Mozilla Updates Security Indicators For Firefox

[Lucian Armasu]

Mozilla announced some user-centric changes for its Firefox browser that should make it a little easier for users to understand just how secure some websites are.

Mozilla Updates Security Indicators For Firefox : Read more

 

[targetdrone]

Firefox will not connect to https://www.tomshardware.com/ [lol]

 

[Dan Nelson]

Firefox will not connect to https://www.tomshardware.com/ [lol]

Tom's needs to buy an SSL cert before that'll happen: "The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net"

 

[littleleo]

Firefox will not connect to https://www.tomshardware.com/ [lol]

Strange I'm using Firefox and reading Tom's w/o issue must be user error, lol.

 

[ChronosVRdS]

Firefox will not connect to https://www.tomshardware.com/ [lol]

Same goes to chrome (or any browser working correctly), Tom's doesn't have a valid certificate, this is expected and means that firefox is behaving correctly.

 

[kyzarvs]

FF does not work correctly when it behaves the same way for URLS on the local subnet - routers, firewall webguis - those kinda things are working for me in Chrome, not FF.

 

[ChronosVRdS]

FF does not work correctly when it behaves the same way for URLS on the local subnet - routers, firewall webguis - those kinda things are working for me in Chrome, not FF.

How so? I don't understand what you mean by that.

At least for me, both browsers give me errors when accessing pages with self-signed certificates (kinda of ones used by routers and and local services), if you're using your own certification authority, firefox needs you to manually import the CA, Chrome can get it directly from windows trusted repository.

 

[kyzarvs]

FF does not work correctly when it behaves the same way for URLS on the local subnet - routers, firewall webguis - those kinda things are working for me in Chrome, not FF.

How so? I don't understand what you mean by that.

At least for me, both browsers give me errors when accessing pages with self-signed certificates (kinda of ones used by routers and and local services), if you're using your own certification authority, firefox needs you to manually import the CA, Chrome can get it directly from windows trusted repository.

Example, I have BitDefender running on my mail server, it has a very useful webgui. FF as of recently stopped working going to https://192.168.1.249:8139 and gives you no option to continue. Chrome comes up with the 'this is dumbass, are you sure?' and lets me continue. This behaviour is perfectly correct for internet domains, but gets in the way in 3 of the 5 systems my business works with on the internal network so we've moved to Chrome.

 

[ChronosVRdS]

Example, I have BitDefender running on my mail server, it has a very useful webgui. FF as of recently stopped working going to https://192.168.1.249:8139 and gives you no option to continue. Chrome comes up with the 'this is dumbass, are you sure?' and lets me continue. This behaviour is perfectly correct for internet domains, but gets in the way in 3 of the 5 systems my business works with on the internal network so we've moved to Chrome.

Ok I get it, AFAIK the only thing I that firefox block without question is services running SSLv3 or lower, since it's completely broken.

 

[kyzarvs]

Example, I have BitDefender running on my mail server, it has a very useful webgui. FF as of recently stopped working going to https://192.168.1.249:8139 and gives you no option to continue. Chrome comes up with the 'this is dumbass, are you sure?' and lets me continue. This behaviour is perfectly correct for internet domains, but gets in the way in 3 of the 5 systems my business works with on the internal network so we've moved to Chrome.

Ok I get it, AFAIK the only thing I that firefox block without question is services running SSLv3 or lower, since it's completely broken.

...and I completely agree with that for any non-local URL - it is absolutely the right thing to do. I just feel that it is very short-sighted to do the same for local subnet URL - there must be dozens of interfaces around that are fine for local use, but FF isn't being smart enough about it's behaviour to at least give the option to accept their shortcomings.

 

[ChronosVRdS]

...and I completely agree with that for any non-local URL - it is absolutely the right thing to do. I just feel that it is very short-sighted to do the same for local subnet URL - there must be dozens of interfaces around that are fine for local use, but FF isn't being smart enough about it's behaviour to at least give the option to accept their shortcomings.

Maybe there is, but sounds like you need to change some options on the about:config page, but that can be too much trouble, easier to stay on chrome

 

[sylentz199]

Example, I have BitDefender running on my mail server, it has a very useful webgui. FF as of recently stopped working going to https://192.168.1.249:8139 and gives you no option to continue. Chrome comes up with the 'this is dumbass, are you sure?' and lets me continue. This behaviour is perfectly correct for internet domains, but gets in the way in 3 of the 5 systems my business works with on the internal network so we've moved to Chrome.

Ok I get it, AFAIK the only thing I that firefox block without question is services running SSLv3 or lower, since it's completely broken.

...and I completely agree with that for any non-local URL - it is absolutely the right thing to do. I just feel that it is very short-sighted to do the same for local subnet URL - there must be dozens of interfaces around that are fine for local use, but FF isn't being smart enough about it's behaviour to at least give the option to accept their shortcomings.

You should be able to confirm the exception. FF is annoying that it uses it's own trust store. Not that I have to use FF anymore now that they finally updated to IE11 at work

 

[kyzarvs]

Example, I have BitDefender running on my mail server, it has a very useful webgui. FF as of recently stopped working going to https://192.168.1.249:8139 and gives you no option to continue. Chrome comes up with the 'this is dumbass, are you sure?' and lets me continue. This behaviour is perfectly correct for internet domains, but gets in the way in 3 of the 5 systems my business works with on the internal network so we've moved to Chrome.

Ok I get it, AFAIK the only thing I that firefox block without question is services running SSLv3 or lower, since it's completely broken.

...and I completely agree with that for any non-local URL - it is absolutely the right thing to do. I just feel that it is very short-sighted to do the same for local subnet URL - there must be dozens of interfaces around that are fine for local use, but FF isn't being smart enough about it's behaviour to at least give the option to accept their shortcomings.

You should be able to confirm the exception. FF is annoying that it uses it's own trust store. Not that I have to use FF anymore now that they finally updated to IE11 at work

Not no more - that option has gone. There is no way on the screen to proceed, I don't have time to fudge about in about😱ptions, so I told our guys to work with Chrome. First non FF browser I've used other than web-development testing for about 6 years...

 

[stoned_ritual]

You left out the fact that they added invasive push notifications in version 43. Firefox has gone the way of the dinosaurs. Bloated, invasive, data farming. All the things that firefox was against just a couple of years ago.

 

[stoned_ritual]

You left out the fact that they added invasive push notifications in version 43. Firefox has gone the way of the dinosaurs. Bloated, invasive, data farming. All the things that firefox was against just a couple of years ago.

 

[ChronosVRdS]

@stoned_ritual Push notifications are part of HTML5 standard, Mozilla is obligated to implement to stay with the current web technologies. How invasive? You have control of data you send to mozilla servers, in a transparent way. Chrominium got bashed by OSS community for hiding proprietary voice capture code, that activated without user consent that's invasive.
Now, as for being bloated that's debatable, can't see how is more bloated than process and memory consume adversaries.