So, Firefox 95...is it any better?

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
I have not used FF in a long time now, just downloaded v. 95 last night just to try it out again. It is pretty fast and light and seems to work OK. I added the Malwarebytes Browser extension and Ublock Origin, I am on Windows 21H1 with 8GB of ram, my AV is Defender with Configuredefender on High. FF seems to be working fine, just wanted to ask if there is anything I should look out for or change in it to improve security or performance, or should I still stay away from FF and go on back to Edge? FF users, how do you like it now that they have done the latest security upgrade? Thanks for any help.

C.H.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
For starters, look into enabling isolation of the browser sub-components.

I had enabled this while running Firefox v. 95 in Windows 11. Had to go back to Windows 10 for a stupid disk issue but intend to re-install Firefox and run it without Sandboxie.


For the second article: scrolling about 2/3 down and you will see how to enable Fission in Firefox. (y):coffee:
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
FF works very well. Here are 3 guides I refer to, keeping mostly to #1:
This one relies heavily on internal settings only: Firefox Privacy or: How I Learned to Stop Hardening and Love Strict Tracking Protection

This one shows more configuration options and assigns a "breakage level" to indicate each settings tendencies towards website breakage.
Yet Another Firefox Hardening Guide | Chris Xiao

This one is just a tweaking list only with no comments, leaving the user to judge for themselves.
Privacy Guide

LibreWolf is leaner, faster and already configured out of the box. Users only need to use internal settings as usual, with one caveat: The tracking protection setting is enabled but I'm not sure it works. This presents a problem because without FF own tracking protection enabled and working, the user loses the privacy protection of Total Cookie Protection which isolates cookies between tabs.
Update - LibreWolf Browser - A fork of Firefox, focused on privacy, security and freedom

I need to query devs to check on status of internal tracking protection.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Here on my FF95 "Fission" it's active by default (enabled by phased rollout). Firefox 95 => about:support

fission.png
 

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
@Captain Holly FYI: I checked and Tracking Protection is working in LibreWolf. It just didn't find any trackers on some sites with µBO installed.
Thanks, I tried Librewolf earlier today, downloaded it, it is fast and lean and probably would work well but for me it was blocking parts of some music sites I use. It just feels too heavy-handed for me. I removed it. I will say I do like FF. It is fast and the font/graphics look great, just seems to "pop" on the screen a bit better and brighter than Chrome or Edge. It also looks better in dark mode. I left at default settings and like it very much so far. Will run it for a while and see how it goes. The only oddball thing I ran into is FF is not on my list of apps in MS Notifications and Apps Settings so if I respond to a notification from a site it opens in Edge. I need to fix that.

C.H.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
I have not used FF in a long time now, just downloaded v. 95 last night just to try it out again. It is pretty fast and light and seems to work OK. I added the Malwarebytes Browser extension and Ublock Origin, I am on Windows 21H1 with 8GB of ram, my AV is Defender with Configuredefender on High. FF seems to be working fine, just wanted to ask if there is anything I should look out for or change in it to improve security or performance, or should I still stay away from FF and go on back to Edge? FF users, how do you like it now that they have done the latest security upgrade? Thanks for any help.

C.H.
I find it a little more RAM-intensive on my aging laptop with a mere 4 GB of RAM w/ integrated graphics, but it's still perfectly usable. I have uBO and a few minor tweaks for privacy/security, like disabling telemetry. I find that most lists of recommended hardening settings end up causing too much site breakage, so I don't bother with those anymore.
 

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
FF used about twice the ram that I had with Edge, that is really not a problem but I had other things going on with FF that I just did not like very much. I already mentioned there were problems with a few of the music sites I visit. FF also did not work with some other sites as well. I never could get the notifications problem fixed either, finally gave up on that. I also did a good visual comparison of Edge and FF, Edge with the Font Rendering Enhancer extension looks nearly the same as FF. I still think FF is a pretty good browser, even with these few faults, but I removed it and went back to Edge on default settings. I just want one browser that works for everything I do online, no need to switch to Chrome some other different browser just to pay a bill or read an album review.

Thanks for all the info here.

C.H.
 

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
I thought I might update here, I gave Firefox one more try, downloaded it again, was glad to see it remembered my settings and bookmarks. Even better than that I found the Facebook Container extension was the cause of the problem with blocking sites. I turned it off and can now see the sites that were blocked before. The notifications problem was kind of annoying but it does not bother me enough to ditch FF, as long as the browser itself works ok. I am trying to ditch Chrome and it looks like FF might end up being a keeper after all. I need to drive it around for a few days and see how it goes.

C.H.

Edit: I am getting a notification banner from Firefox, I received a few on this post and one other so far, I see them as long as FF is open which is perfectly fine. I will turn off Chrome and Edge notifications if I end up making FF my default. I don't need all of these notifications from all three browsers. So far I am still very impressed with this latest version of FF.

C.H.
 
Last edited:
F

ForgottenSeer 92963

The big security sacrifice made to C (the basis for machine code) and C++ (the object oriented successor of C) for performance is that C does not imposes memory boundary checks (on compiled code). So it is possible to write in program A to a place in memory which is used by program B and change the flow of events in program B. Many security vulnerabilities are the result of successful (meaning repeatable and predictable) misuse of memory boundary exceptions.

The sandboxing accomplished by RLBox using webassembly prevents third-party code to jump to unexpected places in the parts of memory assigned to that third-party library itself and prevents to address memory outside that third-party library. When I read this I thought what a smart move of Firefox to address the source of the C/C++ security weakness and wondered what the status was of that other project (Oxidation) which aimed to replace C/C++ with Rust. Rust was developed by Mozilla and "in laymans terms" has all the benefits of C++ without the security weaknes or in other words Rust is a fast and powerful program language which protects memory boundaries.

So I looked to the status and happily noticed that the lines of Rust code had nearly doubled since it introduction in end of 2018. Then I noticed that there was no data beyond July 2020 and remembered Mozilla fired about a quarter of its workforce in July/August 2020.

Question to MT-members following the developments of Firefox more closely: is the oxidation project dead (because people working on C++ to Rust migration were fired in 2020)?

Edit: found the answer (link) YES, the project to replace Gecko (C++) with Servo (Rust) rendering engine was also killed in 2020.

Wiki said:
After Mozilla laid off all Servo developers in 2020, governance of the project was transferred to the Linux Foundation. Development work officially continues at the same GitHub repository, but only volunteers remain, so there has merely been maintenance activity.


I really find this disturbing to find out. Mozilla management started Firefox OS in 2013 and Servo in 2017 (when my memory serves right). Both money and resources consuming projects are killed. When a company has less resources and less income than the market leader, that runner up can only win from the market leader by out smarting the leader. Sadly Mozilla management seems to be dumber than the competition. I am a happy user of Firefox on Android and hope this are not the signs of a company in dissolution.
 
Last edited by a moderator:

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
Thanks @Kees, I like FF but had no idea what is and was going on behind the scenes at Mozilla. I used FF in the past about 3 years ago. I will continue trying it out now but maybe I should not be singing its praises so loudly just yet. Thanks for the info.

C.H.
 
F

ForgottenSeer 92963

Thanks @Kees, I like FF but had no idea what is and was going on behind the scenes at Mozilla. I used FF in the past about 3 years ago. I will continue trying it out now but maybe I should not be singing its praises so loudly just yet. Thanks for the info.

C.H.
Well with Google pushing Manifest V3, Firefox could become my browser of choice on my desktop in the future. Some of Mozilla's ideas are great, but they should not have bothered with Firefox OS and different versions of Android browsers, also they binned good projects with bad projects wasting hundreds years of manpower. With focus and vison Firefox could have been so much better.
 

Captain Holly

Level 5
Thread author
Verified
Well-known
Jan 23, 2021
227
Manifest V3 is what drove me to check out FF again. I don't agree with MV3 at all. From what I read about MV3 FF seems to be taking the best approach to it. I was surprised and a little shocked that Edge is going along with MV3, as much as they preach about how privacy-oriented they are.

C.H.
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
551
Well at least with Debian-based Linux, there are ways to place limitations on programs.

firefox-apparmor.png

Actually, the same could be said about Windows as well.
 
  • Like
Reactions: Nevi and oldschool

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
I was surprised and a little shocked that Edge is going along with MV3,
No surprise at all ...
as much as they preach about how privacy-oriented they are.
Ineed, they have some privacy settings but users have to wade through all the feature bloat settings to enable them.

FF is going with MV3 but unclear what the path is.

It may be time to go back to Brave, as much as I want to like Edge, since they've been clear on their position re: MV3.

Tom Lowenthal (flamsmark) 62

@enmodo @brave It won't impact us because Brave's Shields aren't implemented as an extension and don't depend on that API. Plus, whenever there are Chromium changes which we don't think are positive for the people who use Brave, we don't accept them.
8:51 AM - 23 Jan 2019
Chrome Extension Manifest V3
 
F

ForgottenSeer 92963

I will give Brave a try in the near future. It loaded so slow in the past and I don't remember whether I could get the start/nee page a clean empty new tab.

Just tried, find the home tab very annoying, Brave is not for me.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top