New Firefox Browser Version Released

Discussion in 'other software & services' started by JRViejo, Mar 18, 2014.

  1. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
    imdb, you're welcome! Take care.
     
  3. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,498
    Location:
    Toronto, Canada
    Typically, I am a Chromium user and avoid Firefox generally. However, for experimentation purposes today, I decided to use Firefox for fun/learning purposes and because it allowed me to disable e10s multiprocess to make it easier testing with just one firefox.exe process. This is just an experiment and running firefox.exe as a single process simply just made this experiment easier.

    So I decided to try running Firefox (64-bit) as a Protected Process Full (WinTCB) - PsProtectedSignerWinTcb

    Why? Well, why not, I suppose. :thumb:

    Firefox-ProtectedProcessWinTCB.png


    Process Hacker and Process Explorer cannot kill/terminate this firefox.exe process. None of my DLL injection tools are able to inject into this firefox.exe process either. Nice! :)


    Working: General web browsing. Surprisingly, general web browsing is working without any issues. Opening new tabs, clearing memory, etc. All good.

    Broken: Printing is not working. Flash Player is not working.

    Note: MemProtect achieves these same memory sandbox restrictions, however, the benefit with MemProtect over this is the fact that you have full control over what is allowed or disallowed to communicate with the memory of the protected process.

    mimikatz.

    Code:
    Run mimikatz as Admin
    
    To install mimikatz driver:
    !+
    
    To protect single firefox.exe process:
    !processprotect /process:firefox.exe
    
    To remove protected process status:
    !processprotect /process:firefox.exe /remove
    
    * if you wanted to do multiprocess, you would have to use the !processprotect /pid:111 command for each browser process but I have not tested this and it is likely to fail.
    On a side note, downloading mimikatz is a great way to test the Windows Defender Browser Protection extension because it definitely triggers on that download.

    I will try another day with multiprocess chrome.exe but it will be more difficult. Multiple processes within a browser such as Chrome may not be able to communicate properly in this state. But I will try some day when I have more time.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,682
    Location:
    The Netherlands
    Interesting, perhaps you should post this in the MemProtect thread.
     
  5. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,045
    now that the esr version migrated to quantum too, what makes it any different than the latest stable release, other than getting the security fixes and not the cosmetic changes rapidly?
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,748
    Location:
    USA
  7. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,045
  9. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
  12. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,427
    Location:
    UK
    I don't use Firefox myself but reading the notes for 61.0.2 I see....

    Is this something that FF users here would want enabled by default?
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,965
    Location:
    Among the gum trees
    Not I, @stapp .
     
  14. lolnothankyou

    lolnothankyou Registered Member

    Joined:
    Jul 29, 2018
    Posts:
    18
    Location:
    DisableLocation
    Of course not! It's for Mozilla's own data mining purposes.
     
  15. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,615
    When I was using FireFox it was something I had enabled. I always want my session restored, whenever I launch my primary browser.

    But I can see that a lot of people would think differently. But, it's easy to disable.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,395
    Location:
    Slovenia
    I wouldn't like this to be enabled by default. Also with FF run under SBIE I don't think this would be possible at all.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,748
    Location:
    USA
    What makes you think that? I like being able to resume previous sessions so that I don't have to open all of the same tabs again. I have extensions in Firefox and Chrome for that purpose.
     
  18. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
    https://support.mozilla.org/en-US/kb/restore-previous-session#w_privacy-issues
     
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,748
    Location:
    USA
  20. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,423
    Location:
    U.S.A.
    Victek, I assume that happens while not closing the browser, yes? I know you can Clear History Settings when the browser closes, but I'm not aware that there's something similar when closing a tab. :doubt:
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,965
    Location:
    Among the gum trees
    I'm not. I use Temporary Containers extension.
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,748
    Location:
    USA
    For instance try Facebook messenger - messenger.com. If I don't log out there before I shut down the computer I'll still be logged in the next day. The same appears to be true with Facebook.
     
  23. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,045
    it's due to cookies. set your browser to delete cookies after closing it and you will not be logged in next time you launch your browser. you can select which cookies to keep & delete.
     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,369
    Good decision! uMatrix - properly configured - can also prevent this.
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,616
    my firefox do that automatically, weather its crashed or shut down by system. appreciated but not really needed.
    grow up, this is nonsense... if you would believe it yourself i suggest a browser change! because mozilla would anytime collect telemetry, not only on startup.

    same silly story about TRR = dns over https (DoH). its opt-in and has several modes to work.
    https://gist.github.com/bagder/5e29101079e9ac78920ba2fc718aceec
    and its NOT fixed to cloudflare...
    https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
    use quad9, google, symantec, opendns or any other you like to.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.