Mozilla Firefox

Discussion in 'other software & services' started by Hadron, Aug 27, 2016.

  1. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    I thought I would create a generic Firefox thread as I wanted to ask a Firefox specific question.

    How can I selectively change a Notification setting for a particular website?
    For example: If I have allowed notifications on a website, then change my mind, where do I find that Firefox setting to change it for that site?
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,878
    Location:
    Australia
    Options > Content.
     
  3. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    Thanks mate. I'm getting blind in my old age. :geek:
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,878
    Location:
    Australia
    You're welcome. ;)
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Right click the webpage, Click View page info>Permissions.

    Bo
     
  6. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    I thought I would share a Mozilla Firefox about config Tweak.
    It annoys me.

     
    Last edited: Aug 27, 2016
  7. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    This is another one that annoys me.

     
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    ofc there is
    http://kb.mozillazine.org/About:config_entries

    - notification - which one? what for? firefox cant get website changes, use an extension instead for that.
    - disable signing - what for? not possible since v48. what extension you talk about?
    - not recommended to use outdated firefox versions, then stick with 45esr instead vulnerable v43
    - you can disable safe-browing in regular options!

    please ask more precisely and provide more details!
     
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    Firefox supports Notifications API:
    Which is just a different way of showing a locally available message to the user. Firefox also supports Push API (aka Push Notifications):
    Which is a way for webservers to send a message to the user even when their browser is fully closed and their device is powered off. The website sends the message to a Mozilla push server which stores it. Then when the user's browser is available the message is retrieved and displayed as a notification.

    Push Notifications have privacy implications which vary based on browser/provider. So if you are interested in that you should do some reading.

    FWIW, I read that Firefox uses the *same* permission to control *both* Notifications and Push Notifications. I haven't tested either feature myself.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,878
    Location:
    Australia
    Disable Push Notifications:

    About:Config > dom.webnotifications.enable > toggle to False.
     
  11. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    While we're on the topic of about:config, I find the about:config Button add-on very handy.
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    Is that sufficient? I ask because there are two prefs related to Web Notifications:

    dom.webnotifications.enabled
    dom.webnotifications.serviceworker.enabled

    and I'm inclined to think the first renders the Notifications API unavailable to web content and the second renders it unavailable to serviceworkers. IOW, if you want to nuke the Notifications API I think you'd want to make sure both are set to false.

    As for the Push API, it appears it can be used to push visible notifications to the user *and* it can be used to push other non-visible things to the user's browser. When creating a Push subscription you specify a userVisibleOnly boolean that communicates intent. I'm wondering if the dom.webnotifications.* prefs mentioned above are always enough to kill Push (including when userVisibleOnly=false). If the objective is to kill Push, the dom.push.enabled and dom.push.serverURL prefs look attractive.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,878
    Location:
    Australia
    This page says to change dom.push.enabled to false. I haven't tried that yet and I'm here with Microsoft Edge at the moment.

    I was getting annoyed at the MBAM forums and found these instructions and it worked for me.

    http://techdows.com/2015/12/disable-firefox-push-notifications.html

     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    Push notifications involve Notifications, Push, ServiceWorkers (about:serviceworkers), the site that sets things up and the scripts used, a WebSocket connection to Mozilla's push server, related permissions (Notifications and History), related prefs, even different behavior for HTTPS and HTTP. So there are multiple ways to break it, but they aren't identical in terms of consequences. They are breaking different pieces/aspects.

    In addition to making sure that everything you want blocked is properly blocked going forward, you may first have to familiarize yourself with and try to "undo" persistent changes that were made before you decided to block. If you previously subscribed to push notifications you've instructed a sender website/party to push messages to Mozilla so that Mozilla can push them to you. Hopefully, by triggering the unsubscribe process the sender will stop doing that *and* any local record of that subscription will also be removed. You may also want to get rid of the ServiceWorker if it wasn't removed. If you eliminate all push subscriptions I think you would also want to reset dom.push.userAgentID.
     
    Last edited: Aug 29, 2016
  15. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    Who else here uses Classic Theme Restorer?
    I suspect a few. :rolleyes:
     
  16. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    what do you expect from CTR?

    From my view to you - i would install less extensions to keep it simple.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
  18. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    omg
    users in an enterprise environment should never have rights to change anything important incl certs. that is admins job!
    but those are now able to handle system certs with mozilla.cfg

    but i admit this would make vendors from antivirus programs happy so they do not need longer to integrate some cert into firefox and can point out to the ability from firefox. great move mozilla to help those developing idiots which cannot handle the ssl check.
     
  19. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441

    I just hate the Australis interface. With CTR, I restore it the way it was and classic FF looks way better! They took a good thing and messed it up.
     
  20. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
    That's exactly how I see it.
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    I doubt that they could handle certificate store without admin privileges. Firefox is only following other browsers (IE and Chrome) which use windows certificate store. It means that certificate won't have to be installed twice (once for Firefox in their store and another one in Windows certificate store for other browsers). I hope that they will also include personal certificates in near future.
     
  22. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    thats what i understood that far. and you got my conclusion about that silly ssl check.
     
  24. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    https://mike.kaply.com/2016/09/01/upcoming-changes-to-root-certificates-in-firefox-on-windows/
    I can't tell whether said behavior will also be conditioned on security.enterprise_roots.enabled=true, but some of the wording I've seen makes me think that they are already thinking about making importation/acceptance of external certificates an automatic behavior.

    Maybe it should, but ATM a pref/option doesn't worry me. Making it a default, non-pref-driven, behavior does bother me though. Wouldn't that increase the CA attack surface for everyone? Wouldn't it interfere with those who purposely want to only use the Mozilla store? I think it would even affect those running a portable edition.
     
  25. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    753
Loading...