Difference between revisions of "Mozilla Firefox"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
 
(56 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Mozilla Firefox is a fast, full-featured Web browser. Firefox includes pop-up blocking; tab-browsing; integrated Google search; simplified privacy controls; a streamlined browser window that shows you more of the page than any other browser; and a number of additional features that work with you to help you get the most out of your time online.
+
Mozilla Firefox was once a fast, full-featured Web browser, then it aged and now suffers from bloat due to poor development and unnecessary features. Firefox basic feature set includes useful things such as pop-up blocking; tab-browsing; and privacy controls.
 
+
Version 3.0.5 added official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages; replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install; fixed several security and stability issues.
+
  
 
Firefox has a tabbed interface; includes a pop-up blocker; built-in, multiple search tools; and built-in RSS reader. It is stable and free.
 
Firefox has a tabbed interface; includes a pop-up blocker; built-in, multiple search tools; and built-in RSS reader. It is stable and free.
 +
 +
Update: '''Firefox Quantum / Firefox 57''' has completely upset the functionality and visual layout of the Firefox Web Browser.  If Firefox Quantum is unacceptable to you, and you wish to maintain the latest level of browser security you have the option of switching to their '''[https://support.mozilla.org/en-US/kb/switch-to-firefox-extended-support-release-esr Firefox Extended Support Release (ESR)]''' for personal use.  This give you the look, feel, and functionality of their previous releases and you will still continue to receive security updates.
 +
 +
'''To install the Firefox ESR on Ubuntu see [[Firefox Extended Support Release]].'''
 +
 +
Version 3.0.5 added official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages; replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install; fixed several security and stability issues.
  
 
Firefox doesn't support the Micro$oft proprietary ActiveX, so some poorly implemented web sites will not work in Firefox.
 
Firefox doesn't support the Micro$oft proprietary ActiveX, so some poorly implemented web sites will not work in Firefox.
  
Firefox's tabbed browsing, RSS support, security features, and overall cool factor make it more attractive than Internet Explorer.  Switching from MSIE to Firefox will dramatically increase the security of an Internet connected PC.
+
Firefox's tabbed browsing, RSS support, security features, and overall cool factor make it more attractive than Internet Explorer.  Switching from MSIE to Firefox will dramatically increase the security of an Internet connected PC.  This point is somewhat less significant now that Micro$oft has dropped MSIE and switched to Edge which uses Chromium.
  
 
== Keyboard Commands ==
 
== Keyboard Commands ==
Line 26: Line 30:
 
== Firefox Annoyances and other fixes ==
 
== Firefox Annoyances and other fixes ==
  
=== Tab open order reversed after update ===
+
{{:Fix Firefox Annoyances}}
 
+
Firefox tabs opening backwards - Since the upgrade to Firefox 3.6 the order which tabs open has changed or is inconsistent.  Previously tabs opened sequentially, so that the latest one was always at the far right.  To restore the previous behavior do the following:
+
 
+
* In the URL bar type:  about:config
+
* Find or create
+
  browser.tabs.insertRelatedAfterCurrent
+
* Set the value to:  False
+
 
+
=== Menu bar missing ===
+
 
+
# Press Alt on the keyboard and release. The menu bar will appear temporarily.
+
# On the menu bar, click View, go to Toolbars, then select which toolbars you want to see.
+
  
 
== Add-ons ==
 
== Add-ons ==
Line 48: Line 40:
  
 
Although more secure than MSIE by far with the default installation, vulnerabilities can still be greatly reduced by taking measures to lock down Firefox.
 
Although more secure than MSIE by far with the default installation, vulnerabilities can still be greatly reduced by taking measures to lock down Firefox.
 +
 +
Two Extensions for Firefox recommended for Security and Privacy - A One-Two Punch must have!
 +
 +
* [[Favorite_Firefox_Extensions#NoScript|NoScript]] - Using this tool correctly will do more to prevent a virus than running anti-virus alone
 +
* [[Favorite_Firefox_Extensions#Ghostery|Ghostery]] - Hide yourself from trackers and help protect your identity online
 +
 +
=== secure DNS: Firefox Invasion of Privacy and Security Alert ===
 +
 +
Firefox browser will ignore your network DNS by default in favor of [[DNS over HTTPS]] (aka DoH) or a type of Trusted Recursive Resolver (TRR).
 +
 +
They should face legal action over this...  Mozilla using their DNS-over-HTTPS by default, bypassing your LAN DNS security filtering.  This is now ENABLED by DEFAULT and you have to dig though settings to disable it or take action using a network firewall to block the destination.
 +
 +
"''This is actually potential a huge privacy issue as it is written that [https://github.com/StevenBlack/hosts/issues/1051 Firefox by default will route all your DNS traffic] to an external source beyond your control and without your accept and knowledge, and who is the external DNS hosting company and what will they do with all the data they collect?''"  Answer: At present it is Cloudflare and the purpose besides their claim of security is Data Mining: they want to know more about you!
 +
 +
* In settings look for and uncheck "'''Enable DNS over HTTPS'''" to prevent a report of all web sites (via DNS query) being sent to a 3rd party.  They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious.
 +
* From about:config a user can set network.trr.mode to 5 to completely disable TRR.
 +
 +
[[File:firefoxsettingdns-over-https.jpg|thumb|illustration showing default setting, change this to Off|none|175px]]
 +
 +
To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: '''use-application-dns.net'''.  Firefox is using '''https://cloudflare-dns.com/dns-query''' for the actual DNS resolution being performed.
 +
 +
The Firefox Trusted Recursive Resolver (TRR) is named such in that "they" trust the DNS resolver, because they are in control.  Network Administrators will mostly prefer to trust their own resolver, because my trusted resolver is certainly not what Mozilla trusts as a resolver. 
 +
 +
Quoted from a firewall vendor source, "''Mozilla has partnered with Cloudflare so that means TRR DNS queries are sent there and not to the intended server. Some people already use Cloudflare, or they don't care where the queries go, so that's a wash or a net gain. If you do not trust Cloudflare or do not want to put all your eggs in the Cloudflare basket, that's not so good.''"
 +
 +
== Support ==
 +
 +
=== Bug: Closing Firefox starts Acrobat reader process ===
 +
 +
Closing Firefox launches AcroRd32.exe, even though the Adobe Acrobat plugin is disabled.  Problem reproduced with FF8.0. 
 +
 +
When Firefox versions after version 4 clear cookies, each plugin is executed to clear its own cached elements.  Adobe, a company well known for being intrusive, made the Acrobat reader so it stays TSR in memory.SOs (eg, Flash cookies) for each plugin.
 +
 +
If you have Firefox set to delete cookies on shutdown, you'll notice that there are a bunch of plugin-container.exe processes started up as well.  Those are the other plugins.  Adobe Acrobat is intrusive and runs as its own process. 
 +
 +
source: [http://forums.mozillazine.org/viewtopic.php?f=9&t=2189297 Closing Firefox starts Acrobat reader process] on mozillaZine
 +
 +
Suggested Solutions:  Change Firefox settings to not delete cookies on shutdown.  -or- completely remove Adobe Acrobat reader plugin.
 +
 +
=== How can I remove the Acrobat Plugin? ===
 +
 +
Delete the file named nppdf32.dll from your Mozilla Firefox plugins folder. You may have to enable showing hidden files to do this.
 +
 +
=== Delete Cookies and Cache in Firefox 8 ===
 +
 +
There are two methods in the modern Firefox.
 +
 +
(1). To clear the cache, cookies, and/or history immediately simply press Alt to goto the menu, Tools, and choose "Clear Recent History."  This will open a dialog labeled "Clear all History" with a bunch of checkboxes next to items you can deselect or select.
 +
 +
(2). You can tell Firefox to "Clear history when Firefox closes," which gives you options including cookies and cache.  To change this setting and configure options press Alt to goto the menu, Tools, Options - you will notice a checkbox labeled "Clear history when Firefox closes."  Click the "Settings" button on the right to configure what gets cleared.
 +
 +
=== Setting Default Browser via Windows Registry ===
 +
 +
{{:Windows Registry- Default Web Browser}}
 +
 +
=== WebExtensions API ===
 +
 +
When did Firefox adopt the WebExtensions API?
 +
 +
In August of 2015, Mozilla announced that the legacy XPCOM- and XUL-based extension systems would be deprecated in favor of the WebExtension API. Between that date and November, 2017, both legacy and WebExtension add-ons were supported in some fashion. With the release of Firefox 57 (Quantum) in November, 2017, WebExtensions became the only supported API for extension development.
 +
 +
Why WebExtensions and not Jetpack?
 +
 +
The WebExtensions API has some inherent technology advantages, such as built-in support for content blocking used by popular ad-blocking extensions, that Jetpack lacked. More importantly, though, basing the initial implementation of WebExtensions on Chrome's API meant that Firefox could leverage a large population of Chrome extensions (larger than Jetpack add-ons) and extension developers. Those developers who stayed with the common APIs were also able to work off of a common codebase, and port extensions more simply between browsers.
 +
 +
== Other Tricks ==
 +
=== Block Google Doodles Without any Special Extension ===
 +
This trick can be used to block images from any particular site or domain, including google.com to block annoying google doodles.
 +
 +
#Right-click on the Google Doodle image. Choose "View Image Info"
 +
#Observe the site domain in the box, located below and left is a checkbox with the option "Block Images From"
 +
#check the box and close the dialog, then reload Google.
 +
 +
===Dark Theme and Force Pages to Dark Background===
 +
You can force the Firefox interface to dark colors, white on black.  This is a two part thing, in consideration that the Theme setting is only for the interface and the color override for pages is part of "Language and Appearance."  ''Verified in version 115.3.1esr (64-bit)''
 +
#click the hamburger menu, choose "Add-ons and themes"
 +
#click on "Themes" and enable "Dark"
 +
 +
Unlike Chrome this won't override many pages making them dark.  You can configure this behavior and choose the color scheme for web sites.
 +
# hamburger menu, settings, general, Language and Appearance
 +
# (a) "Website appearance" - Some websites adapt their color scheme based on your preferences. Choose which color scheme you’d like to use for those sites.
 +
# (b) "Colors" - Override Firefox’s default colors for text, website backgrounds, and links. And you can "Override the colors specified..."
 +
 +
[[File:firefox115esrdarktext.jpg|thumb|none|Language and Appearance|200px]]
 +
 +
===Website Blocking Paste From Clipboard===
 +
Some misguided companies employing stupid web developers and web security consultants think they're increasing security by disabling your ability to paste into form fields, such as the password field or even a field for an email address. Really they are just being obnoxious. 
 +
 +
Firefox and related browsers such as Palemoon and Waterfox allow you to disable this frustrating restriction by modification of a configuration setting.  Head on over to about:config and change the following key from TRUE to FALSE.  You want it to be set to FALSE so that it doesn't obey web site requests to block your clipboard.  Search for dom.event.clipboardevents.enabled  in the search box.  Double-click on the setting to change the value from "true" to "false".
 +
dom.event.clipboardevents.enabled    FALSE
 +
 +
== Alternatives ==
 +
Firefox Quantum / Firefox 57 has a nasty UI and has excessive resource consumption meaning it runs slowly on anything except the latest hardware.  The Firefox Extended Support Release (ESR) is better but on Linux Ubuntu or Mint it seems to be a dog and also very resource intensive.  Running Firefox and Chrome at the same time or Firefox and Evolution at the same time seems to result in Internet browsing grinding to a slow crawl if not a complete stop.  Lets face it, the current Mozilla team is really screwing up Firefox and as an alternative Chrome lacks adequate privacy and security.
 +
 +
One alternative to the regular firefox is [[Firefox Extended Support Release]] also by Mozilla.
 +
 +
There are alternatives that work with the same rendering engine, or share a similar UI with Firefox, and seem to perform better. 
 +
* [[Pale Moon]] web browser - The superior UI of the classic Firefox and a much smaller memory footprint (runs fast on linux!) and compatible with many Firefox extensions including [[NoScript]].  Pale Moon version 27 running with the NoScript extension for added security was capable of correctly rendering popular sites including eBay and Amazon.com with complete functionality.  Furthermore, as with Amazon.com being site burdened with excessive JavaScript and CSS and has always been problematic when using Firefox, runs very nicely on Pale Moon.  The rendering speed of Amazon.com with the exception added to NoScript allowing full site features active was just as fast as with Chrome.  The only criticism of Pale Moon at this time is the installation process would be better if compatible with the APT package management tool rather than their installer, although their installer works fine with the exception of a glitch in the home user cache directory.
 +
 +
In the pursuit for better security some analysts advise that you use specific web browsers for specific types of tasks.  For example, the browser that you casually surf the web with should not be the same one as you use to do online banking or other security related tasks.  One nice alternative to Firefox is a browser called Waterfox.  Waterfox was created to be a 64bit browser and to reduce the amount of telemetry Mozilla receives and other 3rd parties related to the invasion of your privacy.  Waterfox offers more configuration freedom as compared to Firefox.  We recommend using Waterfox over Firefox for better privacy, configurability, and an enhanced browsing experience. 
 +
 +
Waterfox was for a short time owned by System1, which is the same company that bought search engine StartPage but since has returned to its former status as an independent project.  Waterfox has moved into release of its 4th generation. Waterfox Classic is still around, though it appears to no longer share the same code repository or immediate resources with the newest generation of Waterfox.
 +
 +
 +
  
 
 
 
 
Line 55: Line 152:
 
[[Category:Computer Technology]]
 
[[Category:Computer Technology]]
 
[[Category:Software]]
 
[[Category:Software]]
 +
[[Category:Internet]]

Latest revision as of 10:51, 21 November 2024

Mozilla Firefox was once a fast, full-featured Web browser, then it aged and now suffers from bloat due to poor development and unnecessary features. Firefox basic feature set includes useful things such as pop-up blocking; tab-browsing; and privacy controls.

Firefox has a tabbed interface; includes a pop-up blocker; built-in, multiple search tools; and built-in RSS reader. It is stable and free.

Update: Firefox Quantum / Firefox 57 has completely upset the functionality and visual layout of the Firefox Web Browser. If Firefox Quantum is unacceptable to you, and you wish to maintain the latest level of browser security you have the option of switching to their Firefox Extended Support Release (ESR) for personal use. This give you the look, feel, and functionality of their previous releases and you will still continue to receive security updates.

To install the Firefox ESR on Ubuntu see Firefox Extended Support Release.

Version 3.0.5 added official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages; replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install; fixed several security and stability issues.

Firefox doesn't support the Micro$oft proprietary ActiveX, so some poorly implemented web sites will not work in Firefox.

Firefox's tabbed browsing, RSS support, security features, and overall cool factor make it more attractive than Internet Explorer. Switching from MSIE to Firefox will dramatically increase the security of an Internet connected PC. This point is somewhat less significant now that Micro$oft has dropped MSIE and switched to Edge which uses Chromium.

Keyboard Commands

Switch between tabs

  • CTRL-TAB to switch tabs, next tab
  • CTRL-SHFT-TAB , previous tab
  • CTRL-1 , first tab
  • CTRL-2 , second tab, 3, 4, ...

Complete list of keyboard shortcuts

See the Mozilla keyboard shortcuts page.

 

Firefox Annoyances and other fixes

Caption, "Firefox, with each new release, it just keeps getting worse!"

  • Developers are adding massive amounts of bloat and awful glitchy features. It is unfortunate.
  • There is a push to make Firefox more like Google Chrome. Some of us use Firefox because IT IS NOT Chrome!!!
  • Eye candy in the UI just makes a fatter, slower, less efficient web browser.
  • Worst of all, the developers are getting involved in politics and have become "woke."

Due to the constant new roll-outs this guide has to be organized by entry date.

Version 89: Proton

Firefox 89 arrives with address bar, toolbar, tab and menu changes. The industry continues to turn its back on desktop users and focus on the small screens so that everything will be larger in the new interface. Proton will remove some options from Firefox, or hide them. The Compact density option won't be displayed anymore on the "customize" page of the browser if it has not been used in the past.

Be advised, the old "Classic Theme Restorer" addon is gone. There is something similar and useful that can deliver some color and subtle UI improvements called a-firefox-classic-36

move tab bar below url bar

Merciless firefox developers continue their deranged arrangement of the user interface, this time moving the tab bar above the URL bar. The customize option is not able to re-position the two.

If you prefer to have the tab bar below the URL bar you can utilize the backwards compatible Legacy User Profile Customizations of userChrome.css

  • Enable the interface customization by going to about:config
  • set toolkit.legacyUserProfileCustomizations.stylesheets to true
  • create a userChrome.css in the chrome subdirectory of your user profile directory.

Although you see the name "chrome" referenced by firefox it is a legacy name that existed before the Google browser. One has nothing to do with the other.

To find your user profile location

  • HELP -> More Troubleshooting Information
cd /home/nicolep/.mozilla/firefox-esr/rbh5mz6n.default-esr91
mkdir chrome
cd chrome
touch userChrome.css

We have a sample snip of code to place in userChrome.css that will move the tab bar below the URL bar where it belongs.

what are these obnoxious .webp files?

Google is the Internet, they control what we see, they manipulate information into what they wish us to believe is fact, and they even censor a United States President. This is the state of affairs today and much like Microsoft was once so powerful the entire industry bowed to their every whim, today Google demands we obey. Google wants to dominate image formats with their new image container known as WebP. This image container was developed by Google, and is used by many websites, including shopping portals and Reddit. The annoying thing about WebP is, not a lot of image editors support the format. So, when you download a WebP image you may have some difficulty using it. You can't save it into a different format directly.

  • Firefox recognizes Google WebP files as .webp images for direct download
  • Firefox will display png and jpg as .webp from some web sites and no longer offer the original format.

When a legitimate source jpg is being downloaded as .webp by Firefox, you can simple change the file extension back to jpg and view the image. This does not work with images that are not simply saved with the erroneous extension modification but actual WebP container images. Firefox doesn't seem to make the distinction.

Right lick on a png or jpg image and this stupid version of Firefox tries to save them as .webp when the same web page in Palemoon or Chrome use the correct png or jpg extension for saving the file. WTF Firefox?! We are not talking about lousy Google Image Search images, but actually anything anywhere else.

This includes PNG files that I uploaded myself to my web host. It does not matter of the original image is a jpg or a png, if I try to download it, Firefox "thinks" that it is a .webp file.

  • Articles advising an edit in about:config to image.webp.enabled should be disregarded as the solution is now totally ignored by Proton.

To help understand the issue better we will quote a snippet from someone else, "Firefox is not converting the image files but appending webp to the end of the file name. If I download the exact same image file from Chrorne or IE than the webp extension is not appended and shows up as the correct file type. Example: Firefox sees image.jpep as image. jpeg. webp. It is this action we want to end as no one should have to deleted the webp extension as it should recognize, and save the file properly. So no renaming, no converting no nothing except for Firefox to save with the correct extension instead of changing it, as most websites do not support webp if you were to try to upload one."

The following Explanation May Be the Most Accurate:

When a browser indicates to a server that it can accept webP images, the server can compress the JPEG on the fly using a webP container -- without changing the file name. Each browser currently handles this differently:

  • Internet Explorer 11: can't decompress webP, sites do not substitute webP for JPEG
  • Chrome: accepts webP, and when you save, it can convert to different formats on the fly based on the file extension
  • Firefox: accepts webP, and when you save, it saves in webP format regardless of the file extension

It would be ideal if Firefox were to get Chrome's ability to convert to different formats. Issue is best explained here. This guy is on the money.

You can try the following:

firefox "private browsing" homepage

Is there any way to set the Home Page for Private Browsing?

 about:privatebrowsing 

Only addons can change new tab pages. As this time there are no addons to change the privatebrowsing page.

A post on reddit suggests you can set private home page without the search, go to about:config and change browser.privatebrowsing.searchUI to "false". This does not seem to work on current versions 2023+

  • The default private homepage on each new private window opened is unchangeable without css
  • addons that change the new tab page, will change private new tabs

Version 29: Australis

Firefox 29 arrives with revamped Sync tool, customization mode, and Mozilla’s user interface overhaul which is called "Australis." This Australis layout is best described as pseudo-Chrome. It is the biggest ever change to Firefox’s user interface. Firefox’s new Australis theme is very curvy. The most significant changes over the current desktop version of Firefox are: Lots of rounded corners, inactive tabs that “fade” into the background, less padding above tabs, and a massively re-worked main menu button (which shares the same icon as Chrome).

  • Classic Theme Restorer - This addon will allow you to use tabs below the address bar, use square tabs, separate the back and forward buttons and detach them from the address bar, and many other useful fixes.

Version 7 and Older

Become familiar with about:config which can be used to customize firefox and disable some of the feature bloat.

[about:config]

Tab open order reversed after update

Firefox tabs opening backwards - Since the upgrade to Firefox 3.6 the order which tabs open has changed or is inconsistent. Previously tabs opened sequentially, so that the latest one was always at the far right. To restore the previous behavior do the following:

  • In the URL bar type: about:config
  • Find or create
 browser.tabs.insertRelatedAfterCurrent
  • Set the value to: False

Hide the Tab Bar When Browsing a Single Page

The default setting in Firefox 3.5 is to always display tabs, even when you're only browsing a single page. Show more of the web page by hiding the tab bar if only viewing a single page.

  1. Go to Tools, and then Options.
  2. Go to the Tabs menu, and uncheck "Always show the tab bar"

Menu bar missing

  1. Press Alt on the keyboard and release. The menu bar will appear temporarily.
  2. On the menu bar, click View, go to Toolbars, then select which toolbars you want to see.

PREVENT tabs/sessions restoring when restarting Firefox after a forced close/crash

tested on version: 8.0

You can do this by changing a hidden preference.

about:config

In the filter box type resume to bring up a small number of preferences, Double-click on the

browser.sessionstore.resume_from_crash 

to change its value to false

reference: How do I PREVENT tabs/sessions restoring when restarting Firefox after a forced close/crash?

You can also Set the pref browser.sessionstore.max_resumed_crashes to 0 on the about:config page to get the about:sessionrestore page immediately with the first restart after a crash has occurred or the Task Manager was used to close Firefox.

That will allow you to deselect the tab(s) that you do not want to reopen, but will allow to reopen the other tabs.

Save Image As Directory Randomly Changes (unresolved)

Information on this issue/bug has been moved to Firefox Save Image As Save Per Site Annoyance, including the latest work around, the suggested fix from Firefox, and further details.

This was a poorly thought out change to Firefox and reflects on the overall feature bloat and lack of attention to user feedback that is driving Firefox market share down the tubes. Way to keep up the Micro$oft mentality there Firefox developers!

Asinine Top Sites New Tab Page

June 2012 Mozilla adds another annoying "new feature" enabled by default that negatively impacts browser performance and privacy, further contributing to overall bloat. When you create a new tab, Firefox shows top sites, idiot crap like facebook. Firefox trying to be more like Chrome.

you can turn this feature off completely:

  1. goto about:config
  2. Type browser.newtab.url in the search box.
  3. Double-click the browser.newtab.url preference and change the url from about:newtab to about:blank.
  4. Click OK and close the about:config tab.

ref: http://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off

Get Firefox 7 (and higher) to show HTTP:// in URLs

  1. goto about:config
  2. Type browser.urlbar.trimURLs in the search box.
  3. Click to change boolean toggle from True to False


128.4.0esr Removed Purple Mask on Incognito Windows

The purple mask indicator on Private Browsing aka Incognito windows is a useful reminder that a user is in incognito mode. With the recent update the mask indicator is absent even when settings selection is not set to always private or never store history. Users like the reminder so when leaving the workstation and returning later, the indicator provides assurance that the window is in the correct mode.

Best solution as present: Private Frame (extension)

It is ugly, and the shade of purple in the frame is not aesthetically pleasing, however, it does provide the reminder that the less obnoxious purple mask once did before the stupid developers removed it.

Add-ons

Firefox addons are divided into Extensions, Themes, and Plugins. Our Favorite Firefox Extensions are compiled in a list, and man more are available from the Firefox Add-ons web site.

Security

Although more secure than MSIE by far with the default installation, vulnerabilities can still be greatly reduced by taking measures to lock down Firefox.

Two Extensions for Firefox recommended for Security and Privacy - A One-Two Punch must have!

  • NoScript - Using this tool correctly will do more to prevent a virus than running anti-virus alone
  • Ghostery - Hide yourself from trackers and help protect your identity online

secure DNS: Firefox Invasion of Privacy and Security Alert

Firefox browser will ignore your network DNS by default in favor of DNS over HTTPS (aka DoH) or a type of Trusted Recursive Resolver (TRR).

They should face legal action over this... Mozilla using their DNS-over-HTTPS by default, bypassing your LAN DNS security filtering. This is now ENABLED by DEFAULT and you have to dig though settings to disable it or take action using a network firewall to block the destination.

"This is actually potential a huge privacy issue as it is written that Firefox by default will route all your DNS traffic to an external source beyond your control and without your accept and knowledge, and who is the external DNS hosting company and what will they do with all the data they collect?" Answer: At present it is Cloudflare and the purpose besides their claim of security is Data Mining: they want to know more about you!

  • In settings look for and uncheck "Enable DNS over HTTPS" to prevent a report of all web sites (via DNS query) being sent to a 3rd party. They can see a list of where you go on the web and store that for data collection purposes such as profiling you for marketing, analytics, or something far more nefarious.
  • From about:config a user can set network.trr.mode to 5 to completely disable TRR.
illustration showing default setting, change this to Off

To signal that their local DNS resolver implements special features that make the network unsuitable for DNS-over-HTTPS (DoH), network administrators may configure their networks to modify DNS requests for the following special-purpose domain, called a canary domain: use-application-dns.net. Firefox is using https://cloudflare-dns.com/dns-query for the actual DNS resolution being performed.

The Firefox Trusted Recursive Resolver (TRR) is named such in that "they" trust the DNS resolver, because they are in control. Network Administrators will mostly prefer to trust their own resolver, because my trusted resolver is certainly not what Mozilla trusts as a resolver.

Quoted from a firewall vendor source, "Mozilla has partnered with Cloudflare so that means TRR DNS queries are sent there and not to the intended server. Some people already use Cloudflare, or they don't care where the queries go, so that's a wash or a net gain. If you do not trust Cloudflare or do not want to put all your eggs in the Cloudflare basket, that's not so good."

Support

Bug: Closing Firefox starts Acrobat reader process

Closing Firefox launches AcroRd32.exe, even though the Adobe Acrobat plugin is disabled. Problem reproduced with FF8.0.

When Firefox versions after version 4 clear cookies, each plugin is executed to clear its own cached elements. Adobe, a company well known for being intrusive, made the Acrobat reader so it stays TSR in memory.SOs (eg, Flash cookies) for each plugin.

If you have Firefox set to delete cookies on shutdown, you'll notice that there are a bunch of plugin-container.exe processes started up as well. Those are the other plugins. Adobe Acrobat is intrusive and runs as its own process.

source: Closing Firefox starts Acrobat reader process on mozillaZine

Suggested Solutions: Change Firefox settings to not delete cookies on shutdown. -or- completely remove Adobe Acrobat reader plugin.

How can I remove the Acrobat Plugin?

Delete the file named nppdf32.dll from your Mozilla Firefox plugins folder. You may have to enable showing hidden files to do this.

Delete Cookies and Cache in Firefox 8

There are two methods in the modern Firefox.

(1). To clear the cache, cookies, and/or history immediately simply press Alt to goto the menu, Tools, and choose "Clear Recent History." This will open a dialog labeled "Clear all History" with a bunch of checkboxes next to items you can deselect or select.

(2). You can tell Firefox to "Clear history when Firefox closes," which gives you options including cookies and cache. To change this setting and configure options press Alt to goto the menu, Tools, Options - you will notice a checkbox labeled "Clear history when Firefox closes." Click the "Settings" button on the right to configure what gets cleared.

Setting Default Browser via Windows Registry

Applies to Windows XP - Windows 7 and possibly higher.

There are two types of default browser setting. They are typically set to the same browser. One type of setting controls what browser opens when you click on a web document saved to the hard drive. The other determines what browser opens when you attempt to go directly to a web site via the http protocol such as entering the address in the Run -> Open dialog.

Default browser that opens when html file is clicked

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList

Default browser that opens when http protocol used (going to web site)

  • HKEY_CURRENT_USER\Software\Classes\http\shell\open\command

These are typically both set by your favorite web browser. They can be hijacked by a rogue program or intermediary. Check them via the Registry Editor regedit.exe to manually example their value.

WebExtensions API

When did Firefox adopt the WebExtensions API?

In August of 2015, Mozilla announced that the legacy XPCOM- and XUL-based extension systems would be deprecated in favor of the WebExtension API. Between that date and November, 2017, both legacy and WebExtension add-ons were supported in some fashion. With the release of Firefox 57 (Quantum) in November, 2017, WebExtensions became the only supported API for extension development.

Why WebExtensions and not Jetpack?

The WebExtensions API has some inherent technology advantages, such as built-in support for content blocking used by popular ad-blocking extensions, that Jetpack lacked. More importantly, though, basing the initial implementation of WebExtensions on Chrome's API meant that Firefox could leverage a large population of Chrome extensions (larger than Jetpack add-ons) and extension developers. Those developers who stayed with the common APIs were also able to work off of a common codebase, and port extensions more simply between browsers.

Other Tricks

Block Google Doodles Without any Special Extension

This trick can be used to block images from any particular site or domain, including google.com to block annoying google doodles.

  1. Right-click on the Google Doodle image. Choose "View Image Info"
  2. Observe the site domain in the box, located below and left is a checkbox with the option "Block Images From"
  3. check the box and close the dialog, then reload Google.

Dark Theme and Force Pages to Dark Background

You can force the Firefox interface to dark colors, white on black. This is a two part thing, in consideration that the Theme setting is only for the interface and the color override for pages is part of "Language and Appearance." Verified in version 115.3.1esr (64-bit)

  1. click the hamburger menu, choose "Add-ons and themes"
  2. click on "Themes" and enable "Dark"

Unlike Chrome this won't override many pages making them dark. You can configure this behavior and choose the color scheme for web sites.

  1. hamburger menu, settings, general, Language and Appearance
  2. (a) "Website appearance" - Some websites adapt their color scheme based on your preferences. Choose which color scheme you’d like to use for those sites.
  3. (b) "Colors" - Override Firefox’s default colors for text, website backgrounds, and links. And you can "Override the colors specified..."
Language and Appearance

Website Blocking Paste From Clipboard

Some misguided companies employing stupid web developers and web security consultants think they're increasing security by disabling your ability to paste into form fields, such as the password field or even a field for an email address. Really they are just being obnoxious.

Firefox and related browsers such as Palemoon and Waterfox allow you to disable this frustrating restriction by modification of a configuration setting. Head on over to about:config and change the following key from TRUE to FALSE. You want it to be set to FALSE so that it doesn't obey web site requests to block your clipboard. Search for dom.event.clipboardevents.enabled in the search box. Double-click on the setting to change the value from "true" to "false".

dom.event.clipboardevents.enabled     FALSE

Alternatives

Firefox Quantum / Firefox 57 has a nasty UI and has excessive resource consumption meaning it runs slowly on anything except the latest hardware. The Firefox Extended Support Release (ESR) is better but on Linux Ubuntu or Mint it seems to be a dog and also very resource intensive. Running Firefox and Chrome at the same time or Firefox and Evolution at the same time seems to result in Internet browsing grinding to a slow crawl if not a complete stop. Lets face it, the current Mozilla team is really screwing up Firefox and as an alternative Chrome lacks adequate privacy and security.

One alternative to the regular firefox is Firefox Extended Support Release also by Mozilla.

There are alternatives that work with the same rendering engine, or share a similar UI with Firefox, and seem to perform better.

  • Pale Moon web browser - The superior UI of the classic Firefox and a much smaller memory footprint (runs fast on linux!) and compatible with many Firefox extensions including NoScript. Pale Moon version 27 running with the NoScript extension for added security was capable of correctly rendering popular sites including eBay and Amazon.com with complete functionality. Furthermore, as with Amazon.com being site burdened with excessive JavaScript and CSS and has always been problematic when using Firefox, runs very nicely on Pale Moon. The rendering speed of Amazon.com with the exception added to NoScript allowing full site features active was just as fast as with Chrome. The only criticism of Pale Moon at this time is the installation process would be better if compatible with the APT package management tool rather than their installer, although their installer works fine with the exception of a glitch in the home user cache directory.

In the pursuit for better security some analysts advise that you use specific web browsers for specific types of tasks. For example, the browser that you casually surf the web with should not be the same one as you use to do online banking or other security related tasks. One nice alternative to Firefox is a browser called Waterfox. Waterfox was created to be a 64bit browser and to reduce the amount of telemetry Mozilla receives and other 3rd parties related to the invasion of your privacy. Waterfox offers more configuration freedom as compared to Firefox. We recommend using Waterfox over Firefox for better privacy, configurability, and an enhanced browsing experience.

Waterfox was for a short time owned by System1, which is the same company that bought search engine StartPage but since has returned to its former status as an independent project. Waterfox has moved into release of its 4th generation. Waterfox Classic is still around, though it appears to no longer share the same code repository or immediate resources with the newest generation of Waterfox.