Air MozillaDigital Economy Board of Advisors, September 30 Meeting-PM Session

Digital Economy Board of Advisors, September 30 Meeting-PM Session Digital Economy Board of Advisors (DEBA) 2016

Air MozillaFoundation Demos September 30 2016

Foundation Demos September 30 2016 Foundation Demos September 30 2016

Air MozillaKernel Recipes 2016 Day 3 PM Session

Kernel Recipes 2016 Day 3 PM Session Three days talks around the Linux Kernel

Web Application SecurityMitigating Logjam: Enforcing Stronger Diffie-Hellman Key Exchange

In response to recent developments attacking Diffie-Hellman key exchange ( and to protect the privacy of Firefox users, we have increased the minimum key size for TLS handshakes using Diffie-Hellman key exchange to 1023 bits. A small number of servers are not configured to use strong enough keys. If a user attempts to connect to such a server, they will encounter the error “ssl_error_weak_server_ephemeral_dh_key”.

Air MozillaKernel Recipes 2016 Day 3 AM Session

Kernel Recipes 2016 Day 3 AM Session Three days talks around the Linux Kernel

Air MozillaDigital Economy Board of Advisors, September 30 Meeting-AM Session

Digital Economy Board of Advisors, September 30 Meeting-AM Session Digital Economy Board of Advisors (DEBA) 2016

SUMO BlogWhat’s Up with SUMO – 29th September

Hello, SUMO Nation!

Change is a constant, and Mozilla is no different. Bigger and smaller changes are coming up across many a project, including SUMO – and we need your help figuring out what they should be like. Learn more about the ways you can make us be better below!

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

Contributors of the week

We salute you!

Don’t forget that if you are new to SUMO and someone helped you get started in a nice way you can nominate them for the Buddy of the Month!

SUMO Community meetings

  • LATEST ONE: 28th of September- you can read the notes here and see the video at AirMozilla.
  • NEXT ONE: happening on the 5th of October!
  • If you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.




  • Thank you for the SUMO Day today! It was a record day for the number of people logging in – you rock!
  • The new training for filtering in widgets is available here: – it also shows the new support thread-specific inbox for the dashboard.

  • Some issues popping up nowadays are startup crashes – caused by AVG and WebSense in particular.
  • Inactive accounts may be removed soon, so if you’re still active, please log in this week. If you no longer have an account, please get in touch with Rachel!
  • Want to join us? Please email Rachel and/or Madalina to get started supporting Mozilla’s product users on Facebook and Twitter. We need your help! Use the step-by-step guide here. Take a look at some useful videos:

Support Forum

Knowledge Base & L10n

  • We are 5 weeks before next release / 1 week after current release What does that mean? (Reminder: we are following the process/schedule outlined here).
    • No work on next release content for KB editors or localizers 
    • All existing content is open for editing and localization as usual; please focus on localizing the most recent / popular content
  • Since pizza turned out to be a great success, if you have ideas how to virtually gather your l10n team mates, contact me about that!


  • for Android
    • Version 50 is slated to come out on November 8th. It should bring video viewing and controlling improvements.
  • for Desktop
    • Version 50 (November 8th as well) will bring the following goodies:
      • WebRTS – full duplex audio streams
      • Tracking Protection supporting Do Not Track
      • Electrolysis – e10s RTL for Windows and Mac
      • First e10s sandbox for Mac OS X and Windows
      • Find in page with a mode to search for whole words only
      • New preference for cycling tabs using Ctrl + Tab
      • Improved printing options via the Reader Mode
  • for iOS
    • Still quiet… Keep using 5.0!

…and that’s it for this week! Remember that we <3 you all for being there for the users when it matters most! Keep rocking the helpful web!

Air MozillaReps Weekly Meeting

Reps Weekly Meeting This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

hacks.mozilla.orgA Web for Everyone: Interviews with Web Practitioners — Fyrd

In recent posts, we’ve explained why it’s important to make the web work for everyone. We’ve spoken with several top web developers about how they do that. And in between, we’ve shown how browser makers can advance compatibility by adopting living standards. Today we’ll show how a single individual can dramatically improve the tooling space, helping to make the web work for everyone.

In 2015, we asked MDN visitors which tools they use most when working on cross-browser compatibility issues. Three quarters of respondents mentioned good reference materials. 65% of respondents said they use MDN as a cross-browser compatibility reference, and 64% said they use No other reference sites came close.

Like MDN, is an open-source project with hundreds of contributors. Anyone can fork and PR the caniuse data or adapt it for use in a brand new tool (examples). Building new tools in this space is important and valuable: More than 25% of developers said they want to make their sites more compatible, but they don’t because they need better tools — for example, automation and linting.

Helping web developers is what motivates Alexis Deveria (a.k.a. @Fyrd), the developer behind Alexis is a web developer at Adobe by day and a champion of cross-browser compatibility by night. He took a break from reading up on the latest browser esoterica to talk with us about compatibility.


What inspired you to build a website devoted to browser compatibility? Was there a specific experience that got it started? What motivates you to keep it going?

I started the site in 2008 because around that time various web browsers started implementing a number of interesting new technologies, especially around HTML5 and CSS3. However, support was sporadic across browsers and there didn’t seem to be a central location to find cross-browser support. So I created a page that listed about 10-15 of such features. As the page slowly became more popular I started adding to it and making it more interactive until little by little it became the full-fledged browser compatibility site you see today.

My motivation to keep it going revolves around a few things, firstly its popularity: so many people visit and rely on it today that it would feel irresponsible to give up on it. It’s also my most successful and longest-running project, something I’m very proud of. Then there’s the fact that it forces me to stay up to date with web tech developments which helps with my day job and finally there’s some ad revenue which always helps.

Caniuse includes Statcounter or Google Analytics stats to help users determine how much of their potential market can use a particular feature. Do you think most developers are basing technical decisions on a market formula like this? What percentage of feature adoption in the market do you think developers are looking for when they decide?

Yeah, I imagine a number of developers take the usage % rate to determine whether or not they can use a feature, though I suspect it’s very much relative to the different factors involved, like what type of feature it is, how important the feature is to have, whether or not it can be polyfilled, etc. My guess would be that most developers don’t just have a specific cut-off percentage for all features, but I haven’t heard one way or the other.

Have you heard from developers that they use Caniuse to help convince their bosses or stakeholders to take a particular technical direction?

I’ve heard of a few of such cases, yes. Which is great of course, especially when they can start using features they’d otherwise be uncertain about using.

What other factors do you think developers should consider — aside from the size of a feature’s potential market — when deciding whether to use a particular feature?

Being on the lookout for partial support and buggy support is important… While in general bugs aren’t blockers, it’s always good to be aware of potential pitfalls. There are also cases where a feature may be deprecated and eventually removed from a browser, particularly for proprietary technologies and features that haven’t received much cross-browser adoption. Thankfully it’s pretty rare for that to happen, but it’s still worth looking out for.

If you could magically make one feature of the web platform 100% compatible across browsers and devices, which would it be?

Wow, just one? If we’re talking just in modern browsers I would go for CSS Grid Layout. Layout’s been one of the biggest paint points in web development and I believe having 100% cross-browser support there would be brilliant. If I could also perform magic on older browsers it would be Flexbox for the same reasons. Thankfully in modern browsers it’s looking quite good already.

Caniuse is an important part of a developer’s toolkit when building cross-browser compatible sites. What other tools or techniques do you think every web dev should consider incorporating to help them build compatible sites?

Using services like BrowserStack or Sauce Labs is incredibly helpful in easily testing on older & mobile browsers, though they require a paid subscription. I’d also recommend becoming familiar with each browser’s own development tools. They’re all good, but it takes some time to understand how to do the same kind of debugging for each browser. Also when using a new technology make sure you do your research beyond Caniuse. Cross-browser support can still come with gotchas, so read MDN, search for blog posts on the subject, etc.

Browser compatibility continues to be one of the biggest challenges in web development — it’s hard! Do you think it’s something a new tool could solve? What would the tool do?

It would be cool if there was a all-rendering-engines-in-one browser where developers could easily switch between them to test their site. In particular this would be useful if it included mobile browsers and older versions… but I can’t see that being anything more than a fantasy, so tools like BrowserStack are likely the closest we’ll get to that.

More ideally, and perhaps more realistically, it would be nice if browser makers would spend more time cooperating on writing tests and ensuring reliable support for technologies so certain types of cross-browser issues wouldn’t occur in the first place.

What would you tell a brand new developer graduating from a coding bootcamp about cross-browser compatibility?

It can get ugly, messy and complicated. Don’t make any assumptions about what will work cross-browser until you’re familiar with it. The good news is that for many basic things cross-browser compatibility is so much better than it used to be. Together with the state of developer tools these days, there’s a lot to be thankful for.

Tips from Alexis’s interview

  • If you see a gap in tooling, you’re probably not the only one. Consider building or contributing to tools that help advance the practice of web development and make the web better for everyone.
  • Don’t assume new features work cross browser. Read about them and experiment with them before committing to use one on a public site.
  • When trying to understand a new web feature, cast a wide net: Look things up on and MDN, and pay attention to other sources (e.g. blogs) too.

Mozilla Add-ons BlogWebExtensions in Firefox 51

Firefox 51 landed in Developer Edition this week, so we have another update on WebExtensions for you. In this update, we’re making it easier for you to port your existing add-ons to WebExtensions. In addition to being fully compatible with multiprocess Firefox, WebExtensions are becoming the standard for add-on development.

Embedded WebExtensions

In Firefox Developer Edition, you can now embed a WebExtensions add-on inside an existing SDK or bootstrapped add-on.

This is especially useful to developers of SDK or bootstrapped add-ons who want to start migrating to WebExtensions and take advantage of new APIs like Native Messaging, but can’t fully migrate yet. It’s also useful for developers who want to complete data migration towards WebExtensions, and who want to take parts of their add-on that are not compatible with multiprocess Firefox and make them compatible.

For more documentation on this, please head over to MDN or check out some examples.

If you need help porting to WebExtensions, please start with the compatibility checker, and check out these resources.

Manifest Change

Because of confusion around the use of strict_min_version in WebExtensions manifests, we’ve prevented the use of * in strict_min_version, for example 48.* is no longer valid. If you upload an add-on to we’ll warn you of that fact.

API Changes

The clipboardWrite permission is now enabled which removes the need to be in a user gesture. This is usable from extension tabs, popups and content scripts.

When a WebExtensions add-on is uninstalled, any local storage is now cleared. If you’d like to persist data across an uninstall then you can use the upcoming sync storage.

The management API now supports the uninstallSelf and getSelf methods. The idle.queryState API has been updated to accurately reflect the state, previously it always returned the value “idle”.

In the webRequest API, onBeforeRequest is now supported in Firefox Nightly and Developer Edition. There are some platform changes that are required to get that to land in a Release version of Firefox.

Developers have been testing out Native messaging and a couple of bugs were filed and fixed on that. New, more detailed, documentation has been written. One of the useful pieces of feedback involved the performance of the round-trip time, and that has now improved.

There has been a few improvements to the appearance of popup windows including the popup arrow, the corners of the popup and reducing flicker on the animation. Here’s a before and after:



Out of process extensions

Now that the majority of the work multi process Firefox has been completed, we are looking ahead to the many improvements it can bring. One of them is allowing WebExtensions to be run in a separate process. This process-sandboxing of add-ons will bring clear performance and security benefits.

But before we can do that, there is quite a bit of work that needs to be done. The main tracking bug lists some of these tasks. There is also a video of Rob Wu presenting the work he has done on this. There currently isn’t a timeline for when this will be landed, but the work is progressing.


We’d also like to give a thank you to four new contributors to WebExtensions, who’ve helped with this release. Thanks to sj, Jorg K, fiveNinePlusR and Tomislav.

Update: link to Robs presentation fixed.

Mozilla Add-ons BlogHow Video DownloadHelper Became Compatible with Multiprocess Firefox

Today’s post comes from Michel Gutierrez (mig), the developer of Video DownloadHelper, among other add-ons. He shares his story about the process of modernizing his XUL add-on to make it compatible with multiprocess Firefox (e10s).


Video DownloadHelper (VDH) is an add-on that extracts videos and image files from the Internet and saves them to your hard drive. As you surf the Web, VDH will show you a menu of download options when it detects something it can save for you.

It was first released in July 2006, when Firefox was on version 1.5. At the time, both the main add-on code and DOM window content were running in the same process. This was helpful because video URLs could easily be extracted from the window content by the add-on. The Smart Naming feature was also able to extract video names from the Web page.

When multiprocess Firefox architecture was first discussed, it was immediately clear that VDH needed a full rewrite with a brand new architecture. In multiprocess Firefox, DOM content for webpages run in a separate process, which means required asynchronous communication with the add-on code would increase significantly. It wasn’t possible to simply make adaptations to the existing code and architecture because it would make the code hard to read and unmaintainable.

The Migration

After some consideration, we decided to update the add-on using SDK APIs. Here were our requirements:

  • Code running in the content process needed to run separately from code running in Javascript modules and the main process. Communication must occur via message passing.
  • Preferences needed to be available in the content process, as there are many adjustable parameters that affect the user interface.
  • Localization of HTML pages within the content script should be as easy as possible.

In VDH, the choice was made to handle all of these requirements using the same Client-Server architecture commonly used in regular Web applications: the components that have access to the preferences, localization, and data storage APIs (running in the main process) serve this data to the UI components and the components injected into the page (running in the content process), through the messaging API provided by the SDK.


Migrating to the SDK enabled us to become compatible with multiprocess Firefox, but it wasn’t a perfect solution. Low-level SDK APIs, which aren’t guaranteed to work with e10s or stay compatible with future versions of Firefox, were required to implement anything more than simple features. Also, an increased amount of communication between processes is required even for seemingly simple interactions.

  • Resizing content panels can only occur in the background process, but only the content process knows what the dimensions should be. This gets more complicated when the size dynamically changes or depends on various parameters.
  • Critical features like monitoring network traffic or launching external programs in VDH requires low-level APIs.
  • Capturing tab thumbnails from the Add-on SDK API does not work in e10s mode. This feature had to be reimplemented in the add-on using a framescript.
  • When intercepting network responses, the Add-on SDK does not decode compressed responses.
  • The SDK provides no easy means to determine if e10s is enabled or not, which would be useful as long as glitches remain where the add-on has to act differently.

Future Direction

Regardless of the limitations posed, making VDH compatible to multiprocess Firefox was a great success. Taking the time to rewrite the add-on also improved the general architecture and prepared it for changes needed for WebExtensions. The first e10s-compatible version of VDH is version 5.0.1 and had been available since March 2015.

Looking forward, the next big challenge is making VDH compatible with WebExtensions. We considered migrating directly to WebExtensions, but the legacy and low-level SDK APIs used in VDH could not be replaced at the time without compromising the add-on’s features.

To fully complete the transition to WebExtensions, additional APIs may need to be created. As an extension developer we’ve found it helpful to work with Mozilla to define those APIs, and design them in a way that is general enough for them to be useful in many other types of add-ons.

A note from the add-ons team: resources for migrating your add-ons to WebExtensions can be found here.

Air MozillaThe Joy of Coding - Episode 73

The Joy of Coding - Episode 73 mconley livehacks on real Firefox bugs while thinking aloud.

The Mozilla BlogFirefox’s Test Pilot Program Launches Three New Experimental Features

Earlier this year we launched our first set of experiments for Test Pilot, a program designed to give you access to experimental Firefox features that are in the early stages of development. We’ve been delighted to see so many of you participating in the experiments and providing feedback, which ultimately, will help us determine which features end up in Firefox for all to enjoy.

Since our launch, we’ve been hard at work on new innovations, and today we’re excited to announce the release of three new Test Pilot experiments. These features will help you share and manage screenshots; keep streaming video front and center; and protect your online privacy.

What Are The New Experiments?

Min Vid:

Keep your favorite entertainment front and center. Min Vid plays your videos in a small window on top of your other tabs so you can continue to watch while answering email, reading the news or, yes, even while you work. Min Vid currently supports videos hosted by YouTube and Vimeo.

Page Shot:

The print screen button doesn’t always cut it. The Page Shot feature lets you take, find and share screenshots with just a few clicks by creating a link for easy sharing. You’ll also be able to search for your screenshots by their title, and even the text captured in the image, so you can find them when you need them.

Tracking Protection:

We’ve had Tracking Protection in Private Browsing for a while, but now you can block trackers that follow you across the web by default. Turn it on, and browse free and breathe easy. This experiment will help us understand where Tracking Protection breaks the web so that we can improve it for all Firefox users.

How do I get started?

Test Pilot experiments are currently available in English only. To activate Test Pilot and help us build the future of Firefox, visit

As you’re experimenting with new features within Test Pilot, you might find some bugs, or lose some of the polish from the general Firefox release, so Test Pilot allows you to easily enable or disable features at any time.

Your feedback will help us determine what ultimately ends up in Firefox – we’re looking forward to your thoughts!


Yes.  Long time no post.

Why? Is the SeaMonkey project dead? The last was 2.40!  That’s a long time ago! (well, not really…  but long enough.)  Where is everyone?  Why has there been no posts or mentions? (and a host of other questions…)

Just want to mention that 2.46 is currently being spun… and by spun, I mean wrenched…  like loosening a very tight bolt that’s been superglued to the screw.

“What do you mean?”  some might ask.

At the start of the process, we managed to hit a few hiccups… well…not so much as hiccups but boulders the size of Boulder, Colorado with large signs saying “Stop… you cannot pass!”  (Hyperbole much?)

tl;dr (or if you wish, you can still read)

Since 2.40…  the releng team has been ‘trying’ to unbust the infrastructure to the point that things are starting to go green. (Yay!)  though we still have some l10n nightly troubles (bah humbug).   So with the desperate need of getting a release done, the project felt it was a good time to build 2.46 before something crawled out of the moco workshop to put a kaibosh on our release…  little did we know.

So, we (not really throwing caution to the wind… more like hoping with baited breath) started the build….

… only to come to a crashing halt at the 2nd step. (Moco *did* make a change to’s infra (thus changing the fingerprint) and caused the build bustage as well as some environment variables  that should’ve been set but weren’t for some reasons (probably changes in the releng code that didn’t get translated to the release releng code…  my bad).

So.  2.46 will be out.  Just not today and my guess, not tomorrow either.  Sorry.   But since everyone’s waited for so long…  what’s a couple of days more? You’re right. Not a good excuse.

Please do stay tune to this channel… more updates soon as we unhork those boulders (hyperbole.. I know).


Air MozillaConnected Devices Meetup - Sensor Web

Connected Devices Meetup - Sensor Web Mozilla's own Cindy Hsiang to discuss SensorWeb SensorWeb wants to advance Mozilla's mission to promote the open web when it evolves to the physical world....

Air MozillaConnected Devices Meetup - Laurynas Riliskis

Connected Devices Meetup - Laurynas Riliskis We are on the verge of next revolution Connected devices have emerged during the last decade into what's known as the Internet of Things. These...

Air MozillaConnected Devices Meetup - Johannes Ernst: UBOS and the Indie IoT

Connected Devices Meetup - Johannes Ernst: UBOS and the Indie IoT We are on the verge of next revolution Connected devices have emerged during the last decade into what's known as the Internet of Things. These...

Air MozillaConnected Devices Meetup - Nicholas van de Walle

Connected Devices Meetup - Nicholas van de Walle Nicholas van de Walle is a local web developer who loves shoving computers into everything from clothes to books to rocks. He has worked for...

Air MozillaConnected Devices Meetup - September 27, 2016

Connected Devices Meetup - September 27, 2016 6:30pm - Johannes Ernst; UBOS and the Indie IoT: Will the IoT inevitably make us all digital serfs to a few overlords in the cloud,...

Air MozillaB2G OS Announcements September 2016

B2G OS Announcements September 2016 The weekly B2G meeting on Tuesday 27th September will be attended by Mozilla senior staff members who would like to make some announcements to the...

Air MozillaMartes Mozilleros, 27 Sep 2016

Martes Mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...

WebmakerCelebrating Ada Lovelace Day & Women in STEM

We’re celebrating Ada Lovelace Day throughout the month of October and hope you’ll join us in celebrating women in science, technology, engineering and math (STEM).

Augusta Ada King-Noel, Countess of Lovelace, also known as Ada Lovelace, lived in the mid-1800’s and was an English mathematician and writer. She is considered the first computer programmer, as her notes on the Analytical Engine (a mechanical general-purpose computer created by Charles Babbage) are considered to be the first algorithm intended to be carried out by a machine. From Wikipedia, “She also developed a vision of the capability of computers to go beyond mere calculating or number-crunching, while many others, including Babbage himself, focused only on those capabilities. Her mind-set of “poetical science” led her to ask questions about the Analytical Engine (as shown in her notes) examining how individuals and society relate to technology as a collaborative tool.” Read more.

Join us in honoring her legacy by marking your calendars for these upcoming Ada Lovelace Day events!

Mozilla Curriculum Workshop: Tuesday, October 11 6am PT/9am ET/ 1pm UTC

In our webcast this month, we’ll be recognizing the challenges, accomplishments and contributions of women leaders from the Mozilla Leadership Network around the globe. Join to help us build teaching and learning resources promoting women and the web.

Mozilla Learning/Mozilla Science Community Call: Thursday, October 13 8am PT/ 11am ET/ 3pm UTC

The presence and participation of women in STEM is on the rise thanks to the efforts of many across the globe, but there are still obstacles and barriers to overcome. This month, Mozilla Learning and the Mozilla Science Lab are joining forces to explore current opportunities and supports for women in STEM around the world.

Guest speakers include:

You’ll also hear from each of the new Mozilla Fellows for Science to learn more about their work and how they’ve been inspired by women in science. Join our community call on the 13th!

#TTWchat: Wednesday, October 19 9am PT/12pm ET/4pm UTC

Join @MozLearn and @MozillaScience to discuss and celebrate women in STEM during a one-hour tweet chat.

Questions we’ll discuss include:

  • What advice would you share with young girls interested in pursuing scientific fields?
  • What inspirational female scientist role model do you look up to and why?
  • What book/biography changed your perspective on women in STEM and why?

You can also sign up for our monthly newsletter, which includes information about upcoming events, featured teach the web activities, announcements, and more at

The Mozilla BlogHelp Fix Copyright: Send a Rebellious Selfie to European Parliament (Really!)

The EU’s proposed copyright reform keeps in place retrograde laws that make many normal online creative acts illegal. The same restrictive laws will stifle innovation and hurt technology businesses. Let’s fix it. Sign Mozilla’s petition, watch and share videos, and snap a rebellious selfie

Earlier this month, the EU Commission released their proposal for a reformed copyright framework. In response, we are asking everyone reading this post to take a rebellious selfie and send that doctored snapshot to EU Parliament. Seem ridiculous? So is an outdated law that bans taking and sharing selfies in front of the Eiffel Tower at night in Paris, or in front of the Little Mermaid in Copenhagen.

Of course, no one is actually going to jail for subversive selfies. But the technical illegality of such a basic online act underscores the grave shortcomings in the EU’s latest proposal on copyright reform. As Mozilla’s Denelle Dixon-Thayer noted in her last post on the proposed reform, it “thoroughly misses the goal to deliver a modern reform that would unlock creativity and innovation.” It doesn’t, for instance, include needed exceptions for panorama, parody, or remixing, nor does it include a clause that would allow noncommercial transformations of works (like remixes, or mashups) or a flexible user clause like an open norm, or fair dealing.

Translation? Making memes and gifs will remain an illicit act.

And that’s just the start. Exceptions for text and data mining are limited to public institutions. This could stifle startups looking to online data to build innovative businesses. Then there is the dangerous “neighbouring right,” similar to the ancillary copyright laws we’ve seen in Spain and Germany (which have been clear failures, respectively). This misguided part of the reform would allow online publishers to copyright “press publications” for up to 20 years, with retroactive effect. The vague wording makes it unclear exactly to whom and for whom this new exclusive right would apply.

Finally, another unclear provision would require any internet service that provides access to “large amounts” of works to users to broker agreements with rightsholders for the use of, and protection of, their works. This could include the use of “effective content recognition technologies” — which imply universal monitoring and strict filtering technologies that identify and/or remove copyrighted content.

These proposals, if adopted as they are, would deal a blow to EU startups, to independent coders, creators, and artists, and to the health of the internet as a driver for economic growth and innovation.

We’re not advocating plagiarism or piracy. Creators must be treated fairly, including proper remuneration, for their creations and works. Mozilla wants to improve copyright for everyone,  so individuals are not discouraged from creating and innovating.

Mozilla isn’t alone in our objections: Over 50,000 individuals have signed our petition and demanded modern copyright laws that foster creativity, innovation, and opportunity online.

We have our work cut out for us. As the European Parliament revises the proposal this fall, we need a movement — a collection of passionate internet users who demand better, modern laws. Today, Mozilla is launching a public education campaign to support that movement.


Mozilla has created an app to highlight the absurdity of some of Europe’s outdated copyright laws. Try Post Crimes: Take a selfie in front of European landmarks that can be technically unlawful to photograph — like the Eiffel Tower’s night-time light display, or the Little Mermaid in Denmark — due to restrictive copyright laws.

Then, send your selfie as a postcard to your Member of the European Parliament (MEP). Show European policymakers how outdated copyright laws are, and encourage them to forge a more future-looking and innovation-friendly copyright reform.

We’ve also created three short videos that outline the need for reform. They’re educational, playful, and a little bit weird — just like the internet. But they explore a serious issue: The harmful effect outdated and restrictive copyright laws have on our creativity and the open internet. We hope you’ll watch them and share them with others.

We need your help standing up for better copyright laws. When you sign the petition, snap a selfie, or share our videos, you’re supporting creativity, innovation and opportunity online — for everyone.

WebmakerConnecting Youth Civic Engagement with 21st Century Skills

During the the Mozilla Learning community call this month, we had the opportunity to chat with Rachel Roberson from KQED, Andrew Brennen from Student Voice, and Ariam Mogos from Global Kids, to learn more about their programs and campaigns that promote youth civic engagement. Specifically, they shared how they support youth to participate in current events and issues in their communities, and how web literacy and 21st Century skills can enhance opportunities for young people to be more active agents of change.

Here is an overview of each of the programs/campaigns shared by our guests:

Letters to the Next President 2.0 is a campaign led by KQED and National Writing Project to engage and connect young people, aged 13–18, as they research, write, and make media to voice their opinions on issues that matter to them in the coming election. Letters can take the form of collages, photos, videos, spoken word, infographics – any form youth wish to express themselves. The site also features robust resources for educators, from videos to curriculum.

Student Voice inspires and empowers students to take charge of their education by adding their voice to educational decision-making. During this important political season in the U.S., election rhetoric is making its way into classrooms and it’s more important than ever to empower youth in navigating these difficult and relevant topics.

Student Voice publishes an inaugural State of Schools Report, a comprehensive document that evaluates the current climate of America’s schools from the student perspective. Contributions from students are being accepted – get involved by sharing your experience, story, network, or social media presence to the cause by contributing here.

Young Innovators Squad brings together high school students interested in hands-on making by providing opportunities in STEAM (science, technology, engineering, arts, math) and civic engagement across New York City. The program, which was fully co-designed with participating youth, is led by Global Kids and support by Mozilla Hive NYC.

Watch the recording to learn more. If you know of other programs, opportunities or resources that help empower youth to participate in civic discussion, share them with us on our forum.

QMOFirefox 50 Beta 3 Testday, September 30th

Hello Mozillians,

We are happy to announce that Friday, September 30th, we are organizing Firefox 50 Beta 3 Testday. We will be focusing our testing on Pointer Lock API and WebM EME support for Widevine features. Check out the detailed instructions via this etherpad.

No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

Join us and help us make Firefox better! See you on Friday!

Mozilla Web DevelopmentBeer and Tell – September 2016

Once a month, web developers from across the Mozilla Project get together to talk about our side projects and drink, an occurrence we like to call “Beer and Tell”.

There’s a wiki page available with a list of the presenters, as well as links to their presentation materials. There’s also a recording available courtesy of Air Mozilla.

emceeaich: Gopher Tessel

First up was emceeaich, who shared Gopher Tessel, a project for running a Gopher server (an Internet protocol that was popular before the World Wide Web) on a Tessel. Tessel is small circuit board that runs Node.js projects; Gopher Tessel reads sensors (such as the temperature sensor) connected to the board, and exposes their values via Gopher. It also can control lights connected to the board.

groovecoder: Crypto: 500 BC – Present

Next was groovecoder, who shared a preview of a talk about cryptography throughout history. The talk is based on “The Code Book” by Simon Sign. Notable moments and techniques mentioned include:

  • 499 BCE: Histiaeus of Miletus shaves the heads of messengers, tattoos messages on their scalps, and sends them after their hair has grown back to hide the message.
  • ~100 AD: Milk of tithymalus plant is used as invisible ink, activated by heat.
  • ~700 BCE: Scytale
  • 49 BC: Caesar cipher
  • 1553 AD: Vigenère cipher

bensternthal: Home Monitoring & Weather Tracking

bensternthal was up next, and he shared his work building a dashboard with weather and temperature information from his house. Ben built several Node.js-based applications that collect data from his home weather station, from his Nest thermostat, and from Weather Underground and send all the data to an InfluxDB store. The dashboard itself uses Grafana to plot the data, and all of these servers are run using Docker.

The repositories for the Node.js applications and the Docker configuration are available on GitHub:

craigcook: ByeHolly

Next was craigcook, who shared a virtual yearbook page that he made as a farewell tribute to former-teammate Holly Habstritt-Gaal, who recently took a job at another company. The page shows several photos that are clipped at the edges to look curved like an old television screen. This is done in CSS using clip-path with an SVG-based path for clipping. The SVG used is also defined using proportional units, which allows it to warp and distort correctly for different image sizes, as seen by the variety of images it is used on in the page.

peterbe: react-buggy

peterbe told us about react-buggy, a client for viewing Github issues implemented in React. It is a rewrite of buggy, a similar client peterbe wrote for Bugzilla bugs. Issues are persisted in Lovefield (a wrapper for IndexedDB) so that the app can function offline. The client also uses elasticlunr.js to provide full-text search on issue titles and comments.

shobson: tic-tac-toe

Last up was shobson, who shared a small Tic-Tac-Toe game on the offline page that is shown when the site is in offline mode and you attempt to view a page that is not available offline.

If you’re interested in attending the next Beer and Tell, sign up for the mailing list. An email is sent out a week beforehand with connection details. You could even add yourself to the wiki and show off your side-project!

See you next month!

Air MozillaParticipation Q3 Demos

Participation Q3 Demos Watch the Participation Team share the work from the last quarter in the Demos.

SUMO BlogWhat’s Up with SUMO – 22nd September

Hello, SUMO Nation!

How are you doing? Have you seen the First Inaugural Firefox Census already? Have you filled it out? Help us figure out what kind of people use Firefox! You can get to it right after you read through our latest & greatest news below.

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

Contributors of the week

Don’t forget that if you are new to SUMO and someone helped you get started in a nice way you can nominate them for the Buddy of the Month!

SUMO Community meetings

  • LATEST ONE: 21st of September- you can read the notes here and see the video at AirMozilla.
  • NEXT ONE: happening on the 28th of September!
  • If you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.



  • PLATFORM REMINDER! The Platform Meetings are BACK! If you missed the previous ones, you can find the notes in this document. (here’s the channel you can subscribe to). We really recommend going for the document and videos if you want to make sure we’re covering everything as we go.
  • A few important and key points to make regarding the migration:
    • We are trying to keep as many features from Kitsune as possible. Some processes might change. We do not know yet how they will look.
    • Any and all training documentation that you may be accessing is generic – both for what you can accomplish with the platform and the way roles and users are called within the training. They do not have much to do with the way Mozilla or SUMO operate on a daily basis. We will use these to design our own experience – “translate” them into something more Mozilla, so to speak.
    • All the important information that we have has been shared with you, one way or another.
    • The timelines and schedule might change depending on what happens.
  • We started discussions about Ranks and Roles after the migration – join in! More topics will start popping up in the forums up for discussion, but they will all be gathered in the first post of the main migration thread.
  • If you are interested in test-driving the new platform now, please contact Madalina.
    • IMPORTANT: the whole place is a work in progress, and a ton of the final content, assets, and configurations (e.g. layout pieces) are missing.
  • QUESTIONS? CONCERNS? Please take a look at this migration document and use this migration thread to put questions/comments about it for everyone to share and discuss. As much as possible, please try to keep the migration discussion and questions limited to those two places – we don’t want to chase ten different threads in too many different places.


Support Forum

  • Once again, and with gusto – SUUUUMO DAAAAAY! Go for it!
  • Final reminder: If you are using email notifications to know what posts to return to, jscher2000 has a great tip (and tool) for you. Check it out here!

Knowledge Base & L10n


  • for Android
    • Version 49 is out! Now you can enjoy the following:

      • caching selected pages (e.g. for offline retrieval
      • usual platform and bug fixes
  • for Desktop
    • Version 49 is out! Enjoy the following:

      • text-to-speech in Reader mode (using your OS voice modules)
      • ending support for older Mac OS versions
      • ending support for older CPUs
      • ending support for Firefox Hello
      • usual platform and bug fixes
  • for iOS
    • No news from under the apple tree this time!

By the way – it’s the first day of autumn, officially! I don’t know about you, but I am looking forward to mushroom hunting, longer nights, and a bit of rain here and there (as long as it stops at some point). What is your take on autumn? Tell us in the comments!

Cheers and see you around – keep rocking the helpful web!

Mozilla Web DevelopmentExtravaganza – September 2016

Once a month, web developers from across Mozilla get together to talk about the work that we’ve shipped, share the libraries we’re working on, meet new folks, and talk about whatever else is on our minds. It’s the Webdev Extravaganza! The meeting is open to the public; you should stop by!

You can check out the wiki page that we use to organize the meeting, or view a recording of the meeting in Air Mozilla. Or just read on for a summary!

Shipping Celebration

The shipping celebration is for anything we finished and deployed in the past month, whether it be a brand new site, an upgrade to an existing one, or even a release of a library.

Survey Gizmo Integration with Google Analytics

First up was shobson, who talked about a survey feature on MDN that prompts users to leave feedback about how MDN helped them complete a task. The survey is hosted by SurveyGizmo, and custom JavaScript included on the survey reports the user’s answers back to Google Analytics. This allows us to filter on the feedback from users to answer questions like, “What sections of the site are not helping users complete their tasks?”.

View Source Offline Mode

shobson also mentioned the View Source website, which is now offline-capable thanks to Service Workers. The pages are now cached if you’ve ever visited them, and the images on the site have offline fallbacks if you attempt to view them with no internet connection.

SHIELD Content Signing

Next up was mythmon, who shared the news that Normandy, the backend service for SHIELD, now signs the data that it sends to Firefox using the Autograph service. The signature is included with responses via the Content-Signature header. This signing will allow Firefox to only execute SHIELD recipes that have been approved by Mozilla.

Open-source Citizenship

Here we talk about libraries we’re maintaining and what, if anything, we need help with for them.


Eli was up next, and he shared Neo, a tool for setting up new React-based projects with zero configuration. It installs and configures many useful dependencies, including Webpack, Babel, Redux, ESLint, Bootstrap, and more! Neo is installed as a command used to initialize new projects or a dependency to be added to existing projects, and acts as a single dependency that pulls in all the different libraries you’ll need.


The Roundtable is the home for discussions that don’t fit anywhere else. Reboot

Last up was pmac, who shared a note about how he and willkg are re-writing the service using Django, and are switching the rewrite to use Github authentication instead of Persona. They have a staging server setup and expect to have news next month about the availability of the new service. is a service used by several teams at Mozilla for posting status updates as they work, and includes an IRC bot for quick posting of updates.

If you’re interested in web development at Mozilla, or want to attend next month’s Extravaganza, subscribe to the mailing list to be notified of the next meeting, and maybe send a message introducing yourself. We’d love to meet you!

See you next month!

Air MozillaReps weekly, 22 Sep 2016

Reps weekly This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

Air MozillaPrivacy Lab - September 2016 - EU Privacy Panel

Privacy Lab - September 2016 - EU Privacy Panel Want to learn more about EU Privacy? Join us for a lively panel discussion of EU Privacy, including GDPR, Privacy Shield, Brexit and more. After...

about:communityOne Mozilla Clubs


In 2015, The Mozilla Foundation launched the Mozilla Clubs program to bring people together locally to teach, protect and build the open web in an engaging and collaborative way. Within a year it grew to include 240+ Clubs in 100+ cities globally, and now is growing to reach new communities around the world.

Today we are excited to share a new focus for Mozilla Clubs taking place on a University or College Campus (Campus Clubs). Mozilla Campus Clubs blend the passion and student focus of the former Firefox Student Ambassador program and Take Back The Web Campaign with the existing structure of  Mozilla Clubs to create a unified model for participation on campuses!

Mozilla Campus Clubs take advantage of the unique learning environments of Universities and Colleges to bring groups of students together to teach, build and protect the open web. It builds upon the Mozilla Club framework to provide targeted support to those on campus through its:

  1. Structure:  Campus Clubs include an Executive Team in addition to the Club Captain position, who help develop programs and run activities specific to the 3 impact areas (teach, build, protect).
  2. Training & Support: Like all Mozilla Clubs, Regional Coordinators and Club Captains receive training and mentorship throughout their clubs journey. However the nature of the training and support for Campus Clubs is specific to helping students navigate the challenges of setting up and running a club in the campus context.
  3. Activities: Campus Club activities are structured around 3 impact areas (teach, build, protect). Club Captains in a University or College can find suggested activities (some specific to students) on the website here.

These clubs will be connected to the larger Mozilla Club network to share resources, curriculum, mentorship and support with others around the world. In 2017 you’ll see additional unification in terms of a joint application process for all Regional Coordinators and a unified web presence.

This is an exciting time for us to unite our network of passionate contributors and create new opportunities for collaboration, learning, and growth within our Mozillian communities. We also see the potential of this unification to allow for greater impact across Mozilla’s global programs, projects and initiatives.

If you’re currently involved in Mozilla Clubs and/or the FSA program, here are some important things to know:

  • The Firefox Student Ambassador Program is now Mozilla Campus Clubs: After many months of hard work and careful planning the Firefox Ambassador Program (FSA) has officially transitioned to Mozilla Clubs as of Monday September 19th, 2016. For full details about the Firefox Student Ambassador transition check out this guide here.
  • Firefox Club Captains will now be Mozilla Club Captains: Firefox Club Captains who already have a club, a structure, and a community set up on a university/college should register your club here to be partnered with a Regional Coordinator and have access to new resources and opportunities, more details are here.
  • Current Mozilla Clubs will stay the same: Any Mozilla Club that already exists will stay the same. If they happen to be on a university or college campus Clubs may choose to register as a Campus Club, but are not required to do so.
  • There is a new application for Regional Coordinators (RC’s): Anyone interested in taking on more responsibility within the Clubs program can apply here.  Regional Coordinators mentor Club Captains that are geographically close to them. Regional Coordinators support all Club Captains in their region whether they are on campus or elsewhere.
  • University or College students who want to start a Club at their University and College may apply here. Students who primarily want to lead a club on a campus for/with other university/college students will apply to start a Campus Club.
  • People who want to start a club for any type of learner apply here. Anyone who wants to start a club that is open to all kinds of learners (not limited to specifically University students) may apply to start a Club here.

Individuals who are leading Mozilla Clubs commit to running regular (at least monthly) gatherings, participate in community calls, and contribute resources and learning materials to the community. They are part of a network of leaders and doers who support and challenge each other. By increasing knowledge and skills in local communities Club leaders ensure that the internet is a global public resource, open and accessible to all.

This is the beginning of a long term collaboration for the Mozilla Clubs Program. We are excited to continue to build momentum for Mozilla’s mission through new structures and supports that will help engage more people with a passion for the open web.

Air MozillaThe Joy of Coding - Episode 72

The Joy of Coding - Episode 72 mconley livehacks on real Firefox bugs while thinking aloud.

hacks.mozilla.orgFirefox 49 fixes sites designed with WebKit in mind, and more

Several recent articles on the Hacks blog explain why web developers should care about cross-browser compatibility and how great web developers achieve it. Web developers have a critical role in making the web work for everyone. And so do browser makers. As of today we’re introducing a number of compatibility features to the Gecko rendering engine, bringing us up to date with the WHATWG Compatibility Standard.

Some notable changes in this release include support for several -webkit- prefixes and WebKit-specific interfaces. These platform features are non-standard, vendor-specific, and quite prevalent.

Non-standard, incompatible CSS breaks websites for user agents designed around standards. When a browser that doesn’t support -webkit- prefixes (such as Firefox 48 and below) visits one of these sites, the web looks broken. This will be the case until those sites update their CSS. That’s why Firefox 49 includes the following changes to accommodate WebKit-specific content:

(in)Frequently Asked Questions (iFAQ):

Q. So, what does this mean for me?

A. As a user, improved compatibility with sites that were designed for WebKit browsers only, especially on mobile.

As a developer, you might want to go back and add unprefixed equivalents to your -webkit-only CSS so we can remove these from the web platform one day in the future (theoretically). Pro Tip: Unprefixed properties always come last.

Q. Did you just break my site?

A. We hope not! But you can toggle this for testing with the following preference:


If there’s a difference (for the worse!), please report bugs to and cc, or report them on

Q. Should I only use -webkit- prefixes from now on?

A. No, that’s unnecessary and inadvisable. Keep using web standards and keep testing in multiple browsers. If you must use -webkit- prefixes (and there are fewer reasons to do so than ever before), make sure they’re above the unprefixed property in your CSS.

Full disclosure: Mike edits the Compatibility Standard, but there’s work to be done if you’d like to contribute!

The Mozilla BlogLatest Firefox Expands Multi-Process Support and Delivers New Features for Desktop and Android

With the change of the season, we’ve worked hard to release a new version of Firefox that delivers the best possible experience across desktop and Android.

Expanding Multiprocess Support

Last month, we began rolling out the most significant update in our history, adding multiprocess capabilities to Firefox on desktop, which means Firefox is more responsive and less likely to freeze. In fact, our initial tests show a 400% improvement in overall responsiveness.

Our first phase of the rollout included users without add-ons. In this release, we’re expanding support for a small initial set of compatible add-ons as we move toward a multiprocess experience for all Firefox users in 2017.

Desktop Improvement to Reader Mode

This update also brings two improvements to Reader Mode. This feature strips away clutter like buttons, ads and background images, and changes the page’s text size, contrast and layout for better readability. Now we’re adding the option for the text to be read aloud, which means Reader Mode will narrate your favorite articles, allowing you to listen and browse freely without any interruptions.

We also expanded the ability to customize in Reader Mode so you can adjust the text and fonts, as well as the voice. Additionally, if you’re a night owl like some of us, you can read in the dark by changing the theme from light to dark.

Offline Page Viewing on Android

On Android, we’re now making it possible to access some previously viewed pages when you’re offline or have an unstable connection. This means you can interact with much of your previously viewed content when you don’t have a connection. The feature works with many pages, though it is dependent on your specific device specs. Give it a try by opening Firefox while your phone is in airplane mode.

We’re continuing to work on updates and new features that make your Firefox experience even better. Download the latest Firefox for desktop and Android and let us know what you think.

Mozilla L10NFirefox L10n Report – Aurora 51

Here’s an outline of what is currently in Aurora this cycle for Firefox 51.

Current Aurora Cycle – Firefox 51

Key dates for this cycle:

  • Beta (50): localization updates for already shipping locales must be completed before 19 October. Note that this cycle doesn’t follow the usual pattern.
  • Aurora (51): localization updates must be completed before 7 November. That’s the Monday, also known as merge day, before the next release of Firefox.

String breakdown:

  • Firefox Aurora desktop has 158 added strings (213 obsolete). About 55% of the new strings are for Developer Tools.
  • Fennec Aurora has 27 new strings (17 obsolete). 8 new strings are Fennec-only (in /mobile).

There are currently no pending requests to uplift patches with strings to Aurora.

For further details on the new features you can check the release notes (they’re usually published a few days after release):

Noteworthy Changes Available in Aurora

These are some of the interesting changes introduced in the last cycle.


One string in layout/ has changed without a new ID, from ‘no element found’ to ‘no root element found’.


Several developer tools are moving strings from .DTD to .properties, it should be expected to have a perfect match in TM tools like Pontoon & Pootle between old and new strings. For example:

There is also one big movement of strings (from each devtools to a file) to improve devtools startup performances.

The new debugger, also known as debugger.html, is currently not localizable. We’re in touch with the team and we hope to make it localizable soon.


In bug 1290756 and bug 686168, help viewer files were moved from toolkit to comm-central (for SeaMonkey). These files were either removed or moved into /suite for all locales during merge day.

Common Issues

GenericImageNameGIF = image.gif
GenericImageNameJPEG = image.jpg
GenericImageNamePNG = image.png

As the localization notes explain, you should not localize the extension, but you should localize the ‘image’ part.

New Languages

When Firefox 51 moves to release, if everything goes according to plans, we aim to release 3 new locales on desktop:

  • Georgian (ka)
  • Kabyle (kab)
  • Latgalian (ltg)

Congratulation to all the teams involved: localizing Firefox is a huge effort and achievement!

We have 4 other locales with a promising outline, and we really look forward to release them in the next versions of Firefox:

  • Burmese (my)
  • Nepali (ne-NP)
  • Tagalog (tl)
  • Urdu (ur)

If you want to know more about the process of releasing new locales, or if you speak one of these languages and want to know how to help the localization teams, please get in touch with us.

To all localizers: Thanks again for all the time and effort you put in localizing and promoting Firefox in your language.

hacks.mozilla.orgA Web for Everyone: Interviews with Web Practitioners — David Walsh

We’ve heard now from Rachel Andrew, Chris Coyier, and Belén Albeza. Each of these great web developers offered ideas for accomplishing cross-browser compatibility. The fourth interviewee in our web-compatibility interview series brings some new tools to the table.

David Walsh (@davidwalshblog) taught himself HTML, CSS and JavaScript at a young age, and soon turned those skills into a vocation. He started blogging about front-end development after landing his first job in the field. Now, a decade later, David’s blog is daily reading for tens of thousands of web developers who go there for tips, tutorials, and reflections about the life of a developer. David has spoken at JavaScript conferences around the world including LondonAJAX and BrazilJS. He works as a front-end developer and evangelist at Mozilla.

David Walsh

David, what does cross-browser compatibility mean to you?

Cross-browser compatibility means functionality and design working across not only different desktop browsers but also browser apps on different mobile devices, sometimes extending to gaming machines like the Xbox One.

How often do you have to think about cross-browser compatibility? Have you found ways to work that allow you to reduce the amount of time you think about it compared to when you were less experienced?

Working with some bleeding edge APIs at Mozilla, including Service Workers, WebVR, and A-Frame, cross-browser compatibility is something I have to think of often.

Cross-browser compatibility changes meaning but has always been present.

Earlier in my career I would also think of cross-browser compatibility but it was a different environment: IE6 had stalled, user-agent checking was commonplace, and both WebKit/Safari and Firefox were implementing features with their own prefixes, making using new features difficult.

Cross-browser compatibility changes meaning but has always been present.

What motivates you to make the extra effort to build a cross-browser compatible site?

Mozilla properties are visited by millions of users on different browsers, devices, and variant versions of each, meaning that cross-browser compatibility is a must. Also the idea that everyone deserves the same experience if possible.

Everyone deserves the same experience if possible.

Could anything convince you not to make that effort? What?

I suspect that some developers and/or organizations may see cross-browser compatibility as a bloat in time and cost. Luckily, the browsers have come together on the importance of standards and are roughly on the same timeline with features, so unless you’re using bleeding edge capabilities, cross-browser compatibility isn’t as difficult as it used to be.

Have you ever had to convince a client or boss that building a cross-browser compatible site was important? How’d you do it?

Absolutely, especially in the days that I worked at a small agency.  Cross-browser compatibility was seen as a time-consuming task, one that the analytics didn’t justify. I made the case that cross-browser compatibility would “future-proof” sites in case new browsers came along, and I was right: Chrome debuted with a WebKit engine, quickly took hold. Mac users (Safari) were no longer the only users of the WebKit engine and set of style/feature differences.

Did you ever have a specific experience that caused you to take cross-browser compatibility more seriously with your next project?

Yes — the growth of Chrome! Chrome not only used WebKit but then moved to its own engine and started implementing features on its own timeline.  This all seemed to happen fairly quickly and it was very eye-opening to me to see!

You’ve blogged a lot about tools — for example, just this summer you talked about Slimer.js, Phantom.js, and Wraith, among many others. Which tools (or techniques) would be at the top of your list for coding compatible sites or testing for compatibility?

Selenium testing is a great place to start, regardless of which abstraction you use on top of it.  I really liked Slimer.js, Phantom.js, and Wraith, as you’ve mentioned. The truth is new tools are popping up all the time!

What would you tell a brand new developer graduating from a coding bootcamp about cross-browser compatibility?

I would tell them they’re incredibly lucky to have missed the early days of browsers doing their own thing!  They should start with the mindset that cross-browser compatibility (outside of bleeding edge features) is a must, and that if they start with that attitude, they’d always have it.

Tips from David’s interview

  • Don’t overestimate the difficulty of making a site compatible across browsers. Cross-browser compatibility isn’t as hard as it used to be.
  • Try automating parts of your browser testing using command-line tools like Slimer.js, Phantom.js, and Wraith.
  • Functional testing with Selenium — using multiple browsers, of course — can make it easier to discover browser-breaking bugs in new code.

Open Policy & AdvocacyImproving Government Disclosure of Security Vulnerabilities

Last week, we wrote about the shared responsibility of protecting Internet security. Today, we want to dive deeper into this issue and focus on one very important obligation governments have: proper disclosure of security vulnerabilities.

Software vulnerabilities are at the root of so much of today’s cyber insecurity. The revelations of recent attacks on the DNC, the state electoral systems, the iPhone, and more, have all stemmed from software vulnerabilities. Security vulnerabilities can be created inadvertently by the original developers, or they can be developed or discovered by third parties. Sometimes governments acquire, develop, or discover vulnerabilities and use them in hacking operations (“lawful hacking”). Either way, once governments become aware of a security vulnerability, they have a responsibility to consider how and when (not whether) to disclose the vulnerability to the affected company so that developer can fix the problem and protect their users. We need to work with governments on how they handle vulnerabilities to ensure they are responsible partners in making this a reality today.

In the U.S., the government’s process for reviewing and coordinating the disclosure of vulnerabilities that it learns about or creates is called the Vulnerabilities Equities Process (VEP). The VEP was established in 2010, but not operationalized until the Heartbleed vulnerability in 2014 that reportedly affected two thirds of the Internet. At that time, White House Cybersecurity Coordinator Michael Daniel wrote in a blog post that the Obama Administration has a presumption in favor of disclosing vulnerabilities. But, policy by blog post is not particularly binding on the government, and as Daniel even admits, “there are no hard and fast rules” to govern the VEP.

It has now been two years since Heartbleed and the U.S. government’s blog post, but we haven’t seen improvement in the way that vulnerabilities disclosure is being handled. Just one example is the alleged hack of the NSA by the Shadow Brokers, which resulted in the public release of NSA “cyberweapons”, including “zero day” vulnerabilities that the government knew about and apparently had been exploiting for years. Companies like Cisco and Fortinet whose products were affected by these zero day vulnerabilities had just that, zero days to develop fixes to protect users before the vulnerabilities were possibly exploited by hackers.

The government may have legitimate intelligence or law enforcement reasons for delaying disclosure of vulnerabilities (for example, to enable lawful hacking), but these same vulnerabilities can endanger the security of billions of people. These two interests must be balanced, and recent incidents demonstrate just how easily stockpiling vulnerabilities can go awry without proper policies and procedures in place.

Cybersecurity is a shared responsibility, and that means we all must do our part – technology companies, users, and governments. The U.S. government could go a long way in doing its part by putting transparent and accountable policies in place to ensure it is handling vulnerabilities appropriately and disclosing them to affected companies. We aren’t seeing this happen today. Still, with some reforms, the VEP can be a strong mechanism for ensuring the government is striking the right balance.

More specifically, we recommend five important reforms to the VEP:

  • All security vulnerabilities should go through the VEP and there should be public timelines for reviewing decisions to delay disclosure.
  • All relevant federal agencies involved in the VEP must work together to evaluate a standard set of criteria to ensure all relevant risks and interests are considered.
  • Independent oversight and transparency into the processes and procedures of the VEP must be created.
  • The VEP Executive Secretariat should live within the Department of Homeland Security because they have built up significant expertise, infrastructure, and trust through existing coordinated vulnerability disclosure programs (for example, US CERT).
  • The VEP should be codified in law to ensure compliance and permanence.

These changes would improve the state of cybersecurity today.

We’ll dig into the details of each of these recommendations in a blog post series from the Mozilla Policy team over the coming weeks – stay tuned for that.

Today, you can watch Heather West, Mozilla Senior Policy Manager, discuss this issue at the New America Open Technology Institute event on the topic of “How Should We Govern Government Hacking?” The event can be viewed here.

Web Application SecurityUpdate on add-on pinning vulnerability

Earlier this week, security researchers published reports that Firefox and Tor Browser were vulnerable to “man-in-the-middle” (MITM) attacks under special circumstances. Firefox automatically updates installed add-ons over an HTTPS connection. As a backup protection measure against mis-issued certificates, we also “pin” Mozilla’s web site certificates, so that even if an attacker manages to get an unauthorized certificate for our update site, they will not be able to tamper with add-on updates.

Due to flaws in the process we used to update “Preloaded Public Key Pinning” in our releases, the pinning for add-on updates became ineffective for Firefox release 48 starting September 10, 2016 and ESR 45.3.0 on September 3, 2016. As of those dates, an attacker who was able to get a mis-issued certificate for a Mozilla Web site could cause any user on a network they controlled to receive malicious updates for add-ons they had installed.

Users who have not installed any add-ons are not affected. However, Tor Browser contains add-ons and therefore all Tor Browser users are potentially vulnerable. We are not presently aware of any evidence that such malicious certificates exist in the wild and obtaining one would require hacking or compelling a Certificate Authority. However, this might still be a concern for Tor users who are trying to stay safe from state-sponsored attacks. The Tor Project released a security update to their browser early on Friday; Mozilla is releasing a fix for Firefox on Tuesday, September 20.

To help users who have not updated Firefox recently, we have also enabled Public Key Pinning Extension for HTTP (HPKP) on the add-on update servers. Firefox will refresh its pins during its daily add-on update check and users will be protected from attack after that point.

Air MozillaWebdev Beer and Tell: September 2016

Webdev Beer and Tell: September 2016 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

about:communityFirefox 49 new contributors

With the release of Firefox 49, we are pleased to welcome the 48 developers who contributed their first code change to Firefox in this release, 39 of whom were brand new volunteers! Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions:

SUMO BlogWhat’s Up with SUMO – 15th September

Hello, SUMO Nation!

We had a bit of a delay with the release of the 49th version of Firefox this week… but for good reasons! The release is coming next week – but our latest news are coming right here, right now. Dig in!

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

Contributors of the week

We salute you!

Don’t forget that if you are new to SUMO and someone helped you get started in a nice way you can nominate them for the Buddy of the Month!

SUMO Community meetings

  • LATEST ONE: 14th of September- you can read the notes here and see the video at AirMozilla.
  • NEXT ONE: happening on the 21st of September!
  • If you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.



  • PLATFORM REMINDER! The Platform Meetings are BACK! If you missed the previous ones, you can find the notes in this document. (here’s the channel you can subscribe to).
    • We have a first version of working {for} implementation on the staging site for the Lithium migration – thanks to Tyson from the Lithium team.
    • Some of the admins will be meeting with members of the Lithium team in two weeks to work face-to-face on the migration.
    • More questions from John99 and answers from our team – do check the document linked above for more details.
    • If you are interested in test-driving the new platform now, please contact Madalina.
      • IMPORTANT: the whole place is a work in progress, and a ton of the final content, assets, and configurations (e.g. layout pieces) are missing.
  • QUESTIONS? CONCERNS? Please take a look at this migration document and use this migration thread to put questions/comments about it for everyone to share and discuss. As much as possible, please try to keep the migration discussion and questions limited to those two places – we don’t want to chase ten different threads in too many different places.


Support Forum

  • SUMO Day coming up next week! (As mentioned above).
  • The Norton startup crash for version 49 is still waiting for a fix from Symantec – if that doesn’t happen, expect a few questions in the forums about that.
  • A vulnerability was found in the Flash player last week – if you’re using it, please update it as soon as you can to the latest version!
  • Reminder: If you are using email notifications to know what posts to return to, jscher2000 has a great tip (and tool) for you. Check it out here!

Knowledge Base & L10n

  • We are (still) 1 week before next release / 5 weeks after current release. What does that mean? (Reminder: we are following the process/schedule outlined here)

    • Only Joni or other admins can introduce and/or approve potential last minute changes of next release content; only Joni or other admins can set new content to RFL; localizers should focus on this content.
  • We have some extra time, so please remember to localize the main articles for the upcoming release:


  • for Android
    • To repeat what you’ve heard last week (because it’s still true!): version is 49 coming next week. Highlights include:

      • caching selected pages (e.g. for offline retrieval
      • usual platform and bug fixes
  • for Desktop
    • You’ve heard it before, you’ll hear it again: version 49 is coming next week – read more about it in the release thread (thank you, Philipp!). Highlights include:
      • text-to-speech in Reader mode
      • ending support for older Mac OS versions
      • ending support for older CPUs
      • ending support for Firefox Hello
      • usual platform and bug fixes
  • for iOS
    • …I hear there’s a new iPhone in town, but it’s far from being a jack of all trades ;-)

OK, I admit it, I’m not very good at making hardware jokes. I’m sorry! I guess you’ll have to find better jokes somewhere on the internet – do you have any interesting places that provide you with fun online? Tell us in the comments – and see you all next week!

Mozilla L10NLocalization Hackathon in Kuala Lumpur

13975340_10153976510682153_2559748474514988567_oThe last weekend of August saw the largest localization hackathon event the l10n-drivers ever organized. Thirty-four community contributors representing 12 languages from 13 East and Southeast Asian countries journeyed to Kuala Lumpur, Malaysia on Friday, August 26. Jeff, Flod, Gary Kwong and I arrived in time for the welcome dinner with most of the community members. The restaurant, LOKL Coffee, was ready for a menu makeover and took the opportunity to use this Mozilla event to do just that. A professional photographer spent much of the evening with us snapping photos.

We started off Saturday morning with Spectrogram, where l10n contributors moved from one side of the room to another to illustrate whether they agreed or disagreed with a statement. Statements help us understand each community’s preferences to address localization requests. An example: There are too many translation/localization tasks for me to keep up; I want to work on 2000 strings sliced up in 1 year, twice, 6 weeks, 4 weeks, weekly, every other day, daily.

Jeff, the newly appointed localization manager, updated everyone on l10n organization change; the coming attraction of the l20n development; Pontoon as one of the centralized l10n tools; and the ultimate goal of having a single source of l10n dashboard for the communities and l10n project managers.

29278375225_14057983ee_z1Flod briefed on the end of Firefox OS and the new initiatives with Connected Device. He focused on Firefox primarily. He discussed the 6-week rapid release cycles or cadence. He also covered the five versions of Firefox: Aurora, nightly, beta, release, and ERS. He described the change to a single source of repository, allowing strings move to production sooner. Firefox for iOS and Android were also presented. It was welcome news that the localized product can be shipped through automatic signoff, without community’s involvement.

I talked about the importance of developing a style guide for each of the languages represented. This helps with onboarding new comers, consistency among all contributors and sets the style and tone for each of the Mozilla products. I also briefly touched upon the difference between brand names and product names. I suggested to take this gathering as an opportunity to work on these.

For the rest of the weekend, our communities worked through the goals they set for ourselves. Many requested to move their locales to Pontoon, causing a temporarily stall in sync. Others completed quite a few projects, making significant advances on the dashboard charts. Even more decided to tackle the style guides, referencing the template and leveraging information from established outlets. When the weekend was over, nine communities reported to have some kind of draft versions, or modified and updated an existing one. Other accomplishments included identifying roles and responsibilities; making plans for meetup for the rest of the year; tool training; improving translation quality by finding critical errors; updating glossaries; completing some high priority projects.

28990074610_b82176fccc_kThe weekend was not just all work, but filled with cultural activities. Our Saturday dinner at Songket Restaurant was followed by almost an hour of Malaysian cultural dances from across the country, showcasing the diverse cultures that made up Malaysia. Many community members were invited to the stage to participate. It was a fun evening filled with laughter. Our Sunday dinner was arranged inside Pasar Seni, or the Central Market, a market dating back to 1888. It is now filled with shops and restaurants, giving all visitors a chance to take home some souvenirs and fond memories. Many of us visited the near by Pedaling Street, sampling tropical fruits, including Durian, made in all shapes and forms.

Putting together the largest l10n hackathon ever is a big achievement and lots of credit goes to our local support. 29262607536_235530cd88_zA big thanks to our Malaysian community, led by Syafiq, who was our eyes and ears on the ground from day one, planning, selecting the venue location, advising us on restaurants, lodging, transportation and cultural events. Not only we accomplished what we set out to do, we did it safely, we all had fun and we made more friends. Also a shout-out to Nasrun, our residence photographer for documenting the weekend through his lens. And a thank you to everyone for sharing a very special and productive weekend with fellow Mozillians! See you next time at another hackathon!

Air MozillaReps weekly, 15 Sep 2016

Reps weekly This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

Mozilla Add-ons BlogAdd-ons Update – 2016/09

Here’s what’s going on in the add-ons world this month. I’m changing the cadence (down from every 3 weeks) to better align with other work and spend less time writing these.

The Review Queues

In the past month, 1,891 listed add-on submissions were reviewed:

  • 1519 (80%) were reviewed in fewer than 5 days.
  • 132 (7%) were reviewed between 5 and 10 days.
  • 240 (13%) were reviewed after more than 10 days.

There are 159 listed add-ons awaiting review.

You can read about the improvements we’ve made in the review queues here.

If you’re an add-on developer and are looking for contribution opportunities, please consider joining us. Add-on reviewers are critical for our success, and can earn cool gear for their work. Visit our wiki page for more information.

Preliminary Review Removed

As we announced before, we simplified the review process by removing preliminary review, making an add-on review a more straightforward pass/fail decision.

All add-ons on AMO have been migrated to the new system, so add-ons that were preliminarily reviewed before are now fully reviewed, but with the experimental flag on by default. We will send a notification email after we iron out some minor bugs that came up after the migration.


The compatibility blog post for Firefox 50 is up, and the bulk validation will be run in a couple of weeks.

Multiprocess Firefox is now enabled for users without add-ons, and add-ons will be gradually phased in, so make sure you’ve tested your add-on and either use WebExtensions or set the multiprocess compatible flag in your add-on manifest.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.


We would like to thank Atique Ahmed Ziad, Surya Prashanth, weaksauce, zombie, jorgk, and Trishul Goel for their recent contributions to the add-ons world. You can read more about their work in our recognition page.

Mozilla L10NThis is what the power of the open Web looks like

One of the main goals of Pontoon is lowering barriers to entry. Especially for end users (mainly localizers), but also for contributors to the codebase, since many of our localizers have a developer background.

I’m happy to acknowledge that in the last 30 days there has been more activity from volunteer contributors in Pontoon development than ever before! Let’s have a closer look at what have they been working on:

Last month's Pontoon contributors

Last month’s Pontoon contributors

Michal Vašíček
Michal came up with the idea to highlight matches in original and translated strings when searching in the sidebar. He created a patch, but couldn’t finish it due to his school duties. It was taken over by Jarek, who earlier played a great role in reviewing the original patch by Michal.

Being only 14 years old, Michal is the youngest Pontoon contributor!

Jarek Śmiejczak (jotes)
Since he became an active Pontoon contributor over a year ago, Jarek has evolved from being not just a great developer but also a fantastic mentor; helping onboard new contributors and review their work. One way or another, he’s been involved with all bugs and features listed in this blog post.

Of course that doesn’t mean he stopped contributing code. On the contrary, he just completed a Firefox Accounts based authentication support which will soon replace Persona. And, he’s already busy working on bringing terminology support to Pontoon too.

Victor Bychek
A lot of our users have been complaining about their email addresses being exposed publicly in Pontoon UI and URLs, even if it complies with Commit Access Requirements. Thanks to Victor, these days are over: we no longer reveal email addresses in top contributor pages and filter by user selector, as long as you set a display name.

Victor is a pleasure to work with and is already busy with his next task, which will allow you to apply multiple filters at the same time.

Stoyan Dimitrov
As the new leader of the Bulgarian localization team, Stoyan takes his duties very professionally. He started by creating a vector version of Pontoon logo and changing the copy.

Later on he created a Firefox Add-On called Pontoon Enhanced, which can add new features to Pontoon before they are deployed or even implemented in the application. It’s basically a Test Pilot for Pontoon.

Michal Stanke
As an agile bug reporter, Michal has been one of the most valuable early adopters of Pontoon. Now he has decided to take a step further.

He set up his local Pontoon instance, fixed a few developer documentation bugs along the way and provided a patch that fixes one of the bugs he reported. It allows us to properly detect placeables of form %(thisIsVariable)s.

Get involved!
I consider myself lucky to be working with this great team. It is particularly valuable to see contributions coming from people who actually use the product. This is what the power of the open Web looks like!

You too can shape the future of Pontoon by filing a bug or starting to work on one of the mentored ones. The barriers to entry are low! 🙂

Air MozillaThe Joy of Coding - Episode 71

The Joy of Coding - Episode 71 mconley livehacks on real Firefox bugs while thinking aloud.

hacks.mozilla.orgIntroducing debugger.html

debugger.html is a modern JavaScript debugger from Mozilla, built as a
web application with React and Redux. This project was started early
this year in an effort to replace the current debugger within the Firefox Developer Tools. Also, we wanted to make a debugger capable of debugging multiple targets and functioning in a standalone mode.

collage of debugger targets

Currently, debugger.html can connect to and debug Firefox, and also connects experimentally to Chrome and Node. The debugger connects to Firefox using the Mozilla’s Remote Debug Protocol (RDP) and communicates with Node and Chrome using Chrome’s RDP.

The debugger.html project is hosted on GitHub and uses modern frameworks and toolchains, making it readily available and attractive to a wide audience of developers.


The user interface is separated into three main regions: the sources panel, the editor panel and the right sidebar.

  • The sources panel displays a tree view of all the current sources for the
    application currently being debugged.
  • The editor panel is used to display various source files from the project and provides functionality for setting breakpoints and prettifying the source.
  • The right sidebar displays the current set of breakpoints, the current call stack, and scoped variables, when the debugger is paused.
    • The debugger supports controls for pausing, step over, step in, step out and play functions for debugging your JavaScript.
    • The call stack panel displays the call stack frames for a given pause condition and the scopes panel displays an expandable variable tree based on the selected frame.

debug demonstration Gif

Getting Started

To get started using the debugger you can check out the code from Github
and look through the Getting Started guide.

If you just want to dive straight in, run the following commands:

npm install - Install dependencies
npm start - Start development web server
open http://localhost:8000 - Open in any modern browser

Once you have opened the debugger in a browser on port 8000, the main
debugger page will be displayed, listing any debuggable targets that you can select. In order for the debugger to connect and debug a target it must be running with remote debugging turned on. This generally requires that you start the target with a couple of flags set. For example, you can start a Firefox instance on MacOS to enable remote debugging with the following command:

$ /Applications/
--start-debugger-server 6080 -P development

Other options for Chrome and Firefox are listed here.

Debugging Node requires that you have version v6.3.0 or higher installed. You will need to run Node with the inspect flag set. For example if you want to debug myserver.js you will need to use a command similar to the following.

$ node --inspect myserver.js

More information is available in the Getting Started guide

Firefox Developer Tools

We are integrating this debugger into our Developer Tools for Firefox. The first iteration has just landed in Nightly and you can try it out there.

example debugging jsfiddle

Getting Involved

As mentioned above, this project is still in development and we’d be grateful for your help in making the best debugger possible. If you are interested in joining us in this effort, please take a look the Contributing guide.

The Mozilla BlogCommission Proposal to Reform Copyright is Inadequate

The draft directive released today thoroughly misses the goal to deliver a modern reform that would unlock creativity and innovation in the Single Market.

Today the EU Commission released their proposal for a reformed copyright framework. What has emerged from Brussels is disheartening. The proposal is more of a regression than the reform we need to support European businesses and Internet users.

To date, over 30,000 citizens have signed our petition urging the Commission to update EU copyright law for the 21st century. The Commission’s proposal needs substantial improvement.  We collectively call on the EU institutions to address the many deficits in the text released today in subsequent iterations of this political process.

The proposal fails to bring copyright in line with the 21st century

The proposal does little to address much-needed exceptions to copyright law. It provides some exceptions for education and preservation of cultural heritage. Still, a new exception for text and data mining (TDM), which would advance EU competitiveness and research, is limited to public interest research institutions (Article 3). This limitation could ultimately restrict, rather than accelerate, TDM to unlock research and innovation across sectors throughout Europe.

These exceptions are far from sufficient. There are no exceptions for panorama, parody, or remixing. We also regret that provisions which would add needed flexibility to the copyright system — such as a UGC (user-generated content) exception and an flexible user clause like an open norm, fair dealing or fair use — have not been included. Without robust exceptions, and provisions that bring flexibility and a future-proof element, copyright law will continue to chill innovation and experimentation.

Pursuing the ‘snippet tax’ on the EU level will undermine competition, access to knowledge

The proposal calls for ancillary copyright protection, or a ‘snippet tax’. Ancillary copyright would allow online publishers to copyright ‘press publications’, which is broadly defined to cover works that have the purpose of providing “information related to news or other topics and published in any media under the initiative, editorial responsibility and control of a service provider” (Article 2(4)). This content would remain under copyright for 20 years after its publication — an eternity online. This establishment of a new exclusive right would limit the free flow of knowledge, cripple competition, and hinder start-ups and small- and medium-sized businesses. It could, for example, require bloggers linking out to other sites to pay new and unnecessary fees for the right to direct additional traffic to existing sites, even though having the snippet would benefit both sides.

Ancillary copyright has already failed miserably in both Germany and Spain. Including such an expansive exclusive right at the EU level is puzzling.

The proposal establishes barriers to entry for startups, coders, and creators

Finally, the proposal calls for an increase in intermediaries’ liability. Streaming services like YouTube, Spotify, and Vimeo, or any ISPs that “provide to the public access to large amounts of works or other subject-matter uploaded by their users” (Article 13(1)), will be obliged to broker agreements with rightsholders for the use of, and protection of their works. Such measures could include the use of “effective content recognition technologies”, which imply universal monitoring and strict filtering technologies that identify and/or remove copyrighted content. This is technically challenging — and more importantly, would disrupt the very foundations that make many online activities possible in the EU. For example, putting user generated content in the crosshairs of copyright takedowns. Only the largest companies would be able to afford the complex software required to comply if these measures are deemed obligatory, resulting in a further entrenchment of the power of large platforms at the expense of EU startups and free expression online.

These proposals, if adopted as they are, would deal a blow to EU startups, to independent coders, creators, and artists, and to the health of the internet as a driver for economic growth and innovation. The Parliament certainly has its work cut out for it. We reiterate the call from 24 organisations in a joint letter expressing many of these concerns and urge the European Commission to publish the results of the Related rights and Panorama exception public consultation.

We look forward to working toward a copyright reform that takes account of the range of stakeholders who are affected by copyright law. And we will continue to advocate for an EU copyright reform that accelerates innovation and creativity in the Digital Single Market.

Mozilla Add-ons BlogWebExtensions and parity with Chrome

A core strength of Firefox is its extensibility. You can do more to customize your browsing experience with add-ons than in any other browser. It’s important to us, and our move to WebExtensions doesn’t change that. One of the first goals of implementing WebExtensions, however, is reaching parity with Chrome’s extension APIs.

Parity allows developers to write add-ons that work in browsers that support the same core APIs with minimum fuss. It doesn’t mean the APIs are identical, and I wanted to clarify the reasons why there are implementation differences between browsers.

Different browsers

Firefox and Chrome are different browsers, so some APIs from Chrome do not translate directly.

One example is tab highlight. Chrome has this API because it has the concept of highlighted tabs, which Firefox does not. So instead of browser.tabs.onHighlighted, we fire this event on the active tab as documented on MDN. It’s not the same functionality as Chrome, but that response makes the most sense for Firefox.

Another more complicated example is private browsing mode. The equivalent in Chrome is called incognito mode and extensions can support multiple modes: spanning, split or not_allowed. Currently we throw an error if we see a manifest that is not spanning as that is the mode that Firefox currently supports. We do this to alert extension authors testing out their extension that it won’t operate the way they expect.

Less popular APIs

Some APIs are more popular than others. With limited people and time we’ve had to focus on the APIs that we thought were the most important. At the beginning of this year we downloaded 10,000 publicly available versions of extensions off the Chrome store and examined the APIs called in those extensions. It’s not a perfect sample, but it gave us a good idea.

What we found was that there are some really popular APIs, like tabs, windows, and runtime, and there are some APIs that are less popular. One example is fontSettings.get, which is used in 7 out of the 10,000 (0.07%) add-ons. Compare that to tabs.create, which is used in 4,125 out of 10,000 (41.25%) add-ons.

We haven’t prioritized the development of the least-used APIs, but as always we welcome contributions from our community. To contribute to WebExtensions, check out our contribution page.

Deprecated APIs

There are some really popular APIs in extensions that are deprecated. It doesn’t make sense for us to implement APIs that are already deprecated and are going to be removed. In these cases, developers will need to update their extensions to use the new APIs. When they do, they will work in the supported browsers.

Some examples are in the extension API, which are mostly replaced by the runtime API. For example, use runtime.sendMessage instead of extension.sendMessage; use runtime.onMessage instead of extension.onRequest and so on.


WebExtensions APIs will never completely mirror Chrome’s extension APIs, for the reasons outlined above. We are, however, already reaching a point where the majority of Chrome extensions work in Firefox.

To make writing extensions for multiple browsers as easy as possible, Mozilla has been participating in a W3C community group for extension compatibility. Also participating in that group are representatives of Opera and Microsoft. We’ll be sending a representative to TPAC this month to take part in discussions about this community group so that we can work towards a common browser standard for browser extensions.

Update: please check the MDN page on incompatibilities.

The Mozilla BlogCybersecurity is a Shared Responsibility

There have been far too many “incidents” recently that demonstrate the Internet is not as secure as it needs to be. Just in the past few weeks, we’ve seen countless headlines about online security breaches. From the alleged hack of the National Security Agency’s “cyberweapons” to the hack of the Democratic National Committee emails, and even recent iPhone security vulnerabilities, these stories reinforce how crucial it is to focus on security.

Internet security is like a long chain and each link needs to be tested and re-tested to ensure its strength. When the chain is broken, bad things happen: a website that holds user credentials (e.g., email addresses and passwords) is compromised because of weak security; user credentials are stolen; and, those stolen credentials are then used to attack other websites to gain access to even more valuable information about the user.

One weak link can break the chain of security and put Internet users at risk. The chain only remains strong if technology companies, governments, and users work together to keep the Internet as safe as it can be.

Technology companies must focus on security.

Technology companies need to develop proactive, pro-user cybersecurity technology solutions.

We must invest in creating a secure platform. That means supporting things like adopting and standardizing secure protocols, building features that improve security, and empowering users with education and better tools for their security.

At Mozilla, we have security features like phishing and malware protection built into Firefox. We started one of the first Bug Bounty programs in 2004 because we want to be informed about any vulnerabilities found in our software so we can fix them quickly. We also support the security of the broader open source ecosystem (not just Mozilla developed products). We launched the Secure Open Source (SOS) Fund as part of the Mozilla Open Source Support program to support security audits and the development of patches for widely used open source technologies.

Still, there is always room for improvement. The recent headlines show that the threat to user safety online is real, and it’s increasing. We can all do better, and do more.

Governments must work with technology companies.  

Cybersecurity is a shared responsibility and governments need to do their part. Governments need to help by supporting security solutions that no individual company can tackle, instead of advancing policies that just create weak links in the chain.

Encryption, something we rely on to keep people’s information secure online everyday, is under attack by governments because of concerns that it inadvertently protects the bad guys. Some governments have proposed actions that weaken encryption, like in the case between Apple and the FBI earlier this year. But encryption is not optional – and creating backdoors for governments, even for investigations, compromises the security of all Internet users.

The Obama Administration just appointed the first Federal Chief Information Security officer as part of the Cybersecurity National Action Plan. I’m looking forward to seeing how this role and other efforts underway can help government and technology companies work better together, especially in the area of security vulnerabilities. Right now, there’s not a clear process for how governments disclose security vulnerabilities they discover to affected companies.

While lawful hacking by a government might offer a way to catch the bad guys, stockpiling vulnerabilities for long periods of time can further weaken that security chain. For example, the recent alleged attack and auction of the NSA’s “cyberweapons” resulted in the public release of code, files, and “zero day” vulnerabilities that gave companies like Cisco and Fortinet just that- zero days to develop fixes before they were possibly exploited by hackers. There aren’t transparent and accountable policies in place that ensure the government is handling vulnerabilities appropriately and disclosing them to affected companies. We need to make this a priority to protect user security online.

Users can take easy and simple steps to strengthen the security chain.   

Governments and companies can’t do this without you. Users should always update their software to benefit from new security features and fixes, create strong passwords to guard your private information, and use available resources to become educated digital citizens. These steps don’t just protect people who care about their own security, they help create a more secure system and go a long way in making it harder to break the chain.

Working together is the only way to protect the security of the Internet for the billions of people online. We’re dedicated to this as part of our mission and we will continue our work to advance these issues.

CalendarGSoC 2016: Some Thoughts on React

As discussed in the previous post, the HTML-based UI for editing events and tasks in a tab is still a work in progress that is in a fairly early stage and not something you could use yet.  (However, for any curious folks living on the bleeding edge who might still want to check it out, the previous post also describes how to activate it.)  This post relates to its implementation, namely the use of React, “a Javascript library for building user interfaces.”

For the HTML UI we decided to use React (but not JSX which is often paired with it).  React basically provides a nice declarative way to define composable, reusable UI components (like a tab strip, a text box, or a drop down menu) that you use to create a UI.  These are some of its main advantages over “raw” HTML.  It’s also quite efficient / fast and is a library that does one thing well and can be combined with other technologies (as compared with more monolithic frameworks).  I enjoyed using and learning about React.  Once you understand its basic model of state management and how the components work it is not very difficult or complicated to use.  I found its documentation to be quite good, and I liked how it lets you do everything in Javascript, since it generates the HTML for the UI dynamically.

One of the biggest differences when using React is that instead of storing state in DOM elements and querying them for their state (as we currently do), the app state is centralized in a top-level React component and from there it gets automatically distributed to various child components.  When the state changes (on user input) React automatically updates the UI to reflect those changes.  To do this it uses an internal “virtual DOM” which is basically a representation of the state of the DOM in Javascript.  When there are changes it compares the previous version of that virtual DOM with the new version to decide what changes need to be made to the actual DOM.  (Because the actual DOM is quite slow compared to Javascript, this approach gives React an advantage in terms of performance.)  Centralizing the app state in this way simplifies things considerably.  Direct interaction with DOM elements is not needed, and is actually an anti-pattern.

One example of the power and flexibility that React offers is that I actually did the “responsive design” part of the HTML UI with React rather than CSS.  The reason was that some of the UI components had to move to different positions in the UI when transitioning between the narrow and wide layouts for different window sizes.  This was not really possible with CSS, at least not without overly complex workarounds.  However, it was simple to do it with React because React can easily re-render the UI in any configuration you define, in this case in response to resizing the window past a certain threshold.  (Once CSS grid layout is available this kind of repositioning will be straightforward to do with CSS.)

React’s different approach to state does present some challenges for using it with existing code.  For this project at least it is not simply a matter of dropping it in and having it work, rather using it will entail some non-trivial code refactoring.  Basically, the code will need to be separated out into different jobs.  First there’s (1) interacting with the outside of the iframe (e.g. toolbar, menubar, statusbar) and (2) modifying and/or formatting the event or task data.  These are needed for both the XUL and HTML UIs.  Next there’s (3) updating and interacting with the XUL UI inside the iframe.  Currently these things (1, 2, and 3) are usually closely intertwined, for example in a single function.  Then there is (4) using React to define components and how they respond to changes to the app state, and (5) updating and interacting with the HTML UI inside the iframe (i.e. read from or write to the app state in the top-level React component).  So there is some significant refactoring work to do, but after it is done the code should be more robust and maintainable.

Despite the refactoring work that may be involved, I think that React has a lot to offer for future UI work for Calendar or Thunderbird as an alternative to XUL.  Especially for code that involves managing a lot of state (like the current project) using React and its approach should reduce complexity and make the code more maintainable.  Also, because it mostly involves using Javascript this simplifies things for developers.  When CSS grid layout is available that will also strengthen the case for HTML UI work since it will offer greater control over the layout and appearance of the UI.

I’ll close with links to two blog posts and a video about React that I found helpful:

— Paul Morris

hacks.mozilla.orgVaulting Out of Walled Gardens with Fancy Links

Have you ever noticed that in Twitter, Facebook, Google and Pinterest some links are displayed quite fancily, with preview images, descriptive text summaries and other information?
These links are fancy because of metadata in the source code of the web page itself, implemented specifically for the rich display of links inside each of these companies’ content platforms.

Unfortunately for developers, each of these internet industry titans has implemented their own metadata formats for this: Twitter has Cards, Facebook and Pinterest use Open Graph metadata and Google uses markup.

Thus creating a <header> soup of doom for each and every individual developer who dares to tread this path:
Well that looks like a mess. And it’s different for each website. However, it’s worth doing for two reasons:

The first reason is that fancy links increase click-through rates, increasing engagement and driving traffic to your website. This is good for your blog, your business, or whatever reason you’re sharing the link in the first place.

The second reason is that high click-through rates in walled gardens mean people are escaping those walled gardens, spending time on the Wild Wild Web.

So, to make it easier to do this, I created Silo Buster.
Silo Buster is an easy-to-use website where you enter a small amount of information, and all that <header> goop is generated for you. You can then copy and paste it into your web pages or integrate it into your template or content management system.

Take Silo Buster for a spin, and then check your analytics and see if there’s any change. Experiment with it: Tweak the photos, or the summary text and check again.

If you’d like to learn more about how these sites implement their metadata, and how to debug your rich links, check out the links at the bottom of Silo Buster.

If you’ve got other tips and tricks for fancy links, or experiences either good or bad with them, share your thoughts in the comments!

QMOFirefox 50.0 Aurora Testday Results

Hello Mozillians!

As you may already know, last Friday – September 9th – we held a new Testday event, for Firefox 50.0 Aurora.

Thank you all for helping us making Mozilla a better place – Iryna Thompson, Survesh, Subhrajyoti, Kumaraguru, Karthikeyan, Nilima, gaby2300, Moin Shaikh.

From Bangladesh:  Nazir Ahmed Sabbir, Rezaul Huque Nayeem, Samad Talukder, Asif Mahmud Shuvo, Kazi Nuzhat Tasnem, Sajedul Islam, Md.Majedul islam, Mohammad Abidur Rahman Chowdhury, Raihan Ali, Niaz Bhuiyan Asif, Sufi Ahmed Hamim, Saheda Reza Antora, Toki Yasir, Md. Almas Hossain, Nashrif Mahmud, Maruf Rahman.

A big thank you goes out to all our active moderators too!


Keep an eye on QMO for upcoming events!

Web Application SecurityFirefox AddressSanitizer builds have been moved

This is a short announcement for all security researchers working on Firefox that use our pre-built AddressSanitzer (ASan) builds. Until recently, you could download these ASan builds from our FTP servers. Due to changes to our internal build infrastructure, these builds are no longer available from the usual location. Instead, they are available on a build system called TaskCluster. Most people just need the latest available build for testing purposes. Fortunately, this is easy to get:

Direct Download for Latest Firefox AddressSanitizer Build

For more advanced queries, TaskCluster offers a public API that can be used to interact with the system (e.g. to retrieve past builds). More information is available in the documentation.

SUMO BlogWhat’s Up with SUMO – 8th September

Hello, SUMO Nation!

September sun… Still hot! At least in some parts of the world. How are you doing? Are you missing summer holidays already? We surely are… But there’s loads to do before the end of this year, so let’s not delay and get cracking!

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

Contributors of the week

Don’t forget that if you are new to SUMO and someone helped you get started in a nice way you can nominate them for the Buddy of the Month!

SUMO Community meetings

  • LATEST ONE: 7th of September- you can read the notes here and see the video at AirMozilla.
  • NEXT ONE: happening on the 14th of September!
  • If you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.




Support Forum

  • SUMO Day coming up next week!
  • Reminder: If you are using email notifications to know what posts to return to, jscher2000 has a great tip (and tool) for you. Check it out here!

Knowledge Base & L10n


  • for Android
    • Version 49 coming next week (tentatively on the 13th of September). Highlights include:

      • caching selected pages (e.g. for offline retrieval
      • usual platform and bug fixes
  • for Desktop
    • Version 49 coming next week (tentatively on the 13th of September) – read more about it in the release thread (thank you, Philipp!). Highlights include:
      • text-to-speech in Reader mode
      • ending support for older Mac OS versions
      • ending support for older CPUs
      • ending support for Firefox Hello
      • usual platform and bug fixes
    • There may be a possible delay to the release, as a number of last-minute fixes are being worked on.
  • for iOS
    • Nothing new, steady as she goes, captain! ;-)

…and that’s it for today! If you need a bit less SUMO and a bit more fun, visit the Off Topic forums for some inspiration. We’ll see you around the helpful web, heroes and heroettes :-)

Air MozillaIntern Presentations 2016, 08 Sep 2016

Intern Presentations 2016 Group 7 of the interns will be presenting on what they worked on this summer.