Mozilla Firefox

Note that browsers run HTML and JavaScript code. The most common type of code injection is JavaScript based:

 

No, they are talking about Javascript code injections.
In the larger perspective there are many types of code injection attacks. Most common is SQL injection, but it didn't affect browsers (probably). When somebody is typing commands into terminal i.e. bash interpreter there are possibilities to inject code. Binary code injection into process memory is just one type of code injection.

 

Hi Rasheed, the link you posted is for Firefox 56 and earlier versions. For Firefox 69.0.3, that article is old.

Since Firefox 63 came out in October 2018, you can not disable automatic updates via Options or about:config. Perhaps you can still disable the nagging or warnings about new updates which is what I guess you are talking about, that I don't know as I always maintain Automatic updates disabled. Perhaps you are right.

Bo

 

I would contend Chrome is still the most secure browser, because of its sandboxing technology and strict site isolation. However, it’s undoubtedly the most privacy-invasive browser, therefore trumping its security as only a secondary reason for choosing it over one such as Firefox, for example, or even another Chromium-based browser that doesn’t spy on its users.

 

Yes correct, it was the nagging that bothered me, this can still be disabled. But I'm using Firefox 63 and you can also still disable "automatic install" of updates, this is the most important to me.

 

Well, then it's boring to me. I would rather see them hardening Firefox against memory code injection. This is what they have already done with Chrome and Edge.

 

Yeah, I'll believe that when I see it. If you look at the list, Chrome didn't win because it failed 3 privacy options
- Lack of support for a master password mechanism (Chrome, IE, Edge)
- No option to block telemetry collection (Chrome, IE, Edge)
- Lack of organizational transparency (Chrome, IE, Edge)

Meanwhile, Firefox doesn't have strict site isolation yet.

 

2020 for Firefox and for Android not in 2020 - someone told me.
"fission" is only at its first steps.

 

You can set this in Firefox about:config

security.sandbox.content.level = 5

 

Hi Rasheed. Its very likely your Firefox 63 is the only Firefox 63 installation in the entire world in which you can disable automatic updates via Options or about:config.

Like I told you earlier, those Options were done away with in Firefox 63.

Thats why now, to disable Firefox from checking and installing updates automatically, you must use a policy.

Read the link below, specially the first line of the opening post.

http://forums.mozillazine.org/viewtopic.php?f=23&t=3041932

Bo

 

According to MajorGeeks, Firefox 70 has been released although you can't get it via the browser yet. You can use the link on MajorGeeks site:

https://www.majorgeeks.com/files/details/mozilla_firefox_70.html

which will eventually take you here

https://download-installer.cdn.mozilla.net/pub/firefox/releases/70.0/

where you can download either the 64-bit or 32-bit version of Firefox 70 in your preferred language.

 

According to their wiki, it should be available tomorrow -

 

Is FF 70 the version that defaults to "DNS over https" ?

 

Firefox auto-updated to v70 this morning ( 10-22-2019 )

 

That has already been default for a while, and does not offer anything similar to site isolation afaik.

 

It was there starting w/ver. 69.0.3. It defaults to Cloudflare servers but can be modified to whatever.

 

Thanks @itman for your reply

Yes, I understand that DNS over https (DOH) defaults to Cloudflare IF you choose to enable DOH.

My query was directed to whether or not DOH was enabled on all clients by default. Mozilla has been slowly rolling out DOH on a testing basis but has said that at some time soon DOH would be enabled by default on all clients.

Moz as now published release notes for FF 70 and DOH has not yet been enabled by default on all clients:

https://www.mozilla.org/en-US/firefox/70.0/releasenotes/

 

hi
i have just updated to 70 but seems slower than 69.0.3 , maybe it's adguard that slowes down
have you noticed a slow down with some adblock extensions?
tahnks

 

As far as I am aware of, it was enabled by default as of ver. 69.0.3. Prior to that, it was an optional setting.

 

Not enabled by default for me.

 

DoH was rolled out and enabled only for few US citizens to check out.
and you can modify its settings (trr)
https://wiki.mozilla.org/Trusted_Recursive_Resolver

 

hi
but does somebody upgrade to v70?

 

I am on ver. 70 and have no noticed any performance issues.

 

Hi @JRViejo
fixed with your link and advise
thanks!