Firefox 120.0.1 released (www.mozilla.org)
submitted 3 hours ago by [email protected] to c/[email protected]
submitted 1 day ago by [email protected] to c/[email protected]
submitted 3 days ago by [email protected] to c/[email protected]

cross-posted from: https://lemmy.world/post/8834978

No need to remove the URL tracking parameters manually. 🥳

Firefox copy link without site tracking

submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]

Hey all,

Recently I switched from chrome to Firefox after seeing people on lemmy talk about all the benefits, but for the past week or so my keyboard has been acting up on various websites (including the default Firefox search box), where I can't type anything. The cursor will be blinking in the field and I'll try to type something in my keyboard but nothing appears. Sometimes it will also "lag" where the visual and auditory feedback is delayed and the keyboard becomes frozen while it catches up but again, nothing actually gets typed anywhere (except in the keyboards memory as it still uses predictive text the entire time)

Any suggestions would be great

Edit: I just tried gboard and it's the same issue

submitted 3 days ago by [email protected] to c/[email protected]

I have the App Pinit its very nice to make Desktop File but what is the right Firefox Command to create a new instance of Firefox with a very compact layout ?

submitted 5 days ago* (last edited 5 days ago) by [email protected] to c/[email protected]

It's a wav file in Jellyfin. I have made sure the file in question has not been corrupted. I've also confirmed it's not a Jellyfin issue as I've tested and confirmed that it works in chromium. Every other wav file (or otherwise) works perfectly fine. If it matters, I am using the Arkenfox user.js

Song name: Coming Up Milhouse by Dankmus

Firefox 120.0 released (www.mozilla.org)
submitted 1 week ago by [email protected] to c/[email protected]
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

"In this video I discuss how YouTube is artificially slowing down videos in the Firefox browser artificially to probably get people to use Chromium browsers that Google has more control over."

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

I'm sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don't you think that's a breach of privacy?! I imagine it isn't too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).

The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.

submitted 3 weeks ago by [email protected] to c/[email protected]
Firefox 119.0.1 released (www.mozilla.org)
submitted 3 weeks ago by [email protected] to c/[email protected]
submitted 4 weeks ago by [email protected] to c/[email protected]

Especially for image searches. I am sick and tired of seeing that ""art"" in every single search, and the only real alternative is to exclusively browse trustworthy sites. I've tried to check for extensions myself but all I can find are extensions that use AI to do something, none that block it in any way.

Does anyone have a recommendation?

submitted 1 month ago by [email protected] to c/[email protected]
submitted 1 month ago by [email protected] to c/[email protected]

I seem to just open tabs and never close them, and then go through a cycle of anxiety wondering why I kept them open.

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

New Firefox user here. I like to keep a few tabs pinned. Two of the tabs is the same site but different accounts, so the tabs have the same exact icon. Is there a way to differentiate between the tabs somehow on Firefox?

Firefox 119 released (www.mozilla.org)
submitted 1 month ago by [email protected] to c/[email protected]
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

I just need 2 lectures that I want in case the author decides to delete, but no luck. Maybe I need to wait a little or can you not use extensions like that with Youtube's updates?

submitted 1 month ago by [email protected] to c/[email protected]

cross-posted from: https://lemmy.world/post/7123900

Date: Tue, 17 Oct 2023 03:17:36 +0300 From: turistu To: [email protected] Subject: with firefox on X11, any page can pastejack you anytime

Note to the moderator: I have already submitted this to the firefox people three weeks ago, and according to them, this is not a real security issue, or at least not worse than those pesky scripts which you cannot kill without killing firefox itself; if you think the same, just ignore this without replying.

I would however appreciate if you let this through and so give it some visibility so that the other 2 or 3 people who may be affected by this could learn about it.

Thank you very much.


In firefox running on X11, any script from any page can freely write to the primary selection, and that can be easily exploited to run arbitrary code on the user's machine.

No user interaction is necessary -- any page able to run javascript can do it, including e.g. a page from a background tab of a minimized window, an iframe inside such a window, an error page, a sandboxed iframe, a page that has reloaded itself via meta http-equiv=refresh, etc.

This applies to all the versions of mozilla/firefox and their derivatives (seamonkey, etc) that I was able to test, including the latest nightly.


The simplest example, which works in the default configurations of systems like OpenBSD or Alpine Linux (= any Unix/Linux system where Wayland is not the default and the default shell does not implement bracketed-paste), would go like this:

Load the following snippet in firefox:

intentionally left blank

Then pretend to forget about it, and go about your work. Sooner or later, when trying to paste something in the terminal with shift-Insert or middle click, you will end up running the command writeXPrimary() has injected just between your copy and paste.

live example of that snippet: https://turistu.github.io/firefox/pastejack.html

Short technical explanation

Browsers like firefox have the concepts of "secure context" (e.g. https://) and "transient user activation"; the javascript from the page gets some temporary powers as soon as you have interacted even so little with the page, like clicked, touched, etc.

For instance, writing with Clipboard.writeText() to the windows-style Ctrl-C Ctrl-V clipboard selection is only possible from secure contexts and only in the short while after the user has clicked a button, etc on the page. As this bug demonstrates, those prerequisites are not needed for writing to the primary selection, which on X11 is much more used and much more valuable.


Without patching firefox, the only workaround I can think about is disabling the Clipboard.selectAllChildren() function from an addon's content script, e.g. like this:

let block = function(){ throw Error('blocked') }; exportFunction(block, Selection.prototype, { defineAs: 'selectAllChildren' });

Complete extension here at https://github.com/turistu/odds-n-ends/raw/main/firefox/no-sel.xpi.

I tried to submit it to addons.mozilla.org but they didn't accept it. If you're running firefox-esr, the development edition or nightly, you can just set xpinstall.signatures.required to true in about:config and install it with firefox no-sel.xpi.

Firefox Patch

diff -r 9b362770f30b layout/generic/nsFrameSelection.cpp

a/layout/generic/nsFrameSelection.cpp Fri Oct 06 12:03:17 2023 +0000

+++ b/layout/generic/nsFrameSelection.cpp Sun Oct 08 11:04:41 2023 +0300 @@ -3345,6 +3345,10 @@ return; // Don't care if we are still dragging. }

  • if (aReason & nsISelectionListener::JS_REASON) {
  • return;
  • }
  • if (!aDocument || aSelection.IsCollapsed()) { #ifdef DEBUG_CLIPBOARD fprintf(stderr, "CLIPBOARD: no selection/collapsed selection\n");

The idea of this patch was to *always* prevent javascript from indirectly
messing with the primary selection via the Selection API. However, it turned
out that the `JS_REASON` flag was not reliable; if javascript calls some
function like `addRange()` or `selectAllChildren()` while the user has started
dragging but hasn't released the mouse button yet, that code will be called
*without* that flag but with the text set by javascript, not the text
selected by the user. However, I think that this patch is still enough
to fill the glaring hole opened by `selectAllChildren()`.

### About the example and bracketed-paste

The bracketed paste feature of bash/readline and zsh means that you
cannot just append a CR or LF to the payload and be done, it's the
user who has to press ENTER for it to run.

However, workarounds exist.  For instance, some terminals like mlterm
don't filter out the pasted data, and you can terminate the pasting
mode early by inserting a `\e[201~` in the payload.

For bash, you can take advantage of some quirks in the readline library
to turn off the highlighting and make the payload invisible to the user.

	let payload = 'touch ~/LOL-' + Date.now() / 1000;
	writeXPrimary('\n' + payload + '\n'.repeat(100) + ' '.repeat(30)
		+ '\n'.repeat(100))

which will confuse the user with the same screen as when some stray background job
had written something to the terminal:

	[email protected]:~$ : previous unrelated command
	[email protected]:~$	<-- paste here
	#   <-- cursor here, most users will just hit Enter to get a new prompt

live example of that snippet:	https://turistu.github.io/firefox/bash-pastejack.html

Just to be clear, I don't think that either mlterm, bash, nor the shells that
don't do have that bracketed-paste feature are at fault here in any way
(and I personally always turn off that misfeature as it badly interferes
with my workflow): It's firefox which should get all the blame for letting
random javascript evade its pretended "sandbox" in this way.

### About Wayland

For firefox running in Wayland, `writeXPrimary()` will only succeed
when the firefox window (the main window, not necessarily the tab the code
runs in) has the focus. Otherwise the selection will be cleared. At first I
assumed that this is something specific to the Wayland protocol, but that
turned out to be utterly false; it's just some quirk, bug or "feature"
specific to either firefox itself or GTK.

But I think that's still bad enough, even if the page should take care to
only set the selection when the main window has gained focus.

And of course, all this doesn't affect the situation where you're copying
and pasting in another firefox tab with a different context, origin, etc;
and all the other situations where you don't appreciate having random
javascript you don't even know about messing with your copy & paste.


This is a slightly edited version of

I will correct any errors or omissions and also add more info there.
submitted 1 month ago by [email protected] to c/[email protected]

I running endeavouros and i tried to get discord screenshare (specifically tabshare) to work on firefox. No matter which distro i tried it on before that, never worked (chromium is the only one that works so far)

Searching for any related answer brought me to only one single related topic suggesting to install "ffmpeg-libs", which didnt help.

Any help would be appreciated.

submitted 1 month ago by [email protected] to c/[email protected]

Addons that can do one the other or both. I looked in the Firefox addons store for but most of them have their own GUI for doing so. That could work but ideally I'd like to select a folder or some bookmarks in the bookmarks menu or sidebar and select a context menu option to refresh those favicons and or titles, its possible to run context menu options on multiple selected bookmarks like that, like copytabtitleurl.

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

I really don't like the psuedo-native look of the element dropdown menu on macOS, and I thought Firefox was trying to embrace native widgets when they added support for macOS right click context menus a few years ago. That issue was open for 20+ years! This sucks.

Firefox 118.0.2 released (www.mozilla.org)
submitted 1 month ago by [email protected] to c/[email protected]
submitted 1 month ago by [email protected] to c/[email protected]
submitted 1 month ago by [email protected] to c/[email protected]
submitted 2 months ago by [email protected] to c/[email protected]

Sites I have visited only once have appeared as most visited shortcuts, while I have been to lemmy (typically lemmy.world) over a hundred times, but there is no shortcut added.

I had to manually edit another website's shortcut with lemmy, and find an icon for the shortcut. And searching online, there are surprisingly very few icons to pick from. This is the only one I could find that had a darker background.

Has anyone else who uses the shortcuts encountered the same issue?

view more: next ›


2 readers
2 users here now

A community for discussion about Mozilla Firefox.

founded 5 months ago