Lambert  Hauck

Lambert Hauck

1627074300

Composing in Firefox (Chrome Sound Maker)

BAD GUY composing in Firefox (Chrome Sound Maker)
music starts at @3:50
I’m not any music composer, just a noob fiddling around. Found this awesome tool on ChromeLabs and it works perfect on Firefox.
Composing Bad guy in Firefox

#developer

What is GEEK

Buddha Community

Composing in Firefox (Chrome Sound Maker)
Carmen  Grimes

Carmen Grimes

1603280160

Coming through with Firefox 82 – Mozilla Hacks

As October ushers in the tail-end of the year, we are pushing Firefox 82 out the door. This time around we finally enable support for the Media Session API, provide some new CSS pseudo-selector behaviours, close some security loopholes involving the Window.name property, and provide inspection for server-sent events in our developer tools.

This blog post provides merely a set of highlights; for all the details, check out the following:

Inspecting server-sent events

Server-sent events allow for an inversion of the traditional client-initiated web request model, with a server sending new data to a web page at any time by pushing messages. In this release we’ve added the ability to inspect server-sent events and their message contents using the Network Monitor.

You can go to the Network Monitor, select the file that is sending the server-sent events, and view the received messages in the Response tab on the right-hand panel.

For more information, check out our Inspecting server-sent events guide.

Web platform updates

Now let’s look at the web platform additions we’ve got in store in 82.

Media Session API

The Media Session API enables two main sets of functionality:

  1. First of all, it provides a way to customize media notifications. It does this by providing metadata for display by the operating system for the media your web app is playing.
  2. Second, it provides event handlers that the browser can use to access platform media keys such as hardware keys found on keyboards, headsets, remote controls, and software keys found in notification areas and on lock screens of mobile devices. So you can seamlessly control web-provided media via your device, even when not looking at the web page.

#developer tools #featured article #firefox #firefox releases #css #firefox #firefox 82 #firefox developer edition #firefox release #web extensions

Debugging Variables With Watchpoints in Firefox 72

The Firefox Devtools team, along with our community of code contributors, have been working hard to pack Firefox 72 full of improvements. This post introduces the watchpoints feature that’s available right now in Firefox Developer Edition! Keep reading to get up to speed on watchpoints and how to use them.

#debugging #developer tools #featured article #firefox #firefox releases #breakpoints #debugger #debugger for firefox #firefox devtools #firefox visual studio code extension #watchpoints

Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code.

Two severe bugs (CVE-2020-15674 and CVE-2020-15673) are errors in the browser’s memory-safety protections, which prevent memory access issues like buffer overflows. CVE-2020-15674 was reported in Firefox 80, while CVE-2020-15673 was reported in Firefox 80 and Firefox ESR 78.2. Firefox ESR (Extended Support Release) is a Firefox version that’s based on an official release for desktop, for use by organizations who need extended support for mass deployments.

“Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code,” according to a Mozilla Foundation security advisory, released on Tuesday.

#vulnerabilities #web security #buffer error #cve-2020-15673 #cve-2020-15674 #cve-2020-15675 #firefox #firefox 80 #firefox 81 #firefox esr 78.3 #memory safety #mozilla #mozilla foundation #use-after-free #vulnerability #webgl

Beth  Nabimanya

Beth Nabimanya

1623060180

Looking fine with Firefox 89

While we’re sitting here feeling a bit frumpy after a year with reduced activity, Firefox 89 has smartened up and brings with it a slimmed down, slightly more minimalist interface.

Along with this new look, we get some great styling features including a force-colors feature for media queries and better control over how fonts are displayed. The long awaited [top-level ](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/await#top-level-await)await keyword for JavaScript modules is now enabled, as well as the PerformanceEventTiming interface, which is another addition to the performance suite of APIs: 89 really has been working out!

This blog post provides merely a set of highlights; for all the details, check out the following:

forced-colors media feature

The forced-colors CSS media feature detects if a user agent restricts the color palette used on a web page. For instance Windows has a High Contrast mode. If it’s turned on, using forced-colors: active within a CSS media query would apply the styles nested inside.

In this example we have a .button class that declares a box-shadow property, giving any HTML element using that class a nice drop-shadow.

If forced-colors mode is active, this shadow would not be rendered, so instead we’re declaring a border to make up for the shadow loss:

.button {
  border: 0;
  padding: 10px;
  box-shadow: -2px -2px 5px gray, 2px 2px 5px gray;
}

@media (forced-colors: active) {
  .button {
    /* Use a border instead, since box-shadow is forced to 'none' in forced-colors mode */
    border: 2px ButtonText solid;
  }
}

Better control for displayed fonts

Firefox 89 brings with it the line-gap-overrideascent-override and descent-override CSS properties. These allow developers more control over how fonts are displayed. The following snippet shows just how useful these properties are when using a local fallback font:

@font-face {
  font-family: web-font;
  src: url("<https://example.com/font.woff>");
}

@font-face {
  font-family: local-font;
  src: local(Local Font);
  ascent-override: 90%;
  descent-override: 110%;
  line-gap-override: 120%;
}

These new properties help to reduce layout shift when fonts are loading, as developers can better match the intricacies of a local font with a web font. They work alongside the size-adjust property which is currently behind a preference in Firefox 89.

Top-level await

If you’ve been writing JavaScript over the past few years you’ve more than likely become familiar with async functions. Now the await keyword, usually confined to use within an async function, has been given independence and allowed to go it alone. As long as it stays within modules that is.

In short, this means JavaScript modules that have child modules using top level await wait for that child to execute before they themselves run. All while not blocking other child modules from loading.

Here is a very small example of a module using the >a href=”https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API”>Fetch API and specifying await within the export statement. Any modules that include this will wait for the fetch to resolve before running any code.

#featured article #firefox #firefox releases #mdn #css #firefox

Tyrique  Littel

Tyrique Littel

1603450800

Chrome 86 Aims to Bar Abusive Notification Content

Google has added a new feature to Chrome 86 that aims to stomp out abusive notification content.

Web notifications are utilized for a variety of applications – such as prompting site visitors to sign up for newsletters. However, they can also be misused for phishing, malware or fake messages that imitate system notifications for the purpose of generating user interactions. Google has taken steps to battle this issue by automatically blocking the web notifications that display abusive or misleading content.

When visitors encounter a webpage with malicious notification content, the webpage will be blocked and a Chrome alert on the upper navigation bar will warn them that the website might be trying to trick them into displaying intrusive notifications. It will ask them to “Continue Blocking” or “Allow” – the latter option will let users continue on to the webpage.

“Abusive notification prompts are one of the top user complaints we receive about Chrome,” according to PJ McLachlan, product manager with Google, on Wednesday. “Our goal with these changes is to improve the experience for Chrome users and to reduce the incentive for abusive sites to misuse the web-notifications feature.”

In order to detect sites that send abusive notification content, Google will first subscribe occasionally to website push notifications (if the push permission is requested) via its automated web crawling service.

Notifications that are sent to the automated Chrome instances will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved, said Google.

When a site is found to be in “failing” status for any type of notification abuse, Google will send a warning email to the registered owners of the site 30 days before cracking down. During this time, websites can address the issue and request another review.

Google first implemented controls that went against abusive notifications with Chrome 80, when it introduced a “quiet notification permission UI [user interface]” feature. Then, in Chrome 84, it announced auto-enrollment in quiet notification UI for websites with abusive-notification permission requests, such as sites that use deceptive patterns to request notification permissions.

However, the new enforcement in Chrome 86 takes it a step further by focusing “on notification content and is triggered by sites that have a history of sending messages containing abusive content,” said Google. “This treatment applies to sites that try to trick users into accepting the notification permission for malicious purposes, for example sites that use web notifications to send malware or to mimic system messages to obtain user login credentials.”

In an upcoming release, Chrome will revert the notification permission status from “granted” to “default” for abusive origins, preventing further notifications unless the user returns to the abusive origin and re-enables them. That’s because “prior to the release of Chrome’s abusive notifications protections, many users have already unintentionally allowed notifications from websites engaging in abusive activity,” it said.

Google this week also warned of an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild.

#web security #abusive content #abusive notifications #blocking #browser #browser notifications #chrome 80 #chrome 84 #chrome 86 #google #google chrome #malicious notification #safe browsing #web security