back to article Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

The Mozilla Foundation has has given the world the fifty-second version of the Firefox browser, complete with some significant changes. Most notable is the eviction of plug-ins. The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and …

  1. Number6

    Roll on the end of Flash. Perhaps the BBC will finally stop using it too. I think that's the only thing I have authorised to use it now, anyone else: too bad.

    Mind you, perhaps they'll get IPv6 working too. (Although they're not the only laggards here, trying not to look at the vulture in the room.)

    1. Anonymous Coward
      Anonymous Coward

      Roll on the end of Flash

      .. which is the exact thing they leave in place. I don't like the sound of "the end of plugins" - I have a number that I like very much, thank you, and I prefer to take such a decision myself. I would have been OK with a health dose of "are you sure?" or an expert mode for that, but wholesale killing off things in an arbitrary manner is too much like Microsoft. Thank God they apparently have left extensions alone for now, but I've killed off updates, just in case.

      Speaking of expert mode, why the f*ck does everything HAVE to be HTTPS? Anyone who is just running a mom & pop site merely showing stuff has no need for it, and making it all SSL enabled simply means nothing is cached anymore unless they make the biggest security mistake of all and rely on an SSL proxy (the best place *ever* to monitor user behaviour).

      I am very much OK with red alarm flashes and even the re-introduction of blinking (umm, no, maybe not) if a website asks for data entry without the appropriate protection, but to just mandate that as a default is IMHO going too far. That's not protecting, that's nannying. Next thing it will hook up to Alexa and tell you that you should wear a thick coat and scarf when you go out if local temperatures drops..

      1. cavac

        and making it all SSL enabled simply means nothing is cached anymore

        Not entirely correct. Browser caching is not affected by the use of secure connections.

        But true, classic proxies are pretty much impossible for SSL connections. That is a tradeoff for security and privacy.

        It would theoretically be possible to use a validating proxy that blocks all insecure connections (invalid and self-signed certs etc) and have the browser trust the proxy that it does the right thing... nightmares galore!

        I can sort of understand your problem with the traffic volume. But (at least here where i live), this is mostly when you run stuff in expensive clouds like Amazon. I use some colo servers where i have enough monthly traffic included in the colo rent for a fixed price. Currently i could use 50TB a month, and i never reached that limit, not even close.

      2. Ken Hagan Gold badge

        "... making it all SSL enabled simply means nothing is cached anymore unless ..."

        ...unless someone takes the fairly obvious step of allowing "authenticated but not encrypted" connections, thereby delivering content that is both cachable and trustworthy. Such a thing is certainly possible down at the IPsec level, but I've no idea whether it is still possible in the higher layers of the stack. (It's a pretty damn glaring design fault if it isn't, though. Anyone who has ever chosen to deliver a signed file over unsecured FTP or HTTP has understood the requirement.)

      3. Infernoz Bronze badge
        Facepalm

        Not expert, just naive for any kind of insecure network, especially The Internet!

        End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. HTTPS is especially critical for all links to third party sites e.g. scripts, fonts, media etc.! This is why ALL websites, even seemingly trivial ones, must be moved to HTTPS.

        HTTPS certs can be obtained free and there are scripts available to auto-renew short-lived HTTPS certs.

        If you really need caching, put HTTP cache(s) between main HTTP server(s) and HTTPS front end(s), all on an isolated network.

        1. Anonymous Coward
          Anonymous Coward

          End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads!

          Sadly not, given that most of the root cert agencies are in the US. If I were an agency seeking to set up a MITM intercept it would not be hard to get a rogue cert issued - there is enough legal leverage available in the US to make companies do almost anything and compel them to keep their mouths shut about it - FCC cases notwithstanding (IMHO that's more window dressing).

        2. Anonymous Coward
          Anonymous Coward

          "End-to-End Encryption tunnels, like HTTPS and VPN, are the only sane way to use an insecure network, these prevent Man-in-the-Middle sniffing/modification of POSTed content, requests and responses, by any intermediary, including ISPs, routing parties, governments and employers, and this sniffing/modification behaviour has already happened loads! HTTPS certs also make it easier to spot spoof sites e.g. via DNS exploits. "

          Sometimes yes, sometimes no. There are proxies, such as Bluecoat, that perform MITM attacks as part of their designed function. If you are on a network that uses these, you'd best trust the persons administering the proxy with everything you do.

    2. Displacement Activity

      BBC flash

      @Number6:

      Go to news.bbc.co.uk, find a vid, right-click, confirm you're on flash.

      Go to http://www.bbc.co.uk/html5, opt in to HTML5.

      Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51.

      1. Bloodbeastterror

        Re: BBC flash

        Thanks for that link to the BBC HTML5. It actually tells you on that page whether you're already using HTML5 or not - and I was, apparently automatically, since I'd never specified it myself.

        Good tip - thanks again.

      2. John Brown (no body) Silver badge

        Re: BBC flash

        "Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51."

        Despite having dumped flash a while ago and don't the HTML5 magic at the BBC site, BBC News still often places flash-only video on their site. There appears to be neither rhyme nor reason to their selection, it just seems totally random. Worse, despite having no Flash installed and doing the BBC magic, BBC News still tries to serve up the flash video first, only to fail and then reload the page with the HTML5 version about 5 seconds later if available. So not using flash is probably seen by many as an inconvenience on two levels. Not all video is HTML5 and for those that are, it take longer to load the page.

        1. Anonymous Coward
          Anonymous Coward

          Re: BBC flash

          In recent weeks BOTH versions have been randomly failing for me.

        2. jason 7

          Re: BBC flash

          Yeah seems video content on the BBC is 50/50 Flash/HTML5.

          I opted to HTML5 version ages ago but a lot of stuff I still cant watch.

      3. Number6

        Re: BBC flash

        I suspect this is one of those things that relies on cookies to store the preference, in which case I'll have to do it every time I open the browser, given that I have it set to delete such things regularly.

      4. Anonymous Coward
        Anonymous Coward

        Re: BBC flash

        Yeah, phone me back when I can block automatic playing of HTML5 videos.

        1. Mantra

          Re: BBC flash

          "Yeah, phone me back when I can block automatic playing of HTML5 videos."

          about:config -> media.autoplay.enabled -> false

    3. Anonymous Coward
      Anonymous Coward

      Flash left, ad blockers gone?

      Flash still there and ad blocking plugins don't work anymore? Pretty clear who's been accepting bribes.

      1. macjules

        Re: Flash left, ad blockers gone?

        The Flash team at Adobe doesn't accept bribes. If they did we might know exactly who they are and be able to coat the twenties with arsenic.

      2. John 48

        Re: Flash left, ad blockers gone?

        Note that plugins are not the same as extensions. Adblock etc are typically extensions which are still allowed.

      3. Alumoi Silver badge

        Re: Flash left, ad blockers gone?

        Flash still there and ad blocking plugins don't work anymore?

        Mr. Troll, please check your facts first. Plugins ≠ add-ons. Adblockers are add-ons.

      4. killakrust

        Re: Flash left, ad blockers gone?

        Plugins =/= Ad-Ons

        The ad blockers are still available. You're welcome.

  2. Joe Werner Silver badge

    Cookies...

    After they took away the convenient distinction between the site's cookies and third party etc. they should STFU. Now they break the plugin system and the extensions as well, and slowly turn into a bland chrome lookalike. Like Opera. And like Opera it will soon be unusable for me in its current version.

    Progress for the f'ing sake of f'ing progress. I am not impressed... Thank you oh so bloody much.

    1. Lusty

      Re: Cookies...

      I'm still annoyed that the menu is gone! And don't get me started on version numbers...

      1. BenDwire Silver badge

        Re: Cookies...

        Did you not know the menus come back if you press Alt? Works in TB too.

    2. Dan 55 Silver badge

      Re: Cookies...

      Tools > Options > Privacy still seems to have a third party cookie option?

  3. Anonymous Coward
    Anonymous Coward

    Last night my one of my Firefox browsers suddenly announced that Ghostery was no longer supported and no update was available. At this rate I'll be stuck with just Chrome as a browser.

    1. shifty_powers

      Really? Funny how I am using nightly build of Firefox 55 with ghostery running just fine. Also, they are not getting rid of extensions. They are getting rid of NPAPI, a huge difference. Vast majority of extensions that people use will carry on just fine.

      I don't agree with everything Mozilla do but it is right on this count. And it is still a decent browser and one where I at least have some confidence that their existence is not predicated on stealing all of my information for advertising purposes. (Looking at you Chrome).

      1. Updraft102

        They haven't gotten rid of addons yet... why, they're not scheduled to do that for another nine months!

      2. Joe Werner Silver badge

        Re: extensions

        "Vast majority of extensions that people use will carry on just fine."

        Well, good for the vast majority. I like for example tab groups (like in Opera... way back when dirt was invented), and a few other things. One of the developers actually put out a notice that he won't migrate, because he cannot see a way to do it (with a reasonable amount of effort, after doing the migration to whatever their last thing was about a year ago - and the new environment would actually not support things like that any more). All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).

        So... time to look for a new browser. Again. f- them, with extreme prejudice. I'm getting old and averse to change (plus if I cannot get the functionality I want it really sucks - and there is just no alternative but the old and outdated Opera version that still was Opera and not Chrome).

        1. Anonymous Coward
          Anonymous Coward

          Re: extensions

          All because Firefox wants to be more like Chrome and use the same plugins / extensions (no, it is not the only reason, I followed the discussions a bit - but it breaks the browser for me...).

          The irony is that people like me use Firefox exactly because it is NOT Chrome, because we still trust something from Mozilla more than from data thief Google. Idiots.

      3. jason 7

        Running version 52 64bit and all my add-ons etc. are working fine. I must admit I dumped Ghostery a while ago though.

    2. Cameron Colley

      There are alternatives, suck as uBlock and uBlock Origin, rather than the much-criticised Ghostery:

      https://en.wikipedia.org/wiki/Ghostery#Criticism

      1. Anonymous Coward
        Anonymous Coward

        There are alternatives, suck as uBlock and uBlock Origin, rather than the much-criticised Ghostery

        There is criticism, but it's still rather useful. I actually use BOTH uBlock and Ghostery.

        1. Spasticus Autisticus

          'I actually use BOTH uBlock and Ghostery.'

          Those two plus Privacy Badger - and NoScript

          1. Salamamba

            add flagfox - shows the flag of the country the server is located in. It's a simple method for quick risk analysis. Having this installed meant I immediately noticed when my bank started trying to get me to log-on on an American server rather than the expected British one.

            1. Anonymous Coward
              Anonymous Coward

              Ditto, stopped my mum from getting her business account emptied when redirected to a dodgy clone of the banking website.

            2. Dan 55 Silver badge

              El Reg is using a yank server. Say it ain't so!

        2. Cameron Colley

          I give up!

          If you want to pay the advertisers to not advertise to you then, yeah, go ahead.

          I'm really not sure why anybody with a mindset like that doesn't just use Chrome or Edge?

      2. HereIAmJH

        I'm still using v5.4.11 of Ghostery, prior to all the v6 nastiness. Turn off auto updates, fix the version compatibility if necessary. I have uBlock Origin on one of my machines, and it's much more difficult to work with. For example, say you want to stream a TV show from one of the networks. It's a lot easier to figure out which trackers need to be enabled with the old Ghostery. I'm sure someday Firefox will break the old Ghostery and I'll need to find a new blocker. But it's working fine with v52.

        BTW, GMail and Craigslist should be congratulated for using 0 trackers.

      3. Infernoz Bronze badge
        Meh

        Ghostery was tired, because of too coarse controls and useless feedback, uBlock* are also tired now; I un-installed them after uMatrix revealed them as redundant and quite inferior.

        uMatrix offers finer control of several types of web stuff, especially for linked sites and uses a indicator button, not crappy popups, which can be clicked to edit site controls on a transient pane.

    3. Gnomalarta
      Linux

      Just installed 52.0 on Ubuntu 16.04 Ghostery working fine

    4. This post has been deleted by its author

  4. frank ly

    Palemoon

    Take it for a test drive. It's nice.

  5. Len Goddard

    Palemoon

    You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

    Or there is always Vivaldi ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Palemoon

      You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

      Yes, but that's a less supported codebase and doesn't do an official macOS build. If I change over, it needs to support all of the big three (Windows, macOS, Linux).

    2. Anonymous Coward
      Anonymous Coward

      Re: Palemoon

      >You could try Palemoon. It is a firefox fork with the old firefox UI and seems less intent on making life difficult for its users.

      Must agree. I got sick of Firefox increasingly assuming it was the only thing I run, and taking more and more resource, and getting slower while assuring us that performance was improving. Palemoon resolves all those issues. Just wish it used the usual repository update mechanisms.

      While we're talking about Palemoon, their Thunderbird version, Fossamail, similar;y resolves Thunderbird issues, like CPU hogging and constant activity.

      1. VinceH

        Re: Palemoon

        "While we're talking about Palemoon, their Thunderbird version, Fossamail, similar;y resolves Thunderbird issues, like CPU hogging and constant activity."

        Now that's a handy thing - I use Palemoon, but didn't know about Fossamail. I'll give it a try.

        1. Infernoz Bronze badge
          Meh

          Re: Palemoon

          Fossamail still does not support enough of the Thunderbird Functionality, for extensions, even using their profile migration tool (stupidly copies 'incompatible' Lightning and other 'incompatible' extensions too!), and doesn't even fix the crappy dialog window stalls, oddly with little CPU load *, e.g. for adding/editing mail filters!

          * probably some really pointless, chrome GUI Mutex Thrashing.

          The lack of critical extension support and no noticeable performance gains is what keeps me on Thunderbird!

          Just like Firefox, Thunderbird and Fossamail need to have proper isolated Multi-threaded, and possibly Multi-Process, to prevent stalls, and to stop doing lazy/retarded modal windows for relatively easy stuff like mail filter config. Child GUI stuff like that is easy in Java and should be easy in C++ GUI frameworks too!

    3. Kapudan-i Derya

      or Opera

  6. Allan George Dyer
    WTF?

    "The browser will now only run Flash"

    Why? Oh why? I dumped flash about a year ago for being too big a risk.

    Java, on the other hand, I need to submit my tax return.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The browser will now only run Flash"

      I've been submitting tax returns quite happily for years without Java on my system - sure you aren't mixing it up with JavaScript?

      1. Anonymous Coward
        Anonymous Coward

        Re: "The browser will now only run Flash"

        Probably depends on where you all live.... here the last tax software is in Java but no longer runs in a browser... now runs in Eclipse and you have to be very careful about how you install it - because it can break your already existing installation of Eclipse.

      2. Allan George Dyer

        Re: "The browser will now only run Flash"

        @Thoguht - Yes, I'm sure. I guess you've never submitted a tax return in Hong Kong. And they require Oracle Java, the IcedTea plugin doesn't cut it.

    2. patrickstar

      Re: "The browser will now only run Flash"

      What about the one gazillion embedded devices, KVMs, iLO, etc etc that depend on Java applets?

      Not that the people who made them do it in the first place shouldn't be dangling from lamp posts once the revolution comes, but certain people still have work that needs to be done and need to use their crap to do so.

      1. Jay 2

        Re: "The browser will now only run Flash"

        That's the first thing that popped into my mind. Funnily enough I am in the process of migrating to a new PC at work and trying to get all the various generations of iDRAC and iLO to work is a real nightmare, more so with the ever shifting use of various certs and stuff.

        I know that the latest iDRAC can use HTML5 instead, but from my experience it doesn't seem to work as well as the Java version. In some cases various key combos aren't passed along.

        1. Anonymous Coward
          Anonymous Coward

          Re: "The browser will now only run Flash"

          For those of you who have need for it, the 32-bit flavour of Firefox 52 ESR still supports Java, at least for now.

          It might be an idea to set it not to update though.

        2. Infernoz Bronze badge
          Meh

          Re: "The browser will now only run Flash"

          When Java 9 comes out, Applets won't be supported!

          Applets were not one of Sun's better ideas for Java, the successor, Webstart apps., can at least run like desktop programmes.

          All embedded stuff should have been already been upgradeable away from Java Applets, because the Applets probably have various security issues too!

          1. patrickstar

            Re: "The browser will now only run Flash"

            Yes, the embedded stuff should have been upgradeable. Definitely. I agree. Totally.

            This knowledge does not help one bit when you need to actually use/operate a pile of them.

            And this kind of gear often doesn't even work with the latest Java version that DOES support applets, so the announced deprecation and eventual removal of Java applets isn't relevant. Typically you need something that's 5 or 10 years old and even more full of horrible security holes than recent versions.

            PS. Rumor has it that the whole "applet" thing was forced on Java by management, with the underlings well aware that it could never be made secure. Even that knowledge doesn't help one bit when you actually need to use something that for mysterious reasons requires an applet. Especially when said gear isn't realistically possible to replace. For example it can be the iLO in otherwise fully operational servers. Or it can be installed in hundreds/thousands of places. Or it might not be you/your company that can make the decision to replace it. Or it can be weird specialized hardware that has no alternatives. Etc.

          2. Ken Hagan Gold badge

            Re: "The browser will now only run Flash"

            "Applets were not one of Sun's better ideas for Java..."

            Say what? Applets were the sole point of Java. The somewhat bizarre(*) idea of running Java on the server side came later and only as a belated attempt to maintain interest in what was by then a language dying out because Sun were apparently unable to write a secure JVM to run the applets in.

            (* Yes, bizarre, because if you don't trust the code running on your server then you have bigger problems than your choice of programming language.)

            1. patrickstar

              Re: "The browser will now only run Flash"

              No - it actually originated as a platform for embedded systems (like set-top boxes), and from there went to be intended for general purpose applications.

  7. Anonymous Coward
    Anonymous Coward

    I'm about to install...

    ... let's see what it happens to the installed Citrix, Fortinet and VMWare plugins... it's time to take away browser development from those who believe a browser it's just used by those doing stupid things on Facebook....

    1. Anonymous Coward
      Anonymous Coward

      Installed.... they're all gone.

      No surprisingly, they're all gone (this was, of course, a test). It looks the ESR will keep them running until early 2018 - but it's still a stop gap.

      Hope this is a lesson to companies - they should no longer rely on browsers to deliver functionalities. Build your damned clients yourself, and stop piggybacking on someone else application you can't control the design of.

      1. Dan 55 Silver badge
        Facepalm

        Re: Installed.... they're all gone.

        Argh, I've got an update downloaded and ready to install.

        What's the about:config setting to stop this madness?

        Edit: Found it, it's plugin.load_flash_only.

  8. RonWheeler

    Get HTTPS

    So your browsing can get raped by your employer's man in the middle.

    1. Steve the Cynic

      Re: Get HTTPS

      Observation: look at the certificate information next to the URL entry box. The MitM can't use the server's real certificate, so it creates certificates signed by a mini-CA embedded within it. You can tell they are there because their CA is NOT one of the "normal" root CAs, and nor does it have one of the normal ones in its trust path.

      If you get the same thing on your banking sites when you use them from the office, complain to your IT department, and failing that, to your HR department, and failing *THAT*, to a recruiter. (All these MitM systems have the ability to say "don't decrypt these servers".)

      Or go full-on paranoid and get into certificate pinning, where the browser doesn't trust a site unless it gets the right server certificate. How you get hold of the "public" part of the server's certificate to pin it is a whole different story...

      1. Anonymous Coward
        Anonymous Coward

        Re: Get HTTPS

        "look at the certificate information next to the URL entry box. "

        Could a browser (plug-in) do that viz something like uBlock or Ghostery?

        1. Steve the Cynic

          Re: Get HTTPS

          In theory, but it would have to know roots which were NOT the one added to get the browser to stop complaining about the MitM's certificate. That's horribly important in a corporate environment. The MitM creates its own CA, then uses that to generate a certificate for each site you access. The IT department exports that CA and installs it in each corporate machine as a trusted certificate signing certificate (but not a CA-signing certificate). The plugin(1) would need to know that this CA is NOT one of the main root types.

          (1) Good luck if your browser decides to not run plugins any more...

          PS: I know how these MitMs work because my company's product can act as one, but it can be worked out by a careful analysis of how SSL/TLS works.

      2. RonWheeler

        Re: Get HTTPS

        True, but I already know it is all raped. Confirming it site by site is rather a waste of time if I'm powerless to prtest, especial;ly as an IT team person where I'm mean to suck up this stupidity as a good thing.When the Cisco hypocrites all have straight unfiltered pipes to everywhere . For 'testing'.

  9. Anonymous Coward
    Anonymous Coward

    How many people will now download an older version from the ESR line and disable updates because of this?

    Firefox lost its way the moment they started messing with the UI just for the sake of being able to do so rather than improving the underlying actual 'works'.

    1. Hans 1
      Happy

      > "Firefox lost its way the moment they started messing with the UI just for the sake of being able to do so rather than improving the underlying actual 'works'."

      No, it is not just Mozilla ... ever since some numpty came up with UX design as a "new thing", somewhere in the beginning of the naughties, UI's went haywire, everywhere ... it started with IE/JavaScript ui's, with Windows 2000, I think, that was a disgrace, upgrade your browser e.g. ie6, and half the bloody applications on your box got "script errors", crikey. Then came XP with toddlerUi, the rest is history ... Vista/7, the more clicks the merrier, discovering the fun of hiding menus and options (ribbons and all), 8.x hiding menu & options is funny, hiding everything is hilarious, removing functionality we do not understand ...

      Somewhere down the line of Windows 7, Linux ui teams thought it wise to do the same, follow the trend ... more clicks, hide the stuff & remove functionality (Gnome 3), everything into one package and fsck the UNIX coding habits (système d, excuse my French), coz we need to mimic Windows' monolithic arch and ui, it is such a success ....

      UX experts can get me really upset, so much so that I question my anger management skills ...

      1. myhandler

        UX is now driven by mobile and the "desktop can go to hell" attitude. That's the problem.

      2. Ken Hagan Gold badge

        "UX experts can get me really upset, so much so that I question my anger management skills ..."

        Nothing wrong with your anger management skills. These "people" deserve to die.

    2. davidp231

      Browse their FTP archive. I personally sit on 37.0.2 purely for the fact it's the last version with an actual preferences window, instead of dumping it as a web page.

    3. CFWhitman

      >How many people will now download an older version from the ESR line and disable updates because of this?

      I'm guessing not very many other than the few who really want/need Java or Silverlight for some reason since very little else is affected. Remember that add-ons/extensions still work. This only applies to NPAPI plugins.

  10. Ol'Peculier

    Java

    I've just had to disable updates on the PC's in our warehouse that use the Royal Mail DMO system for sending parcels as the RM insist on using Java, and an old version at that, JRE7 Update 51. Which is about as secure as Hillary Clinton's email server.

  11. TonyJ

    Certificate store

    52 can finally be configured to use the Windows certificate store. Not relevant for all, I know, but it's a royal pain in the arse trying to use FF in any kind of enterprise.

    And yes...I've had the discussion MANY times about the fact this ain't an enterprise class product but it's "needed" here.

  12. inmypjs Silver badge

    WTF no comment on webassembly?

    Suddenly get a whole new (compiled) code execution environment like the ones oracle and adobe have been getting wrong over and over for decades and no one blinks an eye?

    What are the chances this doesn't have exploitable vulnerabilities and why the hell should we all be forced to take the risk when there is barely any webassembly content to benefit from?

    My recommendation for a couple of years would be

    about:config

    javascript.options.wasm;false

    unless you have particular reason to want webassembly.

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF no comment on webassembly?

      Webassembly is extremely locked down, only integers and floats can be passed. It's memory safe, strongly typed, in short safer than JavaScript itself.

      For the next frontier of browser vulnerabilities, the smart money is on 3rd party EME DRM modules.

      1. inmypjs Silver badge

        Re: WTF no comment on webassembly?

        " in short safer than JavaScript itself."

        Really? So if it is more limited than Javascript how come people are describing it as "The Dawn of a new era"?

        It doing less than Javascript can but faster is a new era? Someone is bullshitting.

        The only webassembly I have seen are two crappy games, neither of which will run because I don't want to leak another 6 or 7 bits of browser identity by enabling WebGL. Let me know when I am going to miss something.

        1. Anonymous Coward
          Anonymous Coward

          Re: WTF no comment on webassembly?

          Webassembly is for doing pure arithmetic. It allows native 64bit integer operations, and soon 128bit wide SIMD.

          That is pretty revolutionary, but only JavaScript can actually do anything with the buffer you've number-crunched, because Webassembly can't access any APIs.

          Also there are no global variables in the Webassembly context.

  13. IfItAintBroke

    SKY GO NO LONGER SUPPORTS FF

    So now it's no longer possible to watch Sky Go, which still requires silverlight, on any mainstream browser except I.E. Chrome won't work, nor will Edge because neither support silverlight. I actually switched from FF to IceDragon a while back for normal use and that's OK for the moment, while they're still using version 50, but for how long since it is Mozilla based? Either that or use the ESR version of FF but again, for a limited time frame.

    Admittedly the blame really lies with Sky for continuing to support silverlight exclusively.

    1. Dan 55 Silver badge

      Re: SKY GO NO LONGER SUPPORTS FF

      Furtle the about:config setting on the other page and you'll have it back, for a while.

    2. ecofeco Silver badge

      Re: SKY GO NO LONGER SUPPORTS FF

      Any website that is not browser neutral is FAIL.

      I can't believe this is still a problem 20 years on, yet somehow it is.

    3. Spoonguard
      Go

      Re: SKY GO NO LONGER SUPPORTS FF

      try setting or making the about:config pref plugins.load_flash_only to false, and restarting firefox.

  14. ecofeco Silver badge

    Uh oh

    Sounds like one of those updates I'll not be installing.

  15. Pomgolian
    Stop

    Those warnings are getting bloody annoying

    I am a big boy now, and I can manage without the training wheels.

    about:config

    Search 'insecure'

    Set

    security.insecure_field_warning.contextual.enabled=false

    security.insecure_password.ui.enabled=false

    That's better.

    As you were.

  16. CFWhitman

    NPAPI Plugins - Not Your Favorite Firefox Add-ons

    It would probably be a good idea to specifically mention that NPAPI plugins have been outdated for a while and are not the same thing as add-ons and extensions, so this affects very few things. A number of people seem to think that this means the end of their favorite add-ons, even after the same issue caused confusion when Google Chrome dropped NPAPI plugins a while back.

  17. Jon Smit

    Sky Go gets to boot too

    "...Important Notice – Firefox customers

    Watching Sky Go is no longer supported on the latest version of Firefox. Don’t worry, you’ll still be able to enjoy Sky Go using an alternative browser like Internet Explorer.

    We are aware of the problem and are working hard to get this fixed as soon as we possibly can.."

    Will Firefox keep on fiddling until they've no users left ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Sky Go gets to boot too

      Yes, see below.

  18. Anonymous Coward
    Anonymous Coward

    FF52 is depending on pulseaudio by default instead of ALSA. Apparently (ironically) the devs are trying to make their lives easier. The bug report comments are as dismissive as you'd expect. I think with their Linux user base collapsing into the Ubuntu camp (filled with people who don't care and never needed to crowbar pulse out of their way), it'll get easier on them indeed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like