|
|
Subscribe / Log in / New account

Firefox 75.0

[Posted April 7, 2020 by ris]

Firefox 75.0 has been released. New features include improvements to the address bar, making search easier, all trusted Web PKI Certificate Authority certificates known to Mozilla will be cached locally, and Firefox is available as a Flatpak. See the release notes for more details.
to post comments

Firefox 75.0

Posted Apr 8, 2020 17:50 UTC (Wed) by flussence (guest, #85566) [Link] (5 responses)

For anyone else wondering how to prevent the “improved” address bar from obstructing half the bookmarks toolbar immediately at startup:

browser.urlbar.openViewOnFocus=false
browser.urlbar.update1=false

A restart is required.

Firefox 75.0

Posted Apr 8, 2020 19:04 UTC (Wed) by oldtomas (guest, #72579) [Link]

Thanks, appreciated.

Firefox 75.0

Posted Apr 10, 2020 8:01 UTC (Fri) by weberm (guest, #131630) [Link]

Thank you!

The firefox team and their "improvements" ...
I wish each release announcement of them included how to turn off their latest quirks!

Firefox 75.0

Posted Apr 15, 2020 10:01 UTC (Wed) by weberm (guest, #131630) [Link] (1 responses)

Btw, these configuration items are going to be dropped. So, one of the next releases, we will not be able to undo that. Thanks, mozilla!

Firefox 75.0

Posted Apr 16, 2020 4:47 UTC (Thu) by pabs (subscriber, #43278) [Link]

Do you have a link to the announcement about dropping these config items?

Firefox 75.0

Posted Apr 15, 2020 21:50 UTC (Wed) by mathstuf (subscriber, #69389) [Link]

Out of curiosity, what is the behavior that isn't wanted here? I don't use a bookmark toolbar, so maybe I'm just not affected here. About the only thing I noticed is that the full URL is selected on the first click, so I need to unlearn the double-click-to-select-full-uri behavior I have. But that's just my use of the address bar.

"all trusted Web PKI Certificate Authority certificates known to Mozilla will be cached locally"

Posted Apr 10, 2020 2:24 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

The effect here is that Firefox no longer needs to rely on a cache plus luck to work around HTTPS servers that send an "Incomplete chain".

When you connect to an HTTPS site the server sends one or more certificates, together with proof that this certificate relates to the server you're actually talking to. The certificates should hypothetically form a "chain", working from the site's claimed name (e.g. lwn.net) to a trusted root private key with each certificate signed using keys for which the next certificate can supply a further signature until you reach that root. In today's PKI this should always be at least two certificates, a "Leaf" for the web server itself and an "Intermediate" for an online certificate authority key used to sign such leaves. The Web PKI's rules forbid CAs from leaving their actual trust roots online and so they can't possibly sign your leaf certificate directly. For more complicated setups there may be two (or more) intermediates instead of just one.

But through misunderstanding or misconfiguration many servers end up with just the leaf certificate, an "Incomplete chain". This leaves a visiting client web browser to either conclude the site is untrustworthy (cue scary error for visitors) or figure out the missing parts somehow. Historically Firefox used a cache (of recent certificates seen) to do the latter, and if that failed it did the former.

An alternative popular in some other software (including some other browsers) is AIA chasing. In the leaf certificate it says who issued this certificate, you "chase" a URL in this information to get another certificate. You may need to repeat this procedure one or more further times. Eventually either you give up or you reach a trusted root. The problem with AIA chasing (other than the fact it's slower so your site should just send this anyway) is that it infringes on privacy. If Charlie the CA issues a certificate to clown-porn.example using their online Intermediate named "Charlie Online #4" they obviously learn that it exists and some metadata (e.g. IP address of the servers) but they know nothing about any visitors. However AIA chasing means if https://clown-porn.example/ isn't correctly configured every web browser doing AIA chasing tells Charlie that they visited a site that needed "Charlie Online #4". That's not a huge leak, but Charlie can make it arbitrarily bad by introducing more aliases for the certificates, maybe citing "operational necessity" or just outright admitting they want to find out who looks at clown porn.

So Mozilla didn't want to do AIA chasing, but they did want to improve the situation where misconfigured sites are disproportionately less likely to work properly in Firefox. They've had a project, for this reason and others, to identify all "Unconstrained intermediates" (there are a _lot_ of these) and so now they're using that work to pre-seed the information in Firefox, eliminating most errors because Firefox can just fill in the missing pieces from this big list, no need for AIA chasing.

Firefox 75.0

Posted Apr 12, 2020 5:18 UTC (Sun) by frispete (subscriber, #89956) [Link]

What's specifically exciting in this release for some power users, they finally managed to tackle and squash a 13 years(!) old bug: session handling. It was so painful in my setups, that I created an antidote.


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds