loading...

Firefox 64 drops RSS support, thoughts?

sudiukil profile image Quentin Sonrel ・1 min read

Bonus question: do you (still) use RSS? For those of you who do, what client do you use?

Discussion

markdown guide
 

Yes, Snownews (on HBSD). Would highly recommend it. I do not use Firefox though, Chrome/Chromium is much more secure.

 

Chrome/Chromium is much more secure

?

You can't drop a sentence like this without an explanation, my dear Watson 🧐

Do you mean because Chromium has a bigger community and therefore more eyes on the code? Or are you referring to something in particular?

 

Mozilla, the company that makes Firefox, formalized a release schedule for handling their development. It is based on fixed windows (6 weeks) where builds cascade down a series of different channels (Nightly, Aurora, etc.), each time with more bug fixes and stability. This is transparent and a perfectly acceptable way to manage a software project (Chrome has a similar series of channels, although they move much faster and not on a fixed schedule.)

Mozilla releases Nightly builds every day (basically)
Aurora builds are released every 6 weeks
Beta builds are bug fix releases of Aurora, every 6 weeks
Release builds are final bug fix releases of Beta, every 6 weeks
Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. To be clear - only Critical and High security bugs.

Here are some minor quirks, but in comparison to Firefox ESR's bug-fix scenario no big deal.

Case of threat modelling:

Chain a series of Medium / Low vulnerabilities together until they get the level of access they require, e.g. remote code execution. They have a permanent window of exposure.

Is it enough? I think we've gone beyond boundaries of this topic too far.

Ah, I almost forgot this nice little 'feature'.

You gotta remember that it just means that Firefox builds are thoroughly tested before release.

Yes, but again - Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. Chain a series of Medium / Low vulnerabilities together and you could get RCE very easily for adversary with proper resources.

If it’s so easy, do it and I’ll talk to you when you’re done.

Do you understand the concept of threat modelling? Obviously not. We're talking about adversaries with proper resources (e.g. Nation States, APTs, Offensive Intelligence, Major hacker groups).

But usually cleverly crafted XSS (which is opportunistic kind of attack) works with Firefox ESR too. They are mainly blocked by Chrome at the same time.

Well you said that RCE was easy with the proper resources, so I'm asking you to obtain those resources and prove your point.

Sloan, the sloth mascot Comment marked as low quality/non-constructive by the community View code of conduct

Do I see like an adversary with proper resources? If yes, you should probably take a cold shower. If not, why do you ask me stupid question like this. Let's make a deal: Try to study main concepts of information security at your local university and then we can discuss it like two people with equivalent degree of knowledge and understanding in this field. Otherwise, please do not ask me another stupid questions. Thank you.

 

I find it to be good, as I personally don’t use RSS, neither does the majority of people. Thus, Mozilla has reduced what to most is bloat, and won’t have to maintain it. Besides, there’s a dozen extensions out there that one could use instead.

 

What does this mean for RSS and its users (who happen to use Firefox as their main browser)?

I use Feedly and Firefox every day. Never once I thought about Firefox as "providing RSS support", not even sure how would that affect me and my (heavy) RSS usage.

 

Bummer, I really like RSS. I'm not using Firefox, but it's sad such a handy technology gets dismissed. I'm using Feedly (and Newsfold on Android) for everything, also dev.to.

 

Ditto on Feedly. It was my replacement for Google Reader when that was decommed.

 

I use CommaFeed. With a 100+ feeds...

 

Not a huge problem for me.

I use Inoreader to subscribe and read news.

 
 

netNewsWire, the alpha version on Mac.
with 300+ feeds.

 

Yes I do, I use Thunderbird to read the feeds but I wonder how I'll be able to subscribe now that the RSS button has disappeared from Firefox.

 
 

I get all my daily news through RSS feeds, viewed in Feedly. Best way to do it as far as I can see