Mozilla Firefox Browser Stable Version Releases

Yes you are right. Using DoH is just one step in protecting your browsing data. This needs to be used in conjunction with HTTPS or better yet, a VPN, to provide complete protection.

By not using your ISP's DNS resolver and encrypting your DNS queries will protect you to a certain degree, but since your ISP provides you with internet connection, they will still know which website you are connected to.

Using DoH and HTTPS will make it very hard for the ISP to know what you are doing on the connected website.

Using a DoH with a VPN (if the VPN does not have its own DNS) will completely protect your browsing traffic from your ISP.

 

Encrypted DNS doesn't prevent your ISP from seeing your browsing activity, as the domain your visiting still leaks via SNI and OCSP (both of which are generally done through HTTP, not HTTPS).

 

Yes, you are right. It is just a step.

Here in US a lot of the time your ISP contracts with local vendors to offer internet connection. The back-end servers are owned by the ISP, and the vendors do not have access to it, but customer traffic still passes over the vendor's equipment. If you do not use DoH, the vendors will be able to see the websites you are connected to and they are legally allowed to sell this data to local advertisers. With DoH they will have to make a deal with the ISP to get access to this data.

So DoH is helpful, it just does not make your traffic completely invisible.

 

New hidden "Add-ons Restricted Domains" system extension being pushed into Firefox.
https://support.mozilla.org/kb/addons-restricted-domains.

Current value:

Code:

accounts-static.cdn.mozilla.net,accounts.firefox.com,addons.cdn.mozilla.net,addons.mozilla.org,api.accounts.firefox.com,content.cdn.mozilla.net,discovery.addons.mozilla.org,install.mozilla.org,oauth.accounts.firefox.com,profile.accounts.firefox.com,sync.services.mozilla.com,autoatendimento.bb.com.br,ibpf.sicredi.com.br,ibpj.sicredi.com.br,internetbanking.caixa.gov.br,www.ib12.bradesco.com.br,www2.bancobrasil.com.br

Some Brazilian sites in there... Why?

 

followed again by some stupid comments.

https://support.mozilla.org/kb/addons-restricted-domains
mozilla itself is using CSP to prevent security issues on their sites, but mozilla cannot protect other important pages where CSP is not used and thus vulnerable or heavy modifying extensions can change experience.

banking sites? for reason? at least i do not understand why mozilla sites are listed, as written those are secure with CSP (no addon will work for security reason)
and this is pretty independent from telemetry.
and as written user can change "extensions.webextensions.restrictedDomains", those are by default, however visited or not.

knowing, not assuming!

 

Indeed. the comment from 'billdietrich1' is rather stupid. That's why it's already downvoted.

I saw that, but what is the point. Then you'll eventually have to add numerous banking/gov. sites, etc.

B.t.w., I saw this new pref 'extensions.quarantinedDomains.list' landed in Firefox 115.

 

hint: that switch is present for now 5 years (and ofc working) maybe the extension extends or tighten its functionality.
for
'extensions.quarantinedDomains.list'
https://firefox-source-docs.mozilla.../addon-manager/AMRemoteSettings-overview.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1832791
https://searchfox.org/mozilla-central/source/modules/libpref/init/all.js?from=all.js&offset=200

Code:

// Extensions are prevented from accessing Quarantined Domains by default.
pref("extensions.quarantinedDomains.enabled", true);
pref("extensions.quarantinedDomains.list", "");

the list current nightly contains only mozilla domains, no BR.

 

Huh?
Do you mean 'extensions.webextensions.restrictedDomains'? I'm familiar with that one.

Both other prefs are absent in my Firefox 114 (Linux version).
'extensions.quarantinedDomains.list' in my Firefox 115 and 116 are empty and 'extensions.webextensions.restrictedDomains' contain no .com.br domains there (yet?).

Code:

 Status:
RESOLVED FIXED
Milestone:
115 Branch

 

It gets even weirder.
My Firefox just updated to 114.0.1 and the .com.br domains are gone from 'extensions.webextensions.restrictedDomains'.
The system extension is gone as well.

 

Thanks.
Same here, Firefox 114.0.1 snap (Kubuntu 22.04).

 

I spoke to soon.
Both the system extension and the .com.br domains came back after some time...

Why is there nothing mentioned about this in the release notes of 114?

 

Is that after a system reboot? I haven't done that, yet.
On my two Kubuntu 22.04 with Firefox 114.0.1 snap, with no system reboot yet, it's still gone.

 

No.

 

To quote /u/jscher2000 on Reddit:

I have the extension there.

These sites have no Content Security Policy.
Check here: https://www.ipvoid.com/http-security-headers-analyzer/

Looks like this is some kind of a test, because there must be numerous similar unsafe sites.

 

if you havent disabled normandy then its part of mozilla to insert microfixes, you can find some of them in about:support as extension starting with bugfix... - thats "normandy" and regular users should not change this.

the domains do not need to use CSP, i guess that mozilla detects users beeing eg in BR and normandy sends suitable settings, not to break such sensible domains with extensions.
and thats also about https://support.mozilla.org/kb/addons-restricted-domains where mozilla try to explain this circumstance based on their domain. for mozilla it is important that its pages are visited in a secure state and not altered by malicious extensions. eg sync account.

 

That's the thing though.
I have disabled Normandy long time ago (maybe unwise, but I disliked the fact that Mozilla could change things without my knowledge...) and still this happens.
There is nothing with "bugfix" in 'about:support'.

So, instead of a micro fix, this seems just part of the last update, not mentioned in the changelog.

In that case they detected it wrong. I'm in The Netherlands and other settings should apply.
The Brazilian sites are hardcoded in the pushed extension.

From the support article:

I wonder how long this list of "particular websites" will be in the future...

 

my bad, should look like this (was another users profile used since v49)

Code:

Externe Funktionen
------------------

bug-1680034-rollout-shirley-feature-roll-out-81-to-83-release-81-83: active
bug-1693420-rollout-sponsored-top-sites-rollout-release-84-100: active
bug-1712189-rollout-keep-firefox-up-to-date-even-when-it-is-not-ru-release-90-94: active
bug-1766468-rollout-win32k-rollout-release-100-101: active
bug-1766618-rollout-disable-websocket-over-http2-release-91-100: active
bug-1802286-rollout-fix-webcompat-shim-breakage-release-103-107: active
rollout-increasing-normandy-skew-out-changes-from-15-m-release-73-75-bug-1616898: active
rollout-monitor-v2-1505837: active
rollout-webrender-release-67-1541488: active
Firefox Accounts toolbar button badge: (control)
Next generation accessibility engine powering screen readers: (treatment-a)
Use additional tiles for Sponsored Shortcuts: (control)

those entries are normandy. and there is no conspiracy about, just follow the bugzilla numbers.

its hard to believe, but mozilla is neither nor spying nor do they collect personal or sensible data. the very little firefox send is not sold like avast did.
ofc everybody is free to disable telemetry but this would mean: no normandy, no microfixes, could go more bad. mozilla changed few prefs in the past with normandy because firefox was malfunctioning in that part.

then changelog is basic and do not contain each micropatch, you have to follow other pages and ofc bugzilla.

best example: extensions.webextensions.restrictedDomains
this entry exist for years, but why bother now when its content changes for security reason?

maybe, but thats nothing to concern about or worry, even not when you dont visit such pages.

its like the reddit comment - too many people think about things they never had understood nor are they willing to think about. "conspiracy" is the buzz word, this will eliminate any discussion immediately and for every, like the n-word. such trolls will find its clappers but never are helpful.

 

I've followed your advice and turned Normandy back on.
(I'll still keep an eye on it though)

 

its an experience, as you can see in the code box this wont happen for each final build. to see if it concerns your current version, shut down firefox, open the profile and search for such names, delete the XPI, restart firefox and wait, if the deleted extension will re-appear. if not than its no longer suitable for the used build and futile. in that case it wont be listed any longer in about:support.