mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla gemeenschap

Mozilla vulnerability goes BERserk - ITWorld Canada

Nieuws verzameld via Google - vr, 26/09/2014 - 17:26

ITWorld Canada

Mozilla vulnerability goes BERserk
ITWorld Canada
Security researchers have discovered critical forgery vulnerability in Mozilla's Network Security Services (NSS) crypto library that could allow attackers to forge RSA certificates used to secure data transmissions. “Dubbed BERserk, this vulnerability ...
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla patches Firefox NSS vulnerabilityPC Pro
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
FedScoop -Dark Reading -Naked Security
alle 16 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Gervase Markham: Prevent Territoriality

Mozilla planet - vr, 26/09/2014 - 16:56

Watch out for participants who try to stake out exclusive ownership of certain areas of the project, and who seem to want to do all the work in those areas, to the extent of aggressively taking over work that others start. Such behavior may even seem healthy at first. After all, on the surface it looks like the person is taking on more responsibility, and showing increased activity within a given area. But in the long run, it is destructive. When people sense a “no trespassing” sign, they stay away. This results in reduced review in that area, and greater fragility, because the lone developer becomes a single point of failure. Worse, it fractures the cooperative, egalitarian spirit of the project. The theory should always be that any developer is welcome to help out on any task at any time.

— Karl Fogel, Producing Open Source Software

Categorieën: Mozilla-nl planet

Soledad Penades: Berlin Web Audio Hack Day 2014

Mozilla planet - vr, 26/09/2014 - 16:11

As with the Extensible Web Summit, we wrote some notes collaboratively. Here are the notes for the Web Audio Hackday!

We started the day with me being late because I took a series of badly timed bad decisions and that ended up in me taking the wrong untergrund lines. In short: I don’t know how to metro in Berlin in the mornings and I’m still so sorry.

I finally arrived to Soundcloud’s offices, and it was cool that Jan was still doing the presentations, so Tiffany gave me a giant glass of water and I almost drank it all while they finished. Then I set up my computer and proceeded to give my talk/workshop!

It was an improved and revised version of the beta-talk I gave at Mozilla London past past week:


Note to self: maybe remove red banners behind me if wearing a red shirt, so as not to blend with them

Sadly it wasn’t recorded and I didn’t screencast it either, so you’ll have to make do with the slides and the code for the slides (which includes the examples). Or maybe wait until I maybe run this workshop again (which I have already been asked to do!)

Jordan Santell and the Web Audio Editor in Firefox Devtools

Then Jordan (of dancer.js and component.fm fame) talked about the fancy new Web Audio Editor which is one of the latest tools to join the Firefox Devtools collection of awesome—and it just appeared in Firefox Stable (32) so you don’t even need to run Beta, Aurora or Nightly to use it! (I talked a bit about it already).

You can use the editor to visualise the audio graph, change values of the nodes and also detect if you have a memory leak when allocating nodes (which is something that is part of the normal workflow of working with Web Audio).

There was a nice plug to Are We Dubstep Yet?, the minisite I am building to keep track of bugs in the Web Audio Editor. Yay plugs!

are we dubstep yet?

Jordan’s slides are here. You can also watch his JSConf talk where he introduced an early version of the tools!

Chris Wilson and the Web MIDI API

Finally the mighty Chris Wilson explained how the Web MIDI API works and made some demos using a few and assorted MIDI devices he had brought with him: a keyboard, pads, a DJ deck controller…!

It’s interesting that most of the development of the Web MIDI implementation seems to be happening in Japan, so they are super original in their examples.

Chris’ slides on Web MIDI and other audio in general slides.

Hacking + Hacks!

I think we had lunch then… and then it was HACK TIME! But before actually getting started, some people pitched their idea to see if someone else wanted to collaborate with them and hack together. I think that was a really neat idea :-)

Myself, I spent the hack time…

  • reconnecting with old acquaintances
  • answering questions! but very few of them and none of them were the usual “but why doesn’t my oscillator start anymore?” but more interesting ones, so that was cool!
  • asking questions! to Chris mostly–one cannot ask questions to a spec editor in person every day!
  • and even started a hack which I didn’t finish: visualising custom periodic waves for use with an Oscillator Node, given the harmonics array. I gave myself the idea while I was doing the workshop, which is a terrible thing to do to myself, as I was distracting myself and wanted to hack on that instead of finishing the workshop. My brain probably hates itself, or me in general.

Also this was really cool:

.@cwilso and me feeling a tremendous relief at not being the only ones randomly causing our machines to emit weird sounds #webaudiohackday

— ǝlosɹǝdns (@supersole) September 12, 2014

I’m always super aware that weird sounds might be coming out of any of the devices in my desk when I’m testing web audio stuff, so it was fun to see I’m not the only one feeling that way :D

After hack time, the hacks were presented:

These are the people that submitted a hack, in the same order they appear in the video. Not all of them have published their hack code so if you are one of those, please do and write a comment so I can update this post!

  1. Jelle Akkerman (github, twitter) – NoOsc was an experiment using NoFlo, trying to build something very visual and cool, super suitable for live-acts. I really liked the idea!
  2. Guillaume Marty (github, twitter) – a BPM detection algorithm, using the OfflineAudioContext
  3. Erik Woitschig (twitter) – Using SoundCloud as sample database
  4. Daniel Roth, Jonathan Lundin (twitter, github), Felix Niklas (twitter, github) – Oscillator reacting to mobile phone gyroscope – it sounded really nice and I liked that the same code worked even in iPads. Yay Web Audio!
  5. Chris Greeff (twittergithub), Nick Lockhart (twitterhttps://github.com/N1ck) – Beaty Bird – source code (Second prize)
  6. Lisa Passing (githubtwitter) – One Hand Soundgame – source code (Third prize)
  7. Thomas Fett (twittergithub) – Remix at once – source code (Fourth prize)
  8. Evan Sonderegger (twittergithub) – Vector Scope in Web Audio API (First prize)

The hardware prizes were sponsored by Mozilla. And the software prizes by Bitwig.

The unofficial/community Web Audio logo

We also publicised a thing that Martin Holzhauer had worked on: the unofficial/community Web Audio logo!

Web Audio logo

Here’s the SVG. Many thanks to Martin for putting it all together!

As far as we know there is/was not an official logo. I totally love this one as it kind of matches the various JS* aesthetics and it is immediately understandable–most of the W3C api icons are just too fancy for anyone to grasp what they actually mean. Sure they look cool, but they do not work as a logo from a purely functional perspective.

And now, what?

Well, the Web Audio Conference is next January in Paris. They’re still accepting submissions for papers until next month, so why don’t you go and submit something? :-)

Hopefully see you there!

flattr this!

Categorieën: Mozilla-nl planet

How big is Shellshock Mozilla diving into security policy APT group may be ... - Politico

Nieuws verzameld via Google - vr, 26/09/2014 - 16:11

How big is Shellshock Mozilla diving into security policy APT group may be ...
Politico
With help from David Perera, Joseph Marks and Shaun Waterman. HOW BIG IS SHELLSHOCK – Security researchers continue to debate the impact of Shellshock, the security flaw in the ubiquitous Bash shell identified this week. Pushing back against some ...

Google Nieuws
Categorieën: Mozilla-nl planet

'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome - Dark Reading

Nieuws verzameld via Google - vr, 26/09/2014 - 15:28

ITWorld Canada

'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome
Dark Reading
"The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products," Michael Fey, executive vice president, chief technology officer, and general manager of corporate products ...
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla vulnerability goes BERserkITWorld Canada
Mozilla patches Firefox NSS vulnerabilityPC Pro
FedScoop -Threatpost -Naked Security
alle 17 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla patches Firefox NSS vulnerability - PC Pro

Nieuws verzameld via Google - vr, 26/09/2014 - 13:41

PC Pro

Mozilla patches Firefox NSS vulnerability
PC Pro
Mozilla has issued updates for its Firefox, Thunderbird, and SeaMonkey software to plug a critical vulnerability in Network Security Services (NSS) libraries. NSS is a set of open-source cryptographic libraries that support SSL, TLS and S/MIME security ...
Mozilla vulnerability goes BERserkITWorld Canada
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
FedScoop -Naked Security -Dark Reading
alle 19 nieuwsartikelen »Google Nieuws
Categorieën: Mozilla-nl planet

Daniel Stenberg: Changing networks with Firefox running

Mozilla planet - vr, 26/09/2014 - 08:24

Short recap: I work on network code for Mozilla. Bug 939318 is one of “mine” – yesterday I landed a fix (a patch series with 6 individual patches) for this and I wanted to explain what goodness that should (might?) come from this!

diffstat

diffstat reports this on the complete patch series:

29 files changed, 920 insertions(+), 162 deletions(-)

The change set can be seen in mozilla-central here. But I guess a proper description is easier for most…

The bouncy road to inclusion

This feature set and associated problems with it has been one of the most time consuming things I’ve developed in recent years, I mean in relation to the amount of actual code produced. I’ve had it “landed” in the mozilla-inbound tree five times and yanked out again before it landed correctly (within a few hours), every time of course reverted again because I had bugs remaining in there. The bugs in this have been really tricky with a whole bunch of timing-dependent and race-like problems and me being unfamiliar with a large part of the code base that I’m working on. It has been a highly frustrating journey during periods but I’d like to think that I’ve learned a lot about Firefox internals partly thanks to this resistance.

As I write this, it has not even been 24 hours since it got into m-c so there’s of course still a risk there’s an ugly bug or two left, but then I also hope to fix the pending problems without having to revert and re-apply the whole series…

Many ways to connect to networks

Firefox Nightly screenshotIn many network setups today, you get an environment and a network “experience” that is crafted for that particular place. For example you may connect to your work over a VPN where you get your company DNS and you can access sites and services you can’t even see when you connect from the wifi in your favorite coffee shop. The same thing goes for when you connect to that captive portal over wifi until you realize you used the wrong SSID and you switch over to the access point you were supposed to use.

For every one of these setups, you get different DHCP setups passed down and you get a new DNS server and so on.

These days laptop lids are getting closed (and the machine is put to sleep) at one place to be opened at a completely different location and rarely is the machine rebooted or the browser shut down.

Switching between networks

Switching from one of the networks to the next is of course something your operating system handles gracefully. You can even easily be connected to multiple ones simultaneously like if you have both an Ethernet card and wifi.

Enter browsers. Or in this case let’s be specific and talk about Firefox since this is what I work with and on. Firefox – like other browsers – will cache images, it will cache DNS responses, it maintains connections to sites a while even after use, it connects to some sites even before you “go there” and so on. All in the name of giving the users an as good and as fast experience as possible.

The combination of keeping things cached and alive, together with the fact that switching networks brings new perspectives and new “truths” offers challenges.

Realizing the situation is new

The changes are not at all mind-bending but are basically these three parts:

  1. Make sure that we detect network changes, even if just the set of available interfaces change. Send an event for this.
  2. Make sure the necessary parts of the code listens and understands this “network topology changed” event and acts on it accordingly
  3. Consider coming back from “sleep” to be a network changed event since we just cannot be sure of the network situation anymore.

The initial work has been made for Windows only but it allows us to smoothen out any rough edges before we continue and make more platforms support this.

The network changed event can be disabled by switching off the new “network.notify.changed” preference. If you do end up feeling a need for that, I really hope you file a bug explaining the details so that we can work on fixing it!

Act accordingly

So what is acting properly? What if the network changes in a way so that your active connections suddenly can’t be used anymore due to the new rules and routing and what not? We attack this problem like this: once we get a “network changed” event, we “allow” connections to prove that they are still alive and if not they’re torn down and re-setup when the user tries to reload or whatever. For plain old HTTP(S) this means just seeing if traffic arrives or can be sent off within N seconds, and for websockets, SPDY and HTTP2 connections it involves sending an actual ping frame and checking for a response.

The internal DNS cache was a bit tricky to handle. I initially just flushed all entries but that turned out nasty as I then also killed ongoing name resolves that caused errors to get returned. Now I instead added logic that flushes all the already resolved names and it makes names “in transit” to get resolved again so that they are done on the (potentially) new network that then can return different addresses for the same host name(s).

This should drastically reduce the situation that could happen before when Firefox would basically just freeze and not want to do any requests until you closed and restarted it. (Or waited long enough for other timeouts to trigger.)

The ‘N seconds’ waiting period above is actually 5 seconds by default and there’s a new preference called “network.http.network-changed.timeout” that can be altered at will to allow some experimentation regarding what the perfect interval truly is for you.

Firefox BallInitially on Windows only

My initial work has been limited to getting the changed event code done for the Windows back-end only (since the code that figures out if there’s news on the network setup is highly system specific), and now when this step has been taken the plan is to introduce the same back-end logic to the other platforms. The code that acts on the event is pretty much generic and is mostly in place already so it is now a matter of making sure the event can be generated everywhere.

My plan is to start on Firefox OS and then see if I can assist with the same thing in Firefox on Android. Then finally Linux and Mac.

I started on Windows since Windows is one of the platforms with the largest amount of Firefox users and thus one of the most prioritized ones.

More to do

There’s separate work going on for properly detecting captive portals. You know the annoying things hotels and airports for example tend to have to force you to do some login dance first before you are allowed to use the internet at that location. When such a captive portal is opened up, that should probably qualify as a network change – but it isn’t yet.

Categorieën: Mozilla-nl planet

Arky: Building Boot2Gecko(B2G) on Ubuntu

Mozilla planet - vr, 26/09/2014 - 05:12

Update: This documentation is out-of-date: Please read developer.mozilla.org/en-US/Firefox_OS/Building for latest information

You heard about Mozilla Boot2Gecko(B2G) mobile operating system. Boot2Gecko's Gaia user interface is developed entirely using HTML, CSS and Javascript web technologies. If you are an experienced web developer you can contribute to Gaia UI and develop new Boot2Gecko applications with ease. In this post I'll explain how to setup the Boot2Gecko (B2G) development environment on your personal computer.


You can run Boot2Gecko(B2G) inside an emulator or inside a Firefox web browser. Using Boot2Gecko(B2G) with QEMU emulator is very resource intensive, so we will focus on the later in this post. I'll assume you are comfortable with Mozilla build environment. So, get that pot of coffee brewing and prepare for a long night of hacking.


Building Boot2Gecko(B2G) Firefox App

Before you start, let us make sure that you have all the prerequisites for building Firefox on your computer. Please have a look at the build prerequisites for your Linux, Window and OSX operating system.


# Let get the source code # Download mozilla-central repository $ hg clone http://hg.mozilla.org/mozilla-central mozilla-central # Download the Gaia source code $ git clone https://github.com/mozilla-b2g/gaia gaia # Change directory and create our profile $ cd gaia $ make profile # Change directory into your mozilla-central directory $ cd mozilla-central # Create a .mozconfig file inside your mozilla-central directory: $ nano .mozconfig mk_add_options MOZ_OBJDIR=../b2g-build mk_add_options MOZ_MAKE_FLAGS="-j9 -s" ac_add_options --enable-application=b2g ac_add_options --disable-libjpeg-turbo ac_add_options --enable-b2g-ril ac_add_options --with-ccache=/usr/bin/ccache # Build the Firefox B2G app and wait for the build to finish $ make -f client.mk build # Create a simple b2g bash script to launch B2G app; change paths you suit your environment # Note: Have to use to -safe-mode option due to bug on my Ubuntu box #!/bin/sh export B2G_HOMESCREEN=http://homescreen.gaiamobile.org/ /home/arky/src/b2g-build/dist/bin/b2g -profile /home/arky/src/gaia/profile

If everything goes well. You should have boot2gecko running inside a firefox now.


Boot2Gecko running inside firefox on Ubuntu

Customizing Firefox B2G App

For better Boot2Gecko (B2G) experience, we will customize Firefox features offline cache and touch events using a custom Firefox profile.



Create a Custom Firefox Profile

You can use dist/bin/b2g -ProfileManager option to launch Firefox Profile Manager. Create a new profile called 'b2g'. Now we can add customizations to this new profile.


On Linux computers, the profile is created under ~/.mozilla/b2g/ directory. You can find the information about location of firefox profiles for your operating system here.



You launch B2G with your new custom profile using the '-P' option. Modify your B2G bash script and add the custom profile option. dist/bin/b2g -P b2g


Disable offline cache

Create a user.js file inside your custom 'b2g' firefox profile directory. Add the following line to disable offline cache.

user_pref('browser.cache.offline.enable', false);

Enabling Touch events

Add the following line in your user.js file inside your custom 'b2g' Firefox profile directory to enable touch events.

user_pref('dom.w3c_touch_events.enabled', true);


That's it. You now have a Boot2Gecko(B2G) running inside Firefox on your computer. Happy Hacking!

Categorieën: Mozilla-nl planet

Julien Vehent: Shellshock IOC search using MIG

Mozilla planet - vr, 26/09/2014 - 01:06

Shellshock is being exploited. People are analyzing malwares dropped on systems using the bash vulnerability.

I wrote a MIG Action to check for these IOCs. I will keep updating it with more indicators as we discover them. To run this on your Linux 32 or 64 bits system, download the following archive: mig-shellshock.tar.xz 

Download the archive and run mig-agent as follow:

$ wget https://jve.linuxwall.info/ressources/taf/mig-shellshock.tar.xz$ sha256sum mig-shellshock.tar.xz 0b527b86ae4803736c6892deb4b3477c7d6b66c27837b5532fb968705d968822 mig-shellshock.tar.xz $ tar -xJvf mig-shellshock.tar.xz 
shellshock_iocs.json
mig-agent-linux64
mig-agent-linux32$ ./mig-agent-linux64 -i shellshock_iocs.json This will output results in JSON format. If you grep for "foundanything" and both values return "false", it means no IOC was found on your system. If you get "true", look at the detailed results in the JSON output to find out what exactly was found.$ ./mig-agent-linux64 -i shellshock_iocs.json|grep foundanything
    "foundanything": false,
    "foundanything": false,The full action for MIG is below. I will keep updating it over time, I recommend you use the one below instead of the one in the archive.{
"name": "Shellshock IOCs (nginx and more)",
"target": "os='linux' and heartbeattime \u003e NOW() - interval '5 minutes'",
"threat": {
"family": "malware",
"level": "high"
},
"operations": [
{
"module": "filechecker",
"parameters": {
"searches": {
"iocs": {
"paths": [
"/usr/bin",
"/usr/sbin",
"/bin",
"/sbin",
"/tmp"
],
"sha256": [
"73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489",
"ae3b4f296957ee0a208003569647f04e585775be1f3992921af996b320cf520b",
"2d3e0be24ef668b85ed48e81ebb50dce50612fb8dce96879f80306701bc41614",
"2ff32fcfee5088b14ce6c96ccb47315d7172135b999767296682c368e3d5ccac",
"1f5f14853819800e740d43c4919cc0cbb889d182cc213b0954251ee714a70e4b"
],
"regexes": [
"/bin/busybox;echo -e '\\\\147\\\\141\\\\171\\\\146\\\\147\\\\164'"
]
}
}
}
},
{
"module": "netstat",
"parameters": {
"connectedip": [
"108.162.197.26",
"162.253.66.76",
"89.238.150.154",
"198.46.135.194",
"166.78.61.142",
"23.235.43.31",
"54.228.25.245",
"23.235.43.21",
"23.235.43.27",
"198.58.106.99",
"23.235.43.25",
"23.235.43.23",
"23.235.43.29",
"108.174.50.137",
"201.67.234.45",
"128.199.216.68",
"75.127.84.182",
"82.118.242.223",
"24.251.197.244",
"166.78.61.142"
]
}
}
],
"description": {
"author": "Julien Vehent",
"email": "ulfr@mozilla.com",
"revision": 201409252305
},
"syntaxversion": 2
}
Categorieën: Mozilla-nl planet

Mozilla addresses bug allowing signature forgery in NSS - SC Magazine

Nieuws verzameld via Google - vr, 26/09/2014 - 00:04

Threatpost

Mozilla addresses bug allowing signature forgery in NSS
SC Magazine
On Wednesday, Mozilla patched a vulnerability in Network Security Services (NSS) libraries, which impacted its Firefox web browser, Thunderbird email client and SeaMonkey internet suite. The critical bug (CVE-2014-1568) was discovered by researcher ...
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
Mozilla patches Firefox NSS vulnerabilityPC Pro
Critical Mozilla vulnerability discoveredFedScoop
Dark Reading -Naked Security
alle 17 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Armen Zambrano: Making mozharness easier to hack on and try support

Mozilla planet - do, 25/09/2014 - 21:42
Yesterday, we presented a series of proposed changes to Mozharness at the bi-weekly meeting.

We're mainly focused on making it easier for developers and allow for further flexibility.
We will initially focus on the testing side of the automation and make ground work for other further improvements down the line.

The set of changes discussed for this quarter are:

  1. Move remaining set of configs to the tree - bug 1067535
    • This makes it easier to test harness changes on try
  2. Read more information from the in-tree configs - bug 1070041
    • This increases the number of harness parameters we can control from the tree
  3. Use structured output parsing instead of regular where it applies - bug 1068153
    • This is part of a larger goal where we make test reporting more reliable, easy to consume and less burdening on infrastructure
    • It's to establish a uniform criteria for setting a job status based on a test result that depends on structured log data (json) rather than regex-based output parsing
    • "How does a test turn a job red or orange?" 
    • We will then have a simple answer that is that same for all test harnesses
  4. Mozharness try support - bug 791924
    • This will allow us to lock which repo and revision of mozharnes is checked out
    • This isolates mozharness changes to a single commit in the tree
    • This give us try support for user repos (freedom to experiment with mozharness on try)


Even though we feel the pain of #4, we decided that the value gained for developers through #1 & #2 gave us immediate value while for #4 we know our painful workarounds.I don't know if we'll complete #4 in this quarter, however, we are committed to the first three.
If you want to contribute to the longer term vision on that proposal please let me know.

In the following weeks we will have more updates with regards to implementation details.

Stay tuned!

Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Categorieën: Mozilla-nl planet

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS - Threatpost

Nieuws verzameld via Google - do, 25/09/2014 - 19:36

Threatpost

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS
Threatpost
The Mozilla Foundation has issued a security alert informing users that they have updated a number of their products in order to fix a vulnerability that could allow an attacker to forge RSA certificate signatures and perform man-in-the-middle attacks.
Critical Mozilla vulnerability discoveredFedScoop
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla fixes "phishing friendly" cryptographic bug in Firefox and ThunderbirdNaked Security
Dark Reading -WhaTech
alle 15 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla Release Management Team: Firefox 33 beta6 to beta7

Mozilla planet - do, 25/09/2014 - 18:27

This beta has been driven by the NSS chemspill. We used this unexpected beta to test the behavior of 33 without OMTC under Windows.

  • 8 changesets
  • 232 files changed
  • 73163 insertions
  • 446 deletions

ExtensionOccurrences cc73 h45 py23 c11 vcproj8 sh7 xcconfig6 mn6 pump4 mk4 cpp3 cbproj3 txt2 sln2 plist2 pbxproj2 m42 html2 def2 mm1 list1 +1 js1 in1 groupproj1 dep1 cmake1 am1 ac1

ModuleOccurrences security151 security69 image4 widget1 modules1 +1 js1 gfx1

List of changesets:

Michael WuBug 1062886 - Fix one color padded drawing path. r=seth, a=sledru - 232c3b4708b9 Michael WuBug 1068230 - Don't use the gfxContext transform in intermediate surface. r=seth, a=sledru - bca0649c9b79 Douglas CrosherBug 1013996 - irregexp: Avoid unaligned accesses in ARM code. r=bhackett, a=sledru - 5e2a5b6c7a0d Bas SchoutenBug 1030147 - Switch off OMTC on windows. r=milan, a=sylvestre - f631df57b34c Steven MichaudBug 1056251 - Changing to a Firefox window in a different workspace does not focus automatically. r=masayuki a=lmandel - 7c118b1cf343 Kai EngertBug 1064636, upgrade to NSS 3.17.1 release, r=rrelyea, a=lmandel - fb8ff9258d02 Matt WoodrowBug 1030147 - Release the DrawTarget to drop the surface ref in ThebesLayerD3D9. r=Bas a=lmandel CLOSED TREE - 280407351f1b L. David BaronBug 1064636 followup: Add new function to config/external/nss/nss.def r=khuey a=bustage CLOSED TREE - 2431af782661

Categorieën: Mozilla-nl planet

Critical Mozilla vulnerability discovered - FedScoop

Nieuws verzameld via Google - do, 25/09/2014 - 16:14

Critical Mozilla vulnerability discovered
FedScoop
Researchers at Intel Security announced yesterday they have uncovered a critical vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate ...
Mozilla fixes "phishing friendly" cryptographic bug in Firefox and ThunderbirdNaked Security
'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, ChromeDark Reading
McAfee uncovers BERserk security flaw in Mozilla Firefox browserWhaTech
Register -Help Net Security
alle 9 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Software-update: Mozilla SeaMonkey 2.29.1 - Tweakers

Nieuws verzameld via Google - do, 25/09/2014 - 13:30

Software-update: Mozilla SeaMonkey 2.29.1
Tweakers
Mozilla SeaMonkey logo (75 pix) Mozilla heeft een update voor versie 2.29 van SeaMonkey uitgebracht. SeaMonkey is de voortzetting van de voormalige Mozilla Application Suite en bestaat uit een webbrowser en programma's om te e-mailen en nieuws te ...

Categorieën: Mozilla-nl planet

Mike Hommey: So, hum, bash…

Mozilla planet - do, 25/09/2014 - 09:43

So, I guess you heard about the latest bash hole.

What baffles me is that the following still is allowed:

env echo='() { xterm;}' bash -c "echo this is a test"

Interesting replacements for “echo“, “xterm” and “echo this is a test” are left as an exercise to the reader.

Categorieën: Mozilla-nl planet

Software-update: Mozilla Firefox 32.0.3 - Tweakers

Nieuws verzameld via Google - do, 25/09/2014 - 08:07

Tweakers

Software-update: Mozilla Firefox 32.0.3
Tweakers
Mozilla Firefox 2013 logo (75 pix) Mozilla heeft opnieuw een update voor versie 32 van zijn webbrowser Firefox uitgebracht. In versie 32 moeten onder meer een nieuw caching-systeem en generational garbage collection Firefox sneller maken, is er een ...
Lek in Firefox en Chrome maakte valse certificaten mogelijkSecurity.nl

alle 3 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Rumbling Edge - Thunderbird: 2014-09-22 Calendar builds

Thunderbird - do, 25/09/2014 - 06:31

Common (excluding Website bugs)-specific: (19)

  • Fixed: 501689 – Investigate making storage asynchronous
  • Fixed: 577461 – Status of date invitation in response emails is not shown
  • Fixed: 673089 – Automate Lightning Beta Releases
  • Fixed: 881285 – Remove obsolete nightly builds from nightly/latest-comm-central and nightly/latest-comm-aurora
  • Fixed: 1022120 – Week-view: labels in the day headers don’t change from long to short format
  • Fixed: 1041299 – Sending invitations with configured cc/bcc is broken
  • Fixed: 1045223 – Creating events per drag doesn’t take default status values into account
  • Fixed: 1045417 – Event attendee with a comma in display name gets splitted in two attendees
  • Fixed: 1047227 – Lightning 3.3 no event cancellation button
  • Fixed: 1048878 – Events’ order In the Unifinder doesn’t persist across Thunderbird’s sessions
  • Fixed: 1049341 – Cannot edit meeting attendee list once invite created
  • Fixed: 1054679 – Make the CalDAV provider async safe
  • Fixed: 1055111 – Make calCachedCalendar async safe
  • Fixed: 1059474 – update certificate exception handling in lightning to deal with bug 940506
  • Fixed: 1063085 – Get rid of calIDateTime::jsDate
  • Fixed: 1064552 – Fix postflight_all after the objdir move
  • Fixed: 1067007 – [mozmill] tests do not work after TB build changes
  • Fixed: 1068075 – Fix failure caused by [TypeError: redeclaration of variable ...]
  • Fixed: 1068853 – TEST-UNEXPECTED-FAIL | /builds/slave/test/build/mozmill/testLocalICS.js | testLocalICS.js::testLocalICS

Sunbird will no longer be actively developed by the Calendar team.

Windows builds Official Windows

Linux builds Official Linux (i686), Official Linux (x86_64)

Mac builds Official Mac

Categorieën: Mozilla-nl planet

Rumbling Edge - Thunderbird: 2014-09-22 Thunderbird comm-central builds

Thunderbird - do, 25/09/2014 - 06:30

Thunderbird-specific: (31)

  • Fixed: 934874 – Thunderbird: Header labels in message reader have last letter of aria-label truncated
  • Fixed: 950335 – “Force encryption” changed by “Use encryption if available” after XMPP wizard
  • Fixed: 966655 – Scrollbar shown for recipient list when empty (involving screen dpi scaling): slightly insufficient default height of msgHeadersToolbar cripples visibility of recipients rows (see Bug 1056404)
  • Fixed: 994655 – Allow ESC key to hide automatical attachment reminder notification bar when focus is in message subject
  • Fixed: 1022209 – msgButton is null error when get new messages button not found on toolbar
  • Fixed: 1024578 – attachment notification no longer collapses duplicate keywords
  • Fixed: 1039452 – Near-perma orange: TEST-UNEXPECTED-FAIL | test-attachment-reminder.js | test-attachment-reminder.js::test_manual_attachment_reminder
  • Fixed: 1039453 – TEST-UNEXPECTED-FAIL | test-charset-edit.js | test-charset-edit.js::test_wrong_reply_charset + test-charset-edit.js::test_no_mojibake
  • Fixed: 1040009 – .mozconfig configure options are ignored if objdir path is absolute
  • Fixed: 1041211 – Toolbox border still visible when all toolbars collapsed
  • Fixed: 1044439 – No rule to make target `/home/josiah/comm-central/mozilla/intl/locale/src/props2arrays.py’, needed by `charsetalias.properties.h’ Build regression due to bug 1038537
  • Fixed: 1046318 – glodaFacetView.css references non-existing attachment-col.png
  • Fixed: 1046328 – update certificate exception handling in thunderbird to deal with bug 940506
  • Fixed: 1046563 – tab bar UI broken on windows classic theme, TB31
  • Fixed: 1052071 – Style of quota indicator not as nice as it used to
  • Fixed: 1054260 – Can not drag main window by title bar
  • Fixed: 1054738 – toolkit/library/target fails to link on Thunderbird MacOSX 10.8 Opt builds
  • Fixed: 1055926 – Mozmill tests don’t run due to no mozinfo
  • Fixed: 1056285 – Titlebar broken in fullscreen on OS X Yosemite
  • Fixed: 1056404 – In addressing widget, only 2 recipient rows shown (including empty line) in spite of mail.compose.addresswidget.numRowsShownDefault=3; (caused by bug 966655)
  • Fixed: 1057708 – Fix bustage caused by ‘Bug 1055281 – Make it an error to add a non-existent directory to LOCAL_INCLUDES’
  • Fixed: 1057759 – Port bug 803812 to TB – “Restart to Update” button label in about dialog is vague
  • Fixed: 1058873 – Permanent Orange: TEST-UNEXPECTED-FAIL | test-account-tree.js::test_account_open_state (Test Failure: a != b: ‘true’ != ‘false’)
  • Fixed: 1059192 – Permanent orange: TEST-UNEXPECTED-FAIL | test_searchSuggest.js | contains an error
  • Fixed: 1060281 – Mac universal build error: “autoconf.mk:3: /config/emptyvars.mk: No such file or directory”
  • Fixed: 1060890 – Static-link the CRT into Thunderbird executable (/mail/app/moz.build). Port Bug 1023941 Part 1
  • Fixed: 1062750 – Double border on main toolbar on Aero
  • Fixed: 1062833 – tooltipUsernames is not defined
  • Fixed: 1063919 – windows bustage: calbasecomps.dll : fatal error LNK1120: 13 unresolved externals
  • Fixed: 1064698 – TEST-UNEXPECTED-FAIL | C:\slave\test\build\tests\xpcshell\tests\mail\base\test\unit\test_windows_font_migration.js | test failed (with xpcshell return code: 0)
  • Fixed: 1065885 – Remove jschar from mail and mailnews

MailNews Core-specific: (35)

  • Fixed: 66763 – Deleting a folder fails when there is already a folder with the same name in Trash
  • Fixed: 324467 – TBird 1.5 fails to automatically filter on message body, if Anti-Virus quarentining is ON(mailnews.downloadToTempFile=true). POP3 not IMAP.
  • Fixed: 332639 – force display of Sender header if S/MIME sender is the signer
  • Fixed: 681632 – crash [@ nsMsgWindow::GetOpenFolder(nsIMsgFolder**)] beginning in version 6 [fixed by bug 679626]
  • Fixed: 799821 – Folders misbehave when LSUB does not return mailbox flags
  • Fixed: 858337 – Implement header parsing in JSMime
  • Fixed: 859269 – upgrading to 20.0b1 hangs on “looking for folders” on uw-imap server (Bad configuration of an UW-IMAP server was unfortunately exposed by unplesant change to ‘LIST “” “*” use again’ by bug 799821)
  • Fixed: 882968 – Clean up and move DEFINES and friends to moz.build in comm-central
  • Fixed: 944526 – Include account name in status bar messages when sending/receiving/getting/downloading/fetching new News messages
  • Fixed: 1005336 – startup or shutdown crash in nsObserverService::RemoveObserver(nsIObserver*, char const*) via nsMsgIncomingServer. reference to nsImapIncomingServer released off the main thread in destructors, due to preferences no longer use threadsafe refcounting
  • Fixed: 1008718 – sending to wrong email (list) if “name” is in address book twice and one of them is a mailing list
  • Fixed: 1020696 – Improve composition tests
  • Fixed: 1037505 – test_pop3MoveFilter.js failure matching messages
  • Fixed: 1046998 – Modify test_copyThenMoveManual.js to use Promises
  • Fixed: 1047981 – Port |Bug 1047924 – When building with ac_add_options –enable-extensions extensions are put expanded into the wrong location in dist/bin| to comm-central
  • Fixed: 1052327 – crash [@ PL_strnchr | nsParseMailMessageState::ParseHeaders() ]
  • Fixed: 1052943 – Move additions to C*FLAGS into moz.build and do not link against the static RTL
  • Fixed: 1053444 – Remove MOZ_APP_COMPONENT_MODULES from comm-central
  • Fixed: 1054357 – Update c-c to address non-backward compatible changes to JS let semantics
  • Fixed: 1054526 – Move LDFLAGS / WIN32_EXE_LDFLAGS out of Makefiles for c-c
  • Fixed: 1054536 – Port *FLAG and related changes to config.mk
  • Fixed: 1054727 – TEST-UNEXPECTED-FAIL | check-sync-dirs.py | build file copies are not in sync, port mozconfig.cache and client.mk changes from m-c to c-c
  • Fixed: 1055867 – Move RCFLAGS and RCINCLUDE to moz.build and hardcode manifest name
  • Fixed: 1056948 – Port bug 559505 to c-c (need to package xulstore)
  • Fixed: 1057478 – Port bug 899585 modifying nsIAlertsService to mailnews
  • Fixed: 1057537 – nsImapMailFolder::OnStartRequest generating error because it is not an nsIRequestObserver
  • Fixed: 1057847 – Fix some more xpcshell-test failures due to warnings in the system logs
  • Fixed: 1059551 – Bayesian spam filter won’t compile since bug 1057912
  • Fixed: 1060258 – Permanent Orange: TEST-UNEXPECTED-FAIL | test_cleanup_msf_databases.js (and some other gloda tests)
  • Fixed: 1060715 – TEST-UNEXPECTED-FAIL | /builds/slave/test/build/tests/xpcshell/tests/mailnews/news/test/unit/test_biff.js | 8 == 9 – See following stack: and other failures
  • Fixed: 1060901 – [tb31.1 only] expand mail list broken for lists whose description is quoted
  • Fixed: 1060959 – comm-central/configure: line 544: test: : integer expression expected
  • Fixed: 1061338 – Port DELAYLOAD_LDFLAGS from bug 944800
  • Fixed: 1062630 – Port bug 1041941 to c-c
  • Fixed: 1063469 – some trivial “assignment to undeclared variable” in TB core.

Windows builds Official Windows, Official Windows installer

Linux builds Official Linux (i686), Official Linux (x86_64)

Mac builds Official Mac

Categorieën: Mozilla-nl planet

Sean Bolton: From the Furthest Edge to the Deepest Middle

Mozilla planet - do, 25/09/2014 - 03:36

In my role as Community Building Intern at Mozilla this summer, my goal has been to be explicit about how community building works so that people both internal and external to Mozilla can better understand and build upon this knowledge. This requires one of my favorite talents: connecting what emerges and making it a thing. We all experience this when we’ve been so immersed in something that we begin to notice patterns – our brains like to connect. One of my mentors, Dia Bondi, experienced this with her 21 Things, which she created during her time as a speech coach and still uses today in her work.

I set out to develop a mental model to help thing-ify this seemingly ambiguous concept of community building so that we all could collectively drive the conversation forward. (That might be the philosopher in me.) What emerged was this sort of fascinating overarching story: community building is connecting the furthest edge to the deepest middle (and making the process along that path easier). What I mean here is that the person with the largest of any form of distance must be able to connect to the hardest to reach person in the heart of the formal organization. For example, the 12 year old girl in Brazil who just taught herself some new JavaScript framework needs to be able to connect in some way to the module owner of that new JavaScript framework located in Finland because when they work together we all rise further together.

community building

The edge requires coordination from community. The center requires internal champions. The goal of community building is then to support community by creating structures that bridge community coordinators and internal champions while independently being or supporting the development of both. This structure allows for more action and creativity than no structure at all – a fundamental of design school.

Below is a model of community management. We see this theme of furthest edge to deepest middle. “It’s broken” is the edge. “I can do something about it” approaches the middle. This model shows how to take action and make the pathway from edge to middle easier.

community management

Community building is connecting the furthest edge to the deepest middle. It’s implicit. It’s obvious. But, when we can be explicit and talk about it we can figure out where and how to improve what works and focus less on what does not.


Categorieën: Mozilla-nl planet

Pagina's