon everybody creating a new extension should be using that over everything else. But what about all the people who already have extensions? How can one be expected to migrate a large extension to WebExtensions and still keep it working? Chances are that you will first spend tons of time rewriting your code, and then even mor
Can Mozilla be trusted with privacy?
A year ago I would have certainly answered the question in the title with “yes.” After all, who else if not Mozilla? Mozilla has been living the privacy principles which we took for the Adblock Plus project and called our own. “Limited data” is particularly something that is very hard to implement and defend against the argument of making informed decisions. But maybe I’ve simply been a Mozilla co
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
The ticking time bomb: Fake ad blockers in Chrome Web Store
The Firefox Accounts authentication zoo
Can Chrome Sync or Firefox Sync be trusted with sensitive data?
Taking a break from Adblock Plus development
Is undetectable ad blocking possible?
Adventures porting Easy Passwords to Chrome and back to Firefox
Security considerations for password generators
Introducing Easy Passwords: the new best way to juggle all those passwords