Mozilla JavaScriptECMAScript 2016+ in Firefox

After the release of ECMAScript 2015, a.k.a. ES6, the ECMAScript Language Specification is evolving rapidly: it’s getting many new features that will help developing web applications, with a new release planned every year.

Last week, Firefox Nightly 54 reached 100% on the Kangax ECMAScript 2016+ compatibility table that currently covers and the ECMAScript 2017 draft.

Here are some highlights for those spec updates.

Kangax ECMAScript 2016+ compatibility table

ECMAScript 2016

ECMAScript 2016 is the latest stable edition of the ECMAScript specification. ECMAScript 2016 introduces two new features, the Exponentiation Operator and Array.prototype.includes, and also contains various minor changes.

New Features

Exponentiation Operator

Status: Available from Firefox 52 (now Beta, will ship in March 2017).

The exponentiation operator (**) allows infix notation of exponentiation.
It’s a shorter and simpler replacement for Math.pow. The operator is right-associative.

// without Exponentiation Operator
console.log(Math.pow(2, 3));             // 8
console.log(Math.pow(2, Math.pow(3, 2)); // 512

// with Exponentiation Operator
console.log(2 ** 3);                     // 8
console.log(2 ** 3 ** 2);                // 512

Status: Available from Firefox 43.

Array.prototype.includes is an intuitive way to check the existence of an element in an array, replacing the array.indexOf(element) !== -1 idiom.

let supportedTypes = [

// without Array.prototype.includes.
console.log(supportedTypes.indexOf("text/html") !== -1); // true
console.log(supportedTypes.indexOf("image/png") !== -1); // false

// with Array.prototype.includes.
console.log(supportedTypes.includes("text/html")); // true
console.log(supportedTypes.includes("image/png")); // false

Miscellaneous Changes

Generators can’t be constructed

Status: Available from Firefox 43.

Calling generator with new now throws.

function* g() {

new g(); // throws
Iterator for yield* can catch throw()

Status: Available from Firefox 27.

When Generator.prototype.throw is called on a generator while it’s executing yield*, the operand of the yield* can catch the exception and return to normal completion.

function* inner() {
  try {
    yield 10;
    yield 11;
  } catch (e) {
    yield 20;

function* outer() {
  yield* inner();

let g = outer();
console.log(;  // 10
console.log(g.throw().value); // 20, instead of throwing
Function with non-simple parameters can’t have “use strict”

Status: Available from Firefox 52 (now Beta, will ship in March 2017).

When a function has non-simple parameters (destructuring parameters, default parameters, or rest parameters), the function can’t have the "use strict" directive in its body.

function assertEq(a, b, message="") {
  "use strict"; // error

  // ...

However, functions with non-simple parameters can appear in code that’s already strict mode.

"use strict";
function assertEq(a, b, message="") {
  // ...
Nested RestElement in Destructuring

Status: Available from Firefox 47.

Now a rest pattern in destructuring can be an arbitrary pattern, and also be nested.

let [a, ...[b, ...c]] = [1, 2, 3, 4, 5];

console.log(a); // 1
console.log(b); // 2
console.log(c); // [3, 4, 5]

let [x, y, ...{length}] = "abcdef";

console.log(x);      // "a"
console.log(y);      // "b"
console.log(length); // 4
Remove [[Enumerate]]

Status: Removed in Firefox 47.

The enumerate trap of the Proxy handler has been removed.

ECMAScript 2017 draft

ECMAScript 2017 will be the next edition of ECMAScript specification, currently in draft. The ECMAScript 2017 draft introduces several new features, Object.values / Object.entries, Object.getOwnPropertyDescriptors, String padding, trailing commas in function parameter lists and calls, Async Functions, Shared memory and atomics, and also some minor changes.

New Features

Async Functions

Status: Available from Firefox 52 (now Beta, will ship in March 2017).

Async functions help with long promise chains broken up to separate scopes, letting you write the chains just like a synchronous function.

When an async function is called, it returns a Promise that gets resolved when the async function returns. When the async function throws, the promise gets rejected with the thrown value.

An async function can contain an await expression. That receives a promise and returns a resolved value. If the promise gets rejected, it throws the reject reason.

async function makeDinner(candidates) {
  try {
    let itemsInFridge = await fridge.peek();

    let itemsInStore = await store.peek();

    let recipe = await chooseDinner(

    let [availableItems, missingItems]
      = await fridge.get(recipe.ingredients);

    let boughtItems = await;

    pot.put(availableItems, boughtItems);

    await pot.startBoiling(recipe.temperature);

    do {
      await timer(5 * 60);
    } while(taste(pot).isNotGood());

    await pot.stopBoiling();

    return pot;
  } catch (e) {
    return document.cookie;

async function eatDinner() {
  eat(await makeDinner(["Curry", "Fried Rice", "Pizza"]));
Shared memory and atomics

Status: Available behind a flag from Firefox 52 (now Beta, will ship in March 2017).

SharedArrayBuffer is an array buffer pointing to data that can be shared between Web Workers. Views on a shared memory can be created with the TypedArray and DataView constructors.

When transferring SharedArrayBuffer between the main thread and a worker, the underlying data is not transferred but instead the information about the data in memory is sent. As a result it reduces the cost of using a worker to process data retrieved on main thread, and also makes it possible to process data in parallel on multiple workers without creating separate data for each.

// main.js
let worker = new Worker("worker.js");

let sab = new SharedArrayBuffer(IMAGE_SIZE);
worker.onmessage = functions(event) {
  let image = createImageFromBitmap(;
worker.postMessage({buffer: sab})

// worker.js
onmessage = function(event) {
  let sab =;
  postMessage({buffer: sab});

Moreover, a new API called Atomics provides low-level atomic access and synchronization primitives for use with shared memory. Lars T Hansen has already written about this in the Mozilla Hacks post “A Taste of JavaScript’s New Parallel Primitives“.

Object.values / Object.entries

Status: Available from Firefox 47.

Object.values returns an array of a given object’s own enumerable property values, like Object.keys does for property keys, and Object.entries returns an array of [key, value] pairs.

Object.entries is useful to iterate over objects.

createElement("img", {
  width: 320,
  height: 240,
  src: "http://localhost/a.png"

// without Object.entries
function createElement(name, attributes) {
  let element = document.createElement(name);

  for (let name in attributes) {
    let value = attributes[name];
    element.setAttribute(name, value);

  return element;

// with Object.entries
function createElement(name, attributes) {
  let element = document.createElement(name);

  for (let [name, value] of Object.entries(attributes)) {
    element.setAttribute(name, value);

  return element;

When property keys are not used in the loop, Object.values can be used.


Status: Available from Firefox 50.

Object.getOwnPropertyDescriptors returns all own property descriptors of a given object.

The return value of Object.getOwnPropertyDescriptors can be passed to Object.create, to create a shallow copy of the object.

function shallowCopy(obj) {
  return Object.create(Object.getPrototypeOf(obj),
String padding

Status: Available from Firefox 48.

String.prototype.padStart and String.prototype.padEnd add padding to a string, if necessary, to extend it to the given maximum length. The padding characters can be specified by argument.

They can be used to output data in a tabular format, by adding leading spaces (align to end) or trailing spaces (align to start), or to add leading "0" to numbers.

let stock = {
  apple: 105,
  pear: 52,
  orange: 78,
for (let [name, count] of Object.entries(stock)) {
  console.log(name.padEnd(10) + ": " + String(count).padStart(5, 0));
  // "apple     : 00105"
  // "pear      : 00052"
  // "orange    : 00078"
Trailing commas in function parameter lists and calls

Status: Available from Firefox 52 (now Beta, will ship in March 2017).

Just like array elements and object properties, function parameter list and function call arguments can now have trailing commas, except for the rest parameter.

function addItem(
  count = 1,
) {


This simplifies generating JavaScript code programatically, i.e. transpiling from other language. Code generator doesn’t have to worry about whether to emit comma or not, while emitting function parameters or function call arguments.

Also this makes it easier to rearrange parameters by copy/paste.

Miscellaneous Changes

Remove proxy OwnPropertyKeys error with duplicate keys

Status: Available from Firefox 51.

The ownKeys trap of a user-defined Proxy handler is now permitted to return duplicate keys for non-extensible object.

let nonExtensibleObject = Object.preventExtensions({ a: 10 });

let x = new Proxy(nonExtensibleObject, {
  ownKeys() {
    return ["a", "a", "a"];

Object.getOwnPropertyNames(x); // ["a", "a", "a"]
Case folding for \w, \W, \b, and \B in unicode RegExp
Status: Available from Firefox 54 (now Nightly, will ship in June 2017).

\w, \W, \b, and \B in RegExp with unicode+ignoreCase flags now treat U+017F (LATIN SMALL LETTER LONG S) and U+212A (KELVIN SIGN) as word characters.

console.log(/\w/iu.test("\u017F")); // true
console.log(/\w/iu.test("\u212A")); // true
Remove arguments.caller

Status: Removed in Firefox 53 (now Developer Edition, will ship in April 2017).

The caller property on arguments objects, that threw a TypeError when gotten or set, has been removed.

function f() {
  "use strict";
  arguments.caller; // doesn't throw.

What’s Next?

We’re also working on implementing ECMAScript proposals.

New Feature

Function.prototype.toString revision (proposal Stage 3)

Status: Work in progress.

This proposal standardizes the string representation of functions to make it interoperable between browsers.

Lifting Template Literal Restriction (proposal Stage 3)

Status: Available from Firefox 53 (now Developer Edition, will ship in April 2017).

This proposal removes a restriction on escape sequences in Tagged Template Literals.

If an invalid escape sequence is found in a tagged template literal, the template value becomes undefined but the template raw value becomes the raw string.

function f(callSite) {
  console.log(callSite);     // [undefined]
  console.log(callSite.raw); // ["\\f. (\\x. f (x x)) (\\x. f (x x))"]

f`\f. (\x. f (x x)) (\x. f (x x))`;
Async Iteration (proposal Stage 3)

Status: Work in progress.

The Async Iteration proposal comes with two new features: async generator and for-await-of syntax.

The async generator is a mixture of a generator function and an async function. It can contain yield, yield*, and await. It returns a generator object that behaves asynchronously by returning promises from next/throw/return methods.

The for-await-of syntax can be used inside an async function and an async generator. It behaves like for-of, but interacts with the async generator and awaits internally on the returned promise.

async function* loadImagesSequentially(urls) {
  for (let url of urls) {
    yield await loadImage(url);

async function processImages(urls) {
  let processedImages = [];

  for await (let image of loadImagesSequentially(urls)) {
    let processedImage = await processImageInWorker(image);

  return processedImage;


100% on the ES2016+ compatibility table is an important milestone to achieve, but the ECMAScript language will continue evolving. We’ll keep working on implementing new features and fixing existing ones to make them standards-compliant and improve their performance. If you find any bug, performance issue, or compatibility fault, please let us know by filing a bug in Bugzilla. Firefox’s JavaScript engine engineers can also be found in #jsapi on 🙂

Air MozillaFebruary Privacy Lab - Cyber Futures: What Will Cybersecurity Look Like in 2020 and Beyond?

February Privacy Lab - Cyber Futures: What Will Cybersecurity Look Like in 2020 and Beyond? CLTC will present on Cybersecurity Futures 2020, a report that poses five scenarios for what cybersecurity may look like in 2020, extrapolating from technological, social,...

QMORezaul Huque Nayeem: industrious, tolerant and associative

28506408403_9c6f20866c_mRezaul Huque Nayeem has been involved with Mozilla since 2013. He is from Mirpur, Dhaka, Bangladesh where he is an undergraduate student of Computer science and Engineering at the Daffodil International University. He loves to travel countrywide and hangout with friends. In his spare time, he volunteers for some social organizations.

Rezaul Huque Nayeem is from Bangladesh in south Asia.

Rezaul Huque Nayeem is from Bangladesh in south Asia.

Hi Nayeem! How did you discover the Web?

I discovered the web when I was kid, one day (2000/2001) in my uncle’s office I heard something about Email and Yahoo. That was the first time and I learned little bit about the internet on that day. I remember that I was very amazed when I downloaded a picture.

How did you hear about Mozilla?

In 2012 one of my friends told me about Mozilla and its mission. He told me how to contribute in many pathways in Mozilla.

How and why did you start contributing to Mozilla?

I started contributing to Mozilla on 20 march, 2015 by QA Marathon Dhaka. On that day my mentor Hossain Al Ikram showed me how to contribute to Mozilla by doing QA. He teached me how to test any feature on Firefox, how to verify bugs or do triage. From that day I love doing QA. Day by day I met many awesome mozillians and was helped by them. I love to contribute with them in a global community. I also like the way Mozilla works for making better web.

Nayeem in QA Marathon, Dhaka

Have you contributed to any other Mozilla projects in any other way?

I did some localization on Firefox OS and MDN. I contributed in MLS (Mozilla Location Service). I also participated in many Web Maker focused events.

What’s the contribution you’re the most proud of?

I feel proud to contribute to QA. By doing QA now i can find bugs and help to get them fixed. That’s why now many people can use a bug free browser. And it also teaches me how to work with a community and make me active and industrious.


Please tell us more about your community. Is there anything you find particularly interesting or special about it?

The community I work with is Mozilla Bangladesh QA Community, a functional community of Mozilla Bangladesh where we are focused in contributing in QA. It is the biggest QA community and growing day by day. There is about 50 + active contributors who regularly participates in Test days, Bug Verification days and Bug triage days. Last year, we verified more than 700 bugs. We have more than 10 community mentors to help contributors. In our community every member is so much friendly and helpful. It’s a very active and lovely community.


What’s your best memory with your fellow community members?

Every online and offline event was very exciting for me. But Firefox QA Testday, Dhaka (4.dec.2015) was the best memorable event with my community for me. It was really an awesome offline daylong event.


You had worked as a Firefox Student Ambassador. Do you have any event that you want to share?

I organized two events on my institutional campus, Dhaka Polytechnic Institute. One was a Webmaker event and another one was for MozillaBD Privacy Talk. Both was thrilling for me, as I was leading those events.


What advice would you give to someone who is new and interested in contributing to Mozilla?

I will tell him that, first you have to decide what you really want to do? If you work with a community, then please do not contribute for yourself, do it for your community.

If you had one word or sentence to describe Mozilla, what would it be?

Mozilla is the One who really wants to make web free for people

What exciting things do you envision for you and Mozilla in the future?

I envision that Mozilla will give much effort on connecting devices so that world would get some exciting gear.

Open Policy & AdvocacyWe Are All Creators Now


For the past several months, the U.S. Copyright Office has been collecting comments on a part of the Digital Millennium Copyright Act (DMCA), specifically related to intermediary liability and safe harbors. Under the current law, internet companies – think, for example, of Facebook, or Reddit, or Wikimedia – are able to offer their services without legal exposure if a user uploads content in violation of copyright law, as long as they follow proper takedown procedures upon being informed of the action.

Last year, we filed comments in the first round of this proceeding, and today, we have made a second submission in response to the Copyright Office’s request for additional input. Across our filings and other engagement on this issue, we identify major concerns with some of the proposals being considered – changes that would greatly harm content creators, the public and intermediaries. Some of the proposals seem to be more about manipulating copyright law to achieve another agenda, these filings need to be rejected.

Mandating content blocking technology is a bad idea – bad for users, bad for businesses, and not effective at addressing the problem of copyright infringement. We’re fighting this issue not only in the United States, but also in Europe, because it goes against the letter and the spirit of copyright law, and poses immense risk to the internet’s benefits for social and economic activity.

Separately, we believe automated systems, currently in place on sites such as YouTube, are very ineffective at assessing fair use and copyright infringement, as they can’t consider context. We are making suggestions to ease or eliminate the burden of those automated systems on those acting within the law.

Ultimately, to achieve its constitutional purpose and deliver ultimate benefit for people and for the internet, copyright practice must recognize that members of the general public are no longer just consumers, but creators. Copyright issues relating to creator’s artistic inputs are often far more important than any copyright interest in their creative output.

The greatest risk of tinkering with the safe harbor setup today is interfering with the fulfillment of the public’s desire to create, remix and share content. In contrast, recognizing and protecting that interest creates the greatest opportunity for positive policy change. We continue to be optimistic about the possibility of seeing such change at the end of this consultation process.


QMOFirefox 52 Beta 7 Testday Results

Hello Mozillians!

As you may already know, last Friday – February 17th – we held a new Testday event, for Firefox 52 Beta 7.

Thank you all for helping us making Mozilla a better place – P.Avinash Sharma, Vuyisile Ndlovu, Athira Ananth, Ilse Macías and Iryna Thompson, Surentharan R.A., Subash.M, vinothini.k, R.krithika sowbarnika, Dhinesh Kumar, Fahima Zulfath A, Nagaraj.V, A.Kavipriya, Rajesh, varun tiwari, Pavithra.R, Vishnu Priya, Paarttipaabhalaji, Kavya, Sankararaman and Baranitharan.

From Bangladesh team: Nazir Ahmed Sabbir, Maruf Rahman, Md.Majedul islam, Md. Raihan Ali, Sabrina joadder silva, Afia Anjum Preety, Rezwana Islam Ria, Rayhan, Md. Mujtaba Asif, Anmona Mamun Monisha, Wasik Ahmed, Sajedul Islam, Forhad Hossain, Asif Mahmud Rony, Md Rakibul Islam.


– several test cases executed for the Graphics.

– 5 bugs verified: 637311, 1111599, 1311096, 1292629, 1215856.

– 2 new bugs filed: 1298395, 1340883.

Again thanks for another successful testday 🙂

We hope to see you all in our next events, all the details will be posted on QMO!


about:communityMozilla at FOSDEM 2017

With over 17 talks hosted in our packed Mozilla Devroom, more than 550 attendees at our booth, and our #mozdem hashtag earning 1,8 million impressions, Mozilla’s presence at FOSDEM 2017 February 4-5 was a successful, volunteer-Mozillian driven initiative.

FOSDEM is one of the biggest events in the Open Source world and attracts more than 6,000 attendees from all over the world — Open Source advocates, Technical developers, and people interested in Copyright, new languages, and the open web. Through our booth we were able to hear from developers about what they expect from Mozilla — from our tools and technologies, our involvement in the open source community, how we can improve our contribution areas. We had a full day Devroom on Saturday with 17 talks (8 from volunteers) averaging nearly 200 attendees per talk that covered several topics like Dev Tools, Rust, A-Frame and others. There were also presentations about community motivation, Diversity & Inclusion, and Copyright in Europe. Together these allowed us to show what’s important for Mozilla right now, what ideas and issues we want to promote, and what technologies are we using.

In working with volunteer-Mozillians to coordinate our presence, the Open Innovation team took a slightly different path this year, being more rigorous in our approach. First, we identified goals and intended outcomes, having conversations with different teams (DevTools, DevRel, Open Source Experiments, etc). Those conversations helped us to define a set of expectations and success for these teams. For example, Developer Relations was interested in getting feedback from participants on Mozilla and web technologies, since the event has an audience very relevant for them (web developers, technical developers). Open Source Experiments was interested in create warm leads for project partners, to help boost the program. So we had a variety of goals, which were shared with volunteers, and that helped us to measure the success of our participation in a solid way.

DevTools talk Graphic

DevTools talk Graphic

FOSDEM is always a place to discuss and have interesting conversations. While we covered several topics at the Devroom and at our booth, Rust proved to be a common talking point on many occasions. Although it can be considered a new programming language, we were asked about how to participate, where to find more information and how to join the Rust community.

All in all, the Mozilla presence at FOSDEM proved to be very solid and it couldn’t had happened with the help of the volunteers that staffed the booth and worked hard. I would like to mention and thank (alphabetically): Alex Lakatos, Daniele Scasciafratte, Edoardo Viola, Eugenio Petullà, Gabriel Micko, Gloria Dwomoh, Ioana Chiorean, Kristi Progri, Merike Sell, Luna Jernberg and Redon Skikuli and a lot of other volunteers that went there to help or only participate at the event. Also big kudos to Ziggy Maes and Anthony Maton, who helped to coordinate Mozilla presence.

our volunteers at FOSDEM 2017

our volunteers at FOSDEM 2017

Some highlight numbers of our presence in this edition:

  • Nearly 200 people on average per talk in our devroom
  • Mozillians directly engaged with around 550 people during the weekend at our booth
  • More than 200 people checked our Code of Conduct for our devroom
  • Our hashtag #mozdem, had around 1,8 Million impressions
  • The Survey we ran at the event was filled out by 210 developers

There are a lot of pictures and blogposts from mozillians on medium, or in their blogs. If you want to see some tweets, impressions and photos, check this storify.

Air MozillaWebdev Beer and Tell: February 2017

Webdev Beer and Tell: February 2017 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on in...

Mozilla Add-ons BlogThe Road to Firefox 57 – Compatibility Milestones

Back in November, we laid out our plans for add-ons in 2017. Notably, we defined Firefox 57 as the first release where only WebExtensions will be supported. In parallel, the deployment of Multiprocess Firefox (also known as e10s) continues, with many users already benefiting from the performance and stability gains. There is a lot going on and we want you to know what to expect, so here is an update on the upcoming compatibility milestones.

We’ve been working on setting out a simple path forward, minimizing the compatibility hurdles along the way, so you can focus on migrating your add-ons to WebExtensions.

Legacy add-ons

By legacy add-ons, we’re referring to:

Language packs, dictionaries, OpenSearch providers, lightweight themes, and add-ons that only support Thunderbird or SeaMonkey aren’t considered legacy.

Firefox 53, April 18th release

  • Firefox will run in multiprocess mode by default for all users, with some exceptions. If your add-on has the multiprocessCompatible flag set to false, Firefox will run in single process mode if the add-on is enabled.
  • Add-ons that are reported and confirmed as incompatible with Multiprocess Firefox (and don’t have the flag set to false) will be marked as incompatible and disabled in Firefox.
  • Add-ons will only be able to load binaries using the Native Messaging API.
  • No new legacy add-ons will be accepted on (AMO). Updates to existing legacy add-ons will still be accepted.

Firefox 54-56

  • Legacy add-ons that work with Multiprocess Firefox in 53 may still run into compatibility issues due to followup work:
    • Multiple content processes is being launched in Firefox 55. This enables multiple content processes, instead of the single content process currently used.
    • Sandboxing will be launched in Firefox 54. Additional security restrictions will prevent certain forms of file access from content processes.

Firefox 57, November 14th release

  • Firefox will only run WebExtensions.
  • AMO will continue to support listing and updating legacy add-ons after the release of 57 in order to have an easier transition. The exact cut-off time for this support hasn’t been determined yet.
  • Multiprocess compatibility shims are removed from Firefox. This doesn’t affect WebExtensions, but it’s one of the reasons went with this timeline.

For all milestones, keep in mind that Firefox is released using a “train” model, where Beta, Developer Edition, and Nightly correspond to the future 3 releases. You should expect users of pre-release versions to be impacted by these changes earlier than their final release dates. The Release Calendar lists future release dates per channel.

We are committed to this timeline, and will work hard to make it happen. We urge all developers to look into WebExtensions and port their add-ons as soon as possible. If you think your add-on can’t be ported due to missing APIs, here’s how you can let us know.

Air MozillaReps Weekly Meeting Feb. 16, 2017

Reps Weekly Meeting Feb. 16, 2017 This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

Air MozillaMozilla Curriculum Workshop, February 2017 - Privacy & Security

Mozilla Curriculum Workshop, February 2017 - Privacy & Security Join us for a discussion and prototyping session about privacy and security curriculum.

hacks.mozilla.orgWebAssembly Will Ease Collaboration on Next Generation Video Codecs

Michael Bebenita, a Research Engineer at Mozilla, recently posted a fascinating article on the development of AV1, a next-generation video codec. If you’re interested in how new media formats are created, I highly recommend reading the full article.

AV1 Bitstream Analyzer

What caught my eye is the discussion of porting the AV1 bitstream analyzer to the Web:

The input to the analyzer is usually small (an encoded bitstream), but the output is very large. […] The ideal solution is to run the analyzer directly in the browser and thus eliminate the need to download analyzer output.

But how do you do this when the codec is written in C? One option is to manually re-implement it in JavaScript and hope you can keep up with changes in the reference implementation. The other better option is to directly re-use the C and compile it to the Web. That’s exactly what the AV1 team is doing, with the help of Emscripten.

Emscripten compiles arbitrary C/C++ into JavaScript, which makes it possible for the AV1 team to automatically compile each revision of their codec to JavaScript and post it to the Web. At which point, comparing two revisions of the codec is as easy as sharing a link.

This workflow is fast enough, but it’s not as fast as it could be. Because JavaScript does not support 64-bit integers, many of AV1’s computations have to undergo costly numeric conversions. Specifically, emulating 64-bit math is estimated to add up to a 20% performance penalty to AV1, and we’ve seen performance penalties of up to 600% in other projects that are directly attributable to this emulation.

That’s where WebAssembly comes in. WebAssembly is a new, low-level format for programs on the Web. It’s an open standard being developed by Mozilla, Microsoft, Google, and Apple, so it will eventually work in all browsers. Crucially, Bebenita explains, “WebAssembly has support for 64 bit math, and once that’s ready [the AV1 Bitstream Analyzer will] be switching over to WebAssembly.”

Fortunately, Emscripten already has experimental support for compiling to WebAssembly, so the AV1 workflow will remain the same: develop a single codebase in C and use Emscripten to compile that to the Web for testing. In this way, WebAssembly will play an integral role in the development of next generation video codecs.

More importantly, this workflow represents a fundamental shift in Web development: The wall between “native” and the Web is falling, and developers will be able to seamlessly use the same libraries in both contexts. This marks the end of tedious, manual ports of projects to JavaScript and opens the door to dramatically greater performance on the Web.

Air MozillaThe Joy of Coding - Episode 91

The Joy of Coding - Episode 91 mconley livehacks on real Firefox bugs while thinking aloud.

Mozilla VR BlogNew features in A-Frame Inspector v0.5.0

New features in A-Frame Inspector v0.5.0

This is a small summary of some new features of the latest A-Frame Inspector version that may pass unnoticed to some.

Image assets dialog

v0.5.0 introduces an assets management window to import textures in your scene without having to manually type URLs.

The updated texture widget includes the following elements:

  • Preview thumbnail: it will open the image assets dialog.
  • Input box: Hover the mouse over it and it will show the complete URL of the asset..
  • Open in a new tab: It will open a new tab with the full sized texture
  • Clear: It will clear the value of the attribute.

New features in A-Frame Inspector v0.5.0

Once the image assets dialog is open you’ll see the list of images currently being used in your project, with the previous selection for the widget, if any, highlighted.
You could click in any image from this gallery to set the value of the map attribute you’re editing.

New features in A-Frame Inspector v0.5.0

If you want to include new images to this list, click on LOAD TEXTURE and you’ll see several options to include a new image on your project:

New features in A-Frame Inspector v0.5.0

Here you could add new image assets to your scene by:

  • Entering an URL
  • Opening an uploadcare dialog that will let you upload files from your computer, google drive, dropbox.. and from other sources in ( this is currently uploading the images to our uploadcare account, so please be kind :), we’re working on letting you define your API key to use your own account).
  • Drag and dropping from your computer. This will upload to uploadcare too.
  • Choosing one from the curated list of images we’ve included in the assets-sample repo.

Once added your image you’ll see a thumbnail showing some information about the image and the name that will have this texture in your project (the asset ID that can be referenced as #name).

New features in A-Frame Inspector v0.5.0

After editing the name if needed, click on LOAD TEXTURE and it will add your texture to the list of assets available in your project, showing you the list of textures you saw when you opened the dialog.

New features in A-Frame Inspector v0.5.0 Now just clicking on the newly created texture you’ll set the new value for the attribute you were editing.

New features in A-Frame Inspector v0.5.0

New features in the scenegraph

Toggle visibility

  • Toggle panels: New shortcuts:
    • 1: Toggle scenegraph panel
    • 2: Toggle components panel
    • TAB: Toggle both panels
  • Toggle entity visibility of each element in the scene is now possible by pressing the eye icon in the scenegraph.

New features in A-Frame Inspector v0.5.0

Broader scenegraph filtering

In the previous version of the inspector we could filter by the tag name of the entity or by its ID. In the new version the filter will take into account also the names of the components that each entity has and the values of the attributes of these components.

New features in A-Frame Inspector v0.5.0

For example if we write: red it will return the entities which name contains red but also all of them with a red color in the material component. We could also filter by geometry, or directly by sphere and so on.
We’ve added the shortcut CTRL or CMD + f to set the focus on the filter input for a faster filtering, and ESC to clear the filter.

Cut, copy and paste

Thanks to @vershwal it’s now possible to cut, copy and paste entities using the expected shorcuts:

  • CTRL or CMD + x: Cut selected entity
  • CTRL or CMD + c: Copy selected entity
  • CTRL or CMD + v: Paste the latest copied or cut entity

New shortcuts

The list of the new shorcuts introduced in this version:

  • 1: Toggle scenegraph panel
  • 2: Toggle components panel
  • TAB: Toggle both scenegraph and components panel
  • CTRL or CMD + x: Cut selected entity
  • CTRL or CMD + c: Copy selected entity
  • CTRL or CMD + v: Paste a new entity
  • CTRL or CMD + f: Focus scenegraph filter

Remember that you can press h to show the list of all the shortcuts available:

New features in A-Frame Inspector v0.5.0

Mozilla Add-ons BlogAdd-ons Update – 2017/02

Here’s the state of the add-ons world this month.

If you haven’t read Add-ons in 2017, I suggest that you do. It lays out the high-level plan for add-ons this year.

The Review Queues

In the past month, 1,670 listed add-on submissions were reviewed:

  • 1148 (69%) were reviewed in fewer than 5 days.
  • 106 (6%) were reviewed between 5 and 10 days.
  • 416 (25%) were reviewed after more than 10 days.

There are 467 listed add-ons awaiting review.

If you’re an add-on developer and are looking for contribution opportunities, please consider joining us. Add-on reviewers are critical for our success, and can earn cool gear for their work. Visit our wiki page for more information.


The blog post for 52 is up and the bulk validation was already run. Firefox 53 is coming up.

Multiprocess Firefox is enabled for some users, and will be deployed for all users very soon. Make sure you’ve tested your add-on and either use WebExtensions or set the multiprocess compatible flag in your add-on manifest.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.


We would like to thank the following people for their recent contributions to the add-ons world:

  • eight04
  • Aayush Sanghavi
  • zombie
  • Doug Thayer
  • ingoe
  • totaki
  • Piotr Drąg
  • ZenanZha
  • Joseph Frazier
  • Revanth47

You can read more about their work in our recognition page.

Air MozillaMartes Mozilleros, 14 Feb 2017

Martes Mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...

Air MozillaTEST -PROJ. MTG

TEST -PROJ. MTG The Monday Project Meeting

Air MozillaMozilla Weekly Project Meeting, 13 Feb 2017

Mozilla Weekly Project Meeting The Monday Project Meeting

Air MozillaTEST TEST


Air MozillaRust Meetup February 2017

Rust Meetup February 2017 Rust Meetup for February 2017

The Mozilla BlogU.S. Court of Appeals Upholds Suspension of Immigration Executive Order

We are pleased with today’s decision by the 9th Circuit Court of Appeals to uphold the District Court of Washington’s suspension of the U.S. Executive Order on immigration.

We believe today’s decision is a step in the right direction, but we expect legal proceedings will continue. There is more work to do on this issue, and what we said when we filed this legal brief remains true: The ability for individuals, and the ideas and expertise they carry with them, to travel across borders is central to the creation of the technologies and standards that power the open internet. We will continue to fight for more trust and transparency across organizations and borders to help protect the health of the internet and to nurture the innovation needed to advance the internet.

Photo:  Tim Evanson/Flickr

SUMO BlogWhat’s Up with SUMO – 9th February 2017

Hello, SUMO Nation!

Today’s post has a slightly different format for two reasons:

  1. We are rethinking the way these (regular) blog posts work and the way they should be shaped – but that’s going to take a while because…
  2. We have migrated to a Completely New Site™ and we need to update you on a few things regarding its current (and future) state. (hint: we’re all really busy)

There you have it. So, while we may be returning to your regularly scheduled programming at a slightly later time, now it’s time talk about…

The Completely New Site™

  1. The migration process was not easy from a technical point of view and things did go wrong in some expected (and some unexpected) ways. Moving 8 years of data from one custom platform to another is like that.
  2. The delay in switching to the new site was caused by last minute issues we managed to fix (but we needed time for that).
  3. We are live at but there are still a lot of things to work on, most of which we are trying to tackle now using Admin powers.
  4. We have a long list of outstanding issues to fight with in the first two weeks after the launch. You can add more to it, don’t worry. Please keep filing bugs. Thanks to all of you who already did so. Before you file a bug, please remember to check this list.
  5. If you are confused about the way the site works (its options, basic features, etc.), you can start fighting that confusion using the site FAQ (“How do things work?”).
  6. Our priorities for the next two weeks are:
    • Making sure site navigation and content are in correct places and work well for all launch locales.
    • Making sure that all users have the right permissions and access to the right resources based on that for all launch locales. As a refresher, take a look at the Roles & Responsibilities doc (as shared with you at the beginning of the migration process in 2016)
    • Working on fixing the bugs from the list linked above.
    • Improving the UX design of the site.
    • Improving the notifications.
    • Improving the onboarding and “ask a question/find an answer” flows.
    • Sharing documentation that explains how we can all get “back to SUMO business as usual” using the new platform (answering questions, working on the KB).
  7. The following are not a priority at the moment but will be worked on later:

So, if you are on the new site (yay!), we ask you for a little extra patience while we make it our new home. In the meantime, if you have questions about:

Now, let me tell you a bit more about…

The Next Month (or so) for the KB / L10n of SUMO…

  1. The KB content of the launch locales is mostly ready for use and consumption by the users, thanks to your help.
  2. All Editors, Reviewers, and Locale Leads should have the right permissions to work within their locale’s KB, but for now we are not localizing anything – please hold off with edits for now.
  3. Joni is coming back on Monday (13th February) and will make sure the English KB is in shape.
  4. Once the English KB is cleaned up and reorganized, we will work on copying the same structure for all launch locales.
  5. The documentation explaining how the localization process works on the new site is coming once we knock all the l10n bugs out of the way. For now, you can get a taste of it reading these two documents (one) (two).
  6. Our goal is to ensure that:
    • All KB Editors, Reviewers and Locale Leads have the right permissions for their locale’s KBs
    • The visible KB nodes are all in the right place and reflect the English version as close as possible (for now, this may be changing in the future, depending on your needs/ideas)
    • The new KB nodes are in place and localized accordingly
    • All KB templates are organized under a separate KB for each launch locale
    • All KB content that should be archived is moved to a separate Archive KB for each launch locale
    • Key UI elements are reviewed and retranslated for each launch locale
    • Locales that were not included in the launch are prepared for addition to the main site

…and how you can help with that

  1. Subscribe to the changes in your locale’s KB (and the English KB as well). You can do it following the instructions from this site.
  2. Keep filing bugs about things that don’t work for your locale (or globally). You can use Bugzilla (as usual) or this spreadsheet.
  3. Wait for further information – I am working on making the site better for localizers (and international users), but everything takes time. I really appreciate your patience and support.

We hope that the above information will help you understand where we are now with the site switch and what are our next goals and steps. If you have questions, you know where to find us. We are looking forward to seeing you around the new SUMO site. Thank you for being there for the users!

Mozilla Add-ons Blogweb-ext 1.8 released

A new version of web-ext has been released! Web-ext is the recommended tool for developing WebExtensions on Firefox, because it has the ability to automatically reload your WebExtension as you make changes.

Since our last blog post, version 1.7 and 1.8 have been released. The full change log is on github.

The run command now shows a desktop notification if auto-reloading results in an error: image01

Other options added to the run command include:

  • Addition of a –start-url option. This will start Firefox at a particular URL and assists in testing.
  • Addition of a –browser-console option. This will open the Browser Console by default, which is where any errors or logging will be shown.
  • Addition of –pref option. This will load the specified preferences into Firefox. For example: –pref privacy.userContext.enabled=true
  • When a reload occurs, it will show you the last reload time more concisely.

An –ignore-files option was added, so by default the web-ext-artifacts directory is added to that list when building your extension.

A new option to linting, –warnings-as-errors, will allow you to make the linter more strict, so that warnings are raised as errors. Also, when you run web-ext and you have an error in your JSON, you’ll get an error message showing the line number. As an example:


Any command run will let you check to see if a new version of web-ext exists, ensuring that you are using the latest version of web-ext.

Finally a regression on Windows was fixed, but more importantly the test suite was enabled on Windows to reduce regressions on Windows in the future.

Special thanks to all the people who contributed to this release: Aniket Kudale, Jostein Kjønigsen and eight04. A special thanks to Elvina Valieva and Shubsheka Jalan who have been contributing via the Outreachy program.

Air MozillaReps Weekly Meeting Feb. 09, 2017

Reps Weekly Meeting Feb. 09, 2017 This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

hacks.mozilla.orgAnnouncing the Developer Roadshow Series

We’re bringing Mozilla’s Developer Roadshow to a city near you!

An overview

Join us for a meetup-style, Mozilla-focused event series for people who build the Web. Hear from expert speakers highlighting the latest and best in Mozilla and Firefox technologies.

The topics

Speakers will cover technologies, standards, tools and research topics for the Open Web, including:

  • Emerging Standards including WebAssembly, Service Workers
  • CSS Grid & Layout
  • Electrolysis (e10s)
  • Developer Tools, including Grid Inspector and Node Debugger
  • Game Development
  • Mozilla and Firefox
  • Open Source Workshop
  • Web Compatibility
  • Web Extensions
  • Web Security, including Let’s Encrypt and tracking protection
  • Web Games
  • Web VR
  • Quantum
  • Rust
  • Servo

Upcoming cities for 2017

This schedule will be continually updated with links as registration opens. Check back if your city is not yet listed or open for registration, or sign-up here to get notified with email updates. We won’t be able to fit every city this year! But we will keep a tally of cities to plan for in future Roadshows.

  • Feb 17, 2017    Kansas City @ Google Fiber Downtown KC
  • Feb 18, 2017    Kansas City @ The Brass on Baltimore
  • Feb 20, 2017    Tulsa, OK @ 36 Degrees North
  • Feb 21, 2017    Oklahoma City, OK @ Techlahoma, Starspace 46
  • Mar  07, 2017   Portland, OR @ Mozilla
  • Mar 10, 2017    Madrid, Spain @ Universidad Complutense de Madrid
  • Mar 11, 2017    Madrid, Spain @ Google Campus
  • Mar 13, 2017    Barcelona, Spain @ SmashingConf
  • Mar 15, 2017    Mountain View, CA @ Mozilla
  • Mar 15, 2017    New York City @ NYTimes
  • Mar 16, 2017    New York City @ Mozilla Foundation
  • Mar 17, 2017    Washington DC @ General Assembly
  • Mar 21, 2017    Austin, TX @ SpredFast
  • Mar 21, 2017    Boston, MA @ General Assembly
  • Mar 25, 2017    New York City @ General Assembly
  • Mar 27, 2017    Austin, TX @ Galvanize
  • Mar 28, 2017    Austin, TX @ IBM
  • Apr 06, 2017    Atlanta, GA @ General Assembly
  • Apr  20, 2017    Chicago, IL @ General Assembly
  • Apr  25, 2017    London, UK @ Twitter
  • May 04, 2017    Berlin, Germany @ Zalando
  • May 23, 2017    Warsaw, Poland @ Front Trends

More to come…

If you can’t make any of the above events, we’ll be posting speakers notes, presentation materials and more, as well as adding more events and topics throughout 2017.  We look forward to connecting in person with as many of you as we can, but you can always keep tabs on what we’re doing from our developer newsletter, by subscribing here.

For questions or if you’re looking to collaborate on this journey, email me.

See you on the road!


The Mozilla BlogLaunching an Independent OpenNews Program

At Mozilla, one of our essential roles is convener: working to identify, connect and support like-minded people who are building a healthier Internet.

An early — and strong — example of that work is the OpenNews program. Six years ago, Mozilla and Knight Foundation created an initiative to combine open-source practices with journalism. Our aim: strengthen journalism on the open web, and empower newsroom developers, designers and data reporters across the globe.

The program flourished. Since 2011, OpenNews has placed 33 fellows in 19 newsrooms, from BBC and NPR to La Nacion and the New York Times. It built a global community of more than 1,100 developers and reporters. It spawned the annual SRCCON conference, bolstered newsroom diversity and gave way to innovative newsgathering tools like Tabula. OpenNews has also played a key role in building the annual MozFest in London and Mozilla’s nascent leadership network initiative.

Mozilla is immensely proud of OpenNews — and immensely grateful to the team behind its success. And today, we’re announcing  that OpenNews is spinning out as  an independent organization. Going forward, OpenNews — with the support of nonprofit fiscal partner Community Partners — will build on the success it achieved when incubated at Mozilla. OpenNews will continue to play an active role in MozFest and Mozilla’s leadership network.

Mozilla isn’t departing the realm of journalism and media — they will remain central topics as we develop Mozilla’s Internet Health strategy over the coming years. MozFest will increasingly focus on issues like fake news, online harassment and advertising economics. This will be bolstered by Mozilla’s involvement in events like MisInfoCon in Boston later this month, where Mozilla is a sponsor and participant. On the technology front, we’ll continue to host the Coral project, which builds platforms that increase trust and engagement. We see news and media as key to our nascent Mozilla Leadership Network — and to our growing Internet health agenda.

As we chart a course forward in this work, we will be reaching out to the community to talk more specifically about where Mozilla should focus its efforts in the news and media space. If you want us to reach out to you as part of this conversation, please contact Mozilla’s Chris Lawrence at

See also:

Knight Foundation: OpenNews network of journalists and technologists to launch with $1.1 million from Knight Foundation

OpenNews: OpenNews Ascent Stage Initiated

hacks.mozilla.orgHeadless Raspberry Pi configuration over Bluetooth

With the advent of the newer Raspberry Pi 3 (RPi) with built-in Bluetooth, there are now new options for getting connected to the console of the RPi, without the headache of having to dig up a monitor and keyboard (much less a serial cable with pinouts).

This is especially advantageous when running workshops and hackathons, where connectivity can become problematic. In fact, this specific hack came about from a recent Mozilla hackathon in Berlin, where we realized that we had 10-15 RPi for participants, but not a single monitor, keyboard, serial cable, or other means to connect to the RPis. So it raised the question – why couldn’t we use Bluetooth (BT) as a serial connection to get to the console?

Unlike other tutorials on the web, which assume you already have some console access established, I’ve provided steps which let you do this without any previous connection! To accomplish this, we’ll modify a base image of Raspian-Jesse to allow the RPi to boot into a mode where you can connect via Bluetooth and establish a “virtual” serial connection on startup.

Why is this awesome?

Lot of reasons:

  • No cables, monitors, or keyboards required.
  • It lets you work directly on the RPi when resources like wireless access points or wired switches are not available.
  • It gives you an easy way to get a second screen for viewing logs when testing the primary networking interfaces.
  • Or how about this common problem — you set up wifi for DHCP, but can’t find the machine on your network? Rather than using a tool like Pi Finder after the fact, you can just use your Bluetooth terminal session to enable wifi and then right after, run an ifconfig to get the IP.
  • Last but not least, it is great for multi-RPi hackathons — you’ll come across a number of problems in such circumstances, like too many devices with the same hostname, or ssh ports blocked on event space wifi.

It’s brilliant, fast and simple.  It is a little insecure, but we’ll also provide some instructions on how to solve this problem near the end of the article.

There are several useful internet resources that helped us in putting this together, but in particular, kudos to Dr. Rowland for this helpful script.

Preparing an RPi image for editing

Here’s how to get started.

  1. Download the latest Raspian Jessie image.
  2. Mount the image for editing.

Note: We are after the EXT4 partition, which contains the files we want to edit for startup.

Mounting on Mac

This proved challenging, as OSX doesn’t support EXT4 natively.  This limitation left two options; we felt more compelled to do the second, but the first is probably quicker.

1. Install native Ext4 drivers

This option involves installing EXT4 drivers into OSX (see and read the .img file natively. These are not recommended for writing to EXT4 partitions, so use with caution.

2. Use a virtual machine

Here we will install Virtual Box, and then create a virtual machine of Linux.  We then operate in the VM to natively mount the .img of Raspian-Jessie through a shared folder.

  1. First, download and install VirtualBox.
  2. Next, download and install Mint Linux in a virtual machine under Virtual Box:
  3. In the Linux virtual machine, put the image in a shared folder (visible to both the VM and your desktop) and then follow the instructions in the link in the “Mounting on Linux” section below to mount the .img file under Linux and edit the image.

Mounting on Linux

Mounting EXT4 on Linux is a simple, well-documented process: see How can I mount a Raspberry Pi Linux distro image?

Mounting on Windows

This is a fairly simple process, as EXT4 is supported natively by Windows. For a simple guide on how to do this, see Can I view/copy the contents of an img file from Windows?

Editing the image

Once you have the image mounted, and you are at the command prompt, you can start editing the configuration files necessary to get us going.

Let’s start by creating the main script that will set up and establish the default Bluetooth services and serial port you will connect to on startup.

You’ll create this file in the /home/pi directory, like so:

$ sudo nano /home/pi/

Add the following lines to the script:

#!/bin/bash -e

#Edit the display name of the RaspberryPi so you can distinguish
#your unit from others in the Bluetooth console
#(very useful in a class setting)

echo PRETTY_HOSTNAME=raspberrypi > /etc/machine-info

# Edit /lib/systemd/system/bluetooth.service to enable BT services
sudo sed -i: 's|^Exec.*toothd$| \
ExecStart=/usr/lib/bluetooth/bluetoothd -C \
ExecStartPost=/usr/bin/sdptool add SP \
ExecStartPost=/bin/hciconfig hci0 piscan \
|g' /lib/systemd/system/bluetooth.service

# create /etc/systemd/system/rfcomm.service to enable 
# the Bluetooth serial port from systemctl
sudo cat <<EOF | sudo tee /etc/systemd/system/rfcomm.service > /dev/null
Description=RFCOMM service

ExecStart=/usr/bin/rfcomm watch hci0 1 getty rfcomm0 115200 vt100 -a pi


# enable the new rfcomm service
sudo systemctl enable rfcomm

# start the rfcomm service
sudo systemctl restart rfcomm

Save the file, and then make it executable by updating its permissions like so:

$ chmod 755 /home/pi/

Now you have the basics of the script required to turn on the Bluetooth service and configure it.  But to do this 100% headless, you’ll need to run this new script on startup. Let’s edit /etc/rc.local to launch this script automatically.

$ sudo nano /etc/rc.local

Add the following lines after the initial comments:

#Launch bluetooth service startup script /home/pi/
sudo /home/pi/ &

Save the rc.local script, unmount the image, and write it to an SD Card using your favorite tool (mine is ApplePiBaker).

Now you are ready to go.  Plug in power to the Rpi and give it 30 seconds or so to startup. Then unplug it, and plug it in again and let it boot up a second time.  Restarting the Bluetooth service doesn’t work correctly, so we need to reboot.

Now let’s connect.

Connecting to your RPi via Bluetooth

On your desktop/laptop, open up your Bluetooth preferences and ensure Bluetooth is enabled.

Select “raspberrypi” (or whatever you have used for PRETTY_HOSTNAME in the script) when it appears and pair with it. It should pair automatically (remember what we said earlier about security issues?)

Open a terminal window on your local machine, and start a screen session to connect via the new Bluetooth serial port created from the RPi connection. First let’s check the name of the serial connection:

$ ls /dev/cu.*

This should produce a list of available serial ports, one of which should now be named after your pi. Then we can connect.

$ screen /dev/cu.raspberrypi-SerialPort 115200

Give it a second,  and you should be at the prompt of the RPi console!  Congrats!

Further tips

Don’t stop reading yet — this section contains some useful tips about using the RPi terminal, including making it more secure.

Interactive terminal [optional]

After your initial amazement has subsided, you’ll realize your terminal window size isn’t reflected in the output from the serial session.  You can adjust this in one of two ways.

Manual resizing

Simply note the size of your current terminal window , and enter the command:

stty rows XX cols YY

replacing XX and YY with the size of your local terminal window

Automatic (dynamic) resizing

If you want your terminal session to be responsive when you change your local terminal window size, you’ll need to do the following:

Start up sshd, which is off by default.  From the command prompt, run:

$ sudo raspi-config


  1. Select “Advanced Config”
  2. Select “SSH”
  3. Select “Activate”
  4. Exit raspi config

With SSH active, you can now enter the following commands:

$ su pi -
$ ssh localhost

Your terminal window will now resize dynamically.

Security [optional, but not really…]

If you are on a deserted island, far away from humanity, you can stop now.  If not, you should be concerned that this connection is wide open for others to connect to and use.  To make this a little more secure, I would recommend turning off Bluetooth discoverability and pairing once you have connected to your RPi.

In the console on the RPi, run the following commands:

$sudo bluetoothctl

Turn off discoverability:

[bluetooth]#discoverable no

Turn off pairing:

[bluetooth]#pairing no

And exit bluetoothctl:


At this point you should be good to go with at least some small security measures in place.  If the machine restarts, you'll need to follow these security steps again when you reconnect.


So there you have it — you should now have set up your own working RPi console over Bluetooth, configured entirely headlessly. You should now be able to go forth and work on your own RPi projects, alongside others, with the minimum of connectivity issues.

If you run into problems getting this to work, or have any tips of your own to share, please do so in the comments.

Special thanks to Florian Merz for his technical review of this post.

Air MozillaThe Joy of Coding - Episode 90

The Joy of Coding - Episode 90 mconley livehacks on real Firefox bugs while thinking aloud.

Air MozillaWeekly SUMO Community Meeting Feb. 08, 2017

Weekly SUMO Community Meeting Feb. 08, 2017 This is the sumo weekly call

QMOFirefox 52 Beta 7 Testday, February 17th

Hello Mozillians,

We are happy to announce that Friday, February 17th, we are organizing Firefox 52 Beta 7 Testday. We will be focusing our testing on Graphics. Check out the detailed instructions via this etherpad .

No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

Join us and help us make Firefox better!

See you on Friday!

Air MozillaWebdev Extravaganza: February 2017

Webdev Extravaganza: February 2017 Once a month web developers across the Mozilla community get together (in person and virtually) to share what cool stuff we've been working on. This...

QMOFirefox 52 Beta 3 Testday Results

Hello Mozillians!

As you may already know, last Friday – February 3rd – we held a new Testday event, for Firefox 52 Beta 3.

Thank you all for helping us making Mozilla a better place – Surentharan.R.A, P.Avinash Sharma, Athira Ananth, Vuyisile Ndlovu, Suba Narayanan, Paul Graphonium.

From Bangladesh team: Nazir Ahmed Sabbir, MD.Majedul Islam, Kazi Nuzhat Tasnem, Saima Sharleen, Md.Rahimul Islam, Md. Raihan Ali, Md Rakibul Islam, Md. Almas Hossain, Rayhan Hossen, Anmona Mamun Monisha, Sayed Ibn Masud, Sajedul Islam, Ahmed Safa, Abid Rahman, Hasibul Hasan Shanto, Rezwana Islam Ria, Mahsanul Islam Nirjhor, Akash, Toki Yasir, Tanvir Rahman and Maruf Rahman.

From Tamilnadu:  Fahima Zulfath A, Nagaraj V, Ronit Jadhav, Paarttipaabhalaji, Surentharan R.A, Pavithra R, Roshan Dawande, P.Avinash Sharma, v vishnupriya and Vinothini K.


– several test cases executed for the DTMF support, Screen Sharing and <select> drop-down improvements features
– 8 bugs verified: 1311795, 1336411, 1299428, 1316266, 1327155, 132797213279531322737
– 7 new bugs filed: 1336725, 1336723, 1336717, 1336721, 1336941, 1336933, 1336938
Again thanks for another successful testday 🙂

We hope to see you all in our next events, all the details will be posted on QMO!

Bugzilla TipsAutolinkification

Bugzilla comments are, by default, plain text – so typing <U> will produce less-than, U, greater-than rather than underlined text. However, Bugzilla will automatically make hyperlinks out of certain sorts of text in comments. For example, the text will be turned into a link: Other strings which get linkified in the obvious manner are:

  • bug 12345
  • comment 7
  • bug 23456, comment 53
  • attachment 4321

A corollary here is that if you type one or more bug numbers in a comment, you should put the word “bug” before each of them, so they gets autolinkified for the convenience of others.

But also, if you have some text you want linkified in this way, perhaps for use in a blog post, status report, wiki page or other place, you can use the handy linkifier, which will do exactly that for you.

Rumbling Edge - ThunderbirdOn hiatus …

I’ve run The Rumbling Edge for over a decade now. It’s time to take a break – that stage in your life where you would like to try other stuff.

Air MozillaLara Hogan on Demystifying Public Speaking

Lara Hogan on Demystifying Public Speaking Based on her book "Demystifying Public Speaking," Lara Hogan will talk through the process of writing, practicing, and getting feedback on a talk!

Air MozillaMozilla Weekly Project Meeting, 06 Feb 2017

Mozilla Weekly Project Meeting The Monday Project Meeting

The Mozilla BlogMozilla Files Brief Against U.S. Immigration Executive Order

Mozilla filed a legal brief against the Executive Order on immigration, along with nearly 100 other major companies across different industries.

We joined this brief in support of the State of Washington v. Trump case because the freedom for ideas and innovation to flow across borders is something we strongly believe in as a tech company.  More importantly it is something we know is necessary to fulfill our mission to protect and advance the internet as a global public resource that is open and accessible to all.

The order is also troubling because of the way it undermines trust in U.S. immigration law. This sets a dangerous precedent that could damage the international cooperation required to develop and maintain the open internet.

We believe this Executive Order is misplaced and damaging to Mozilla, to the country, and to the global technology industry. These restrictions are significant and have created a negative impact to Mozilla and our operations, especially as a mission-based organization and global community with international scope and influence over the health of the internet.

The ability for individuals, and the ideas and expertise they carry with them, to travel across borders is central to the creation of the technologies and standards that power the open internet. We will continue to fight for more trust and transparency across organizations and borders to help protect the health of the internet and to nurture the innovation needed to advance the internet.

Open Policy & AdvocacyInternet Users Deserve Equal Rating Not Zero Rating

The FCC announced on Friday, February 3, 2017, it is stopping a review into wireless carriers that exclude certain applications, such as their own video streaming services, from counting against a customer’s monthly data caps, a practice known as “zero rating.”

The Commission also barred nine companies from offering affordable internet access to low-income Americans, reversing a decision from the previous administration.

We at Mozilla believe, bringing all of the internet to all people and ensuring the internet remains an open and competitive ecosystem, is one of the great challenges of our day.

By encouraging harmful business practices to continue in the market and discouraging companies from offering subsidized access to poor Americans, today’s moves by the FCC are a significant step backward.

Internet users deserve equal rating not zero rating. Equal Rating solutions are free of discrimination, do not have gatekeepers, and do not allow for pay-for-play schemes.

Mozilla ResearchMozilla Research Grants: Call for Applications

Mozilla seeks applications for research funding to support our mission: to ensure the Internet is a global public resource, open and accessible to all. In particular, for the 2017H1 funding cycle, we are looking for research projects that prototype, explore and characterize the future: we’re looking to support research would benefit a free and open internet. These grants may include topics both inside and outside of Mozilla’s core focus on Firefox, as well as  topics that fit more broadly with our vision for improving the web.

Our key objective is identifying research projects in line with our mission. Areas we have funded in the past include networking, security, compilers, software verification, software power management, and developer tools. Other areas we are interested in supporting include virtual, mixed and augmented reality, machine learning, home networking and router use, studying internet health, developing open data resources, decentralized technologies, improving web anonymity, and exploring approaches to diversity in open source. These lists are by no means exhaustive: we are open to other proposals as long as they support our mission.

To learn more and to submit your application, see our application form here:

Air MozillaReps Weekly Meeting Feb. 02, 2017

Reps Weekly Meeting Feb. 02, 2017 This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

Mozilla Add-ons BlogNew Developer Hub landing and listing pages

With last week’s product update, we introduced a new look for the main and top-level listing pages of the Developer Hub. We went for a modern and friendly design, and surfaced more useful information and links.

The topmost button you see before you sign in takes you to documentation on how to build an add-on. Moving down the page, you see links to submit and manage your add-on, and information on porting an extension.

The lower sections include a feed of our latest blog posts, validation and compatibility tools, and a much more organized and informational footer. We also added a new section on how to contribute to the add-on project.

We pinned commonly accessed links to the top and added an announcement area for people who are signed in. The list of your add-ons is easier to read, with pertinent information like Last Updated and Status more prominently displayed. It’s also possible to click to submit a new theme directly from this page (previously, it only appeared on theme pages).


You’ll see this new design on Android as well, although only the signed-out view is mobile-friendly for now.

We are making steady improvements to the add-on submission and management experience throughout the year, and hope you enjoy this latest update.

Mozilla Add-ons BlogFebruary’s Featured Add-ons

Firefox Logo on blue background

Pick of the Month: Popup Blocker

by Jeremy Schomery
Not only blocks every popup you encounter, but offers an easy way to preview the URL and decide for yourself if you want to open the page.

“I tried all the popup blockers, but this works best for me, and the developer is updating it.”

Featured: Skype™ Web

by Morni Colhkher
Access Skype Web right from your toolbar menu.

“This extension allows me to use Skype while doing miscellaneous internet things, and also notifies me whenever I receive a new message.”

Featured: Desktop Messenger for WhatsApp™

by Elen Norphen
Bring WhatsApp messaging, alerts, and more right into the browser.

“Wow! Awesome add-on! Now I can download pictures from my messages onto my PC.”

Featured: AdBlocker Ultimate

by AdBlocker Ultimate
This add-on pretty much blocks it all—tracking, malware, and of course ads (and no, there’s no whitelisting).

“Everyone should have this.”

Featured: Turn Off the Lights

by Stefan VD
Great for watching video content when you want to really immerse yourself in the media, Turn Off the Lights fades away everything in the video’s periphery.

“So useful. Works as advertised, small memory footprint. Never breaks or interferes with web pages.”

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months. Here’s further information on AMO’s featured content policies.

If you’d like to nominate an add-on for featuring, please send it to for the board’s consideration. We welcome you to submit your own add-on!

Air MozillaThe Joy of Coding - Episode 89

The Joy of Coding - Episode 89 mconley livehacks on real Firefox bugs while thinking aloud.

Air MozillaWeekly SUMO Community Meeting Feb. 01, 2017

Weekly SUMO Community Meeting Feb. 01, 2017 This is the sumo weekly call

QMOFirefox 52 Beta 3 Testday, February 3rd

Hello Mozillians,

We are happy to announce that Friday, February 3rd, we are organizing Firefox 52 Beta 3 Testday. We will be focusing our testing on DTMF, Screen Sharing and <select> drop-down improvements features. Check out the detailed instructions via this etherpad .

No previous testing experience is required, so feel free to join us on #qa IRC channel where our moderators will offer you guidance and answer your questions.

Join us and help us make Firefox better!

See you on Friday!

Air MozillaMartes Mozilleros, 31 Jan 2017

Martes Mozilleros Reunión bi-semanal para hablar sobre el estado de Mozilla, la comunidad y sus proyectos. Bi-weekly meeting to talk (in Spanish) about Mozilla status, community and...

hacks.mozilla.orgDevTools: What you need to know

The end of the year is always very busy, so we wanted to take one final look back at the last months of 2016.

Many things changed in Firefox DevTools last year, particularly towards the end of the year. The effort to refactor some of our tools started to pay off and we landed some great re-designs that should make web developers’ lives easier.

Shiny new tools

We shipped a brand new CSS Grid inspection tool, first of its kind (thank you gabrielluong, helenvholmes, and jensimmons).

We also shipped a brand new, redesigned, console panel. It’s only enabled in Nightly for now, but it’s on track to be enabled everywhere very soon.

A lot of work went into creating Reps, the reusable widgets responsible for displaying all kinds of output in the console. This is great because these reps are shareable components that we’ve already begun to use in many other DevTools.

Thank you to a lot of people, especially contributor nicolaschevobbe, bgrins, Honza, linclark, and others.

Screenshot of the new front-end for the web console panel in firefox

2016 was also the year we shipped our brand new debugger front-end! This was an accomplishment that we can be proud of, that sets the stage for more awesome tool releases in 2017.

I’m personally really excited by the impact we’ve seen since moving this project to GitHub. The beginning of 2017 will be an interesting time for us to experiment with moving even more code to GitHub. I’m already confident that this is the right thing for us to do at this stage, and we have the debugger project to thank for this.

Props go to jasonlaster, jlongster, clarkbw and the debugger github community that has been so great.

Animation showing the new debugger front-end in action in Firefox.

As if that’s not enough to impress, we also shipped the new, completely redesigned RDM (responsive design mode) in November 2016.

Not only do the responsive views look and work better, RDM also comes with major new features like network throttling and more. Thank you to jryans, zer0, gabrielluong.

There is no XUL. Only Web.

2016 was the year when the team actively removed non-standard XUL markup and Firefox-only privileged JavaScript from the tools. In fact, we were able to load the inspector panel in a normal browser tab by end of year, which means that the inspector is now built entirely with HTML and web APIs.

Great work bgrins, juliandescottes, tromey.

The team even went as far as putting in place an npm-based local development workflow so you can build the inspector, open it in a browser tab, make changes and see them in the browser by simply reloading the page!

Moving on to the network panel, thanks to the hard work of Honza, rickychien, steveck, gasolin and contributor jsnajdr, the panel has been almost entirely cleaned of its XUL markup and migrated to React! We now have a new and  more modern code base that I’m sure will be very exciting for people to work with.

Speaking of the end of XUL, tatumcreative eradicated a large piece of old code by re-writing the toolbox tabs using HTML and React.

Inspector gets a refresh

A lot of work went into fixing “paper-cut” bugs – you know, those little (or not so little) annoyances that make it frustrating to use our UI.

A big thank you to ochameau for making the inspector a lot faster and more resilient and to mikeratcliffe for fixing many bugs of the inspector event tooltip.

While I’m covering the inspector, let me mention some other noteworthy new features: css level 4 colors are now supported (thanks jerry and tromey), there are visual hints between closing and opening tags (thanks juliandescottes), text nodes are highlighted (juliandescottes again), and whitespaces in inline layouts are easy to debug (thanks to me 😀).

Random but lovely

Our tools have became a little bit better for RTL (right-to-left) users too, thanks to contributor tomer.

Service worker’s statuses are now visible in about:debugging thanks to juliandescottes.

The animation tooling can display easings thanks to daisuke and birtles.

We’ve also written more React than ever before. I’m very happy that our UI is converging towards one common style. Thank you jlongster for showing us the way!

mikeratcliffe did a ton of work on the storage inspector too, so it works even better with IndexedDB, is able to delete cookies, and more.

Looking ahead

In 2016 we also spent time planning for the future and in particular setting up for the new Performance Tool project.

A lot of talking and design work happened. We are now confident that we’ll be able ship an awesome performance tool that Firefox and web developers will love to use.

Thank you jimb, tatumcreative, ejpbruel, mstange.

Thanks to all who contributed to making DevTools better in 2016. Thank you to all the contributors who helped fix DevTools bugs. I could not mention them all here unfortunately.

Let’s have a great 2017 together!


Mozilla JavaScriptInteresting reads in January

Most of us have our own blog. As a result this channel has become a little bit quiet, which is sad for the people using this blog to get news about the SpiderMonkey engine. As a result I will try to keep up with the different blogs and aggregate the links here.

CacheIR: A new approach to Inline Caching in Firefox
by Jan de Mooij (jandem)

The past months we have been working on CacheIR, an overhaul of the IC code in SpiderMonkey’s JITs. CacheIR has allowed us to remove thousands of lines of boilerplate and code duplication. It has also made it much easier to add new optimizations. This post describes how CacheIR works, why it’s much better than what we had before, and some plans we have for the future… read further >>

Spidermonkey JIT improvements in FF52
by Hannes Verschore (h4writer)

Last week we signed off our hard work on FF52 and we will start working on FF53. The expected release date of this version is the 6th of March. In the meantime we still have time to stabilize the code and fix issues that we encounter … read further >>

TypedArray or DataView: Understanding byte order
by Martin Splitt

Depending on how you access an ArrayBuffer you get different byte order on the same machine. So long story short: it makes a difference if you use a TypedArray or the setters from a DataView. ArrayBuffer is there to give efficient and fast access to binary data … read further >>

Open Policy & AdvocacyDiscussing online security and risk

We live so much of our lives online. Building a healthier internet is part of protecting our way of life, and is central to Mozilla’s mission. But we can’t protect the Internet alone – it’s a shared responsibility. Participating in conversations with all the stakeholders allows us to learn from others in the field and to share the Mozilla perspective.

In our ongoing efforts to make the internet safer, Firefox Security Lead Richard Barnes will be speaking on a panel at Stanford Law School’s February 2 event “Government Hacking: Assessing and Mitigating the Security Risk.” To attend in person, RSVP here. We’ll also recap it here on the blog.

This continues in the theme of several of the panels I participated in late last year. I discussed the future of cybersecurity and internet privacy with industry leaders late last year – see below to read excerpts and watch the videos, and let us know what you think!

As part of the Coalition for Cybersecurity Policy & Law, I went to a day-long symposium, “Cybersecurity Under the Next President.” I discussed the process by which the government decides if and when to disclose security vulnerabilities. This is known as the vulnerabilities equities process, or VEP, and it is an important part of Mozilla’s work toward a secure internet due to the lack of government transparency about its use.

On this panel, I spoke about reforms the government could take to improve the current vulnerabilities equities process. “In a perfect world I would like this process to be robust – and that may mean a legislative solution such that they have to undertake this process and they have to have certain interests at the table when they consider a given vulnerability. I want them to have a timeline and a process set out that helps us understand how long it takes to get from discovery or acquisition, to consideration to disclosure or nondisclosure. We want independent oversight and transparency to the process… into how it works and how the disclosure is handled. We want to make sure that civilian agencies whose mission is to create trust, secure the internet and secure the American people are involved and engaged in this process. Those steps would significantly increase trust. Making sure that everything goes through the Vulnerabilities Equities Process would be very helpful.”

Video from this panel can be found here.

The next day, I joined a panel of academics and policy experts at the Center for Internet and Society at Stanford Law to address how government and industry can work together to strengthen the process and discuss varied perspectives.

At this event, part of the series co-hosted by Mozilla, I joined experts to explain the biggest problems with the current vulnerabilities equities process. “It only sees a small fraction or some fraction of the vulnerabilities held by the government. Specifically as we move into a connected world – the internet of things – more agencies are going to come into contact with more exploits.”

That’s why Mozilla believes it’s essential for the government to codify the use of the vulnerabilities equities process. “If we can make this go across the government — make it broadly used, that would be a significant step forward. Of course we would have to adequately resource that.”

To watch the video of the panel, visit


Air MozillaMozilla Weekly Project Meeting, 30 Jan 2017

Mozilla Weekly Project Meeting The Monday Project Meeting

Web Application SecurityMozilla Security Bytes, ep. 1: Content Security Policy

Sharing the work we do around web and information security is an important role of Mozilla Security. We often get questions on specific security technologies, both from our engineers who work on Mozilla products and services, and from the community interested in using these technologies in their own environments.

Today, we introduce a new podcast, called Mozilla Security Bytes, mozilla_security_byteswhere we discuss these security technologies in details.

In this first episode, we talk about Content Security Policy, or CSP, with Christoph Kerschbaumer, Frederik Braun and Dylan Hardison. We cover both the history and future of CSP, and various issues we have learned while implementing it on our own sites and services.

We hope you find the discussion interesting, and feel free to share your feedback with us at

Download link, Podcast subscription URL

 Links mentioned in the episode

The Mozilla BlogUS Immigration Ban

The immigration ban imposed by Friday’s executive order is overly broad and its implementation is highly disruptive to fostering a culture of innovation and economic growth.

By slamming the door on talented immigrants –including those already legally in the United States and those seeking to enter – the ban will create a barrier to innovation, economic development and global impact. Immigrants bring world class skills and expertise to build advanced technology that can improve the lives of people everywhere. The ban will have an unnecessary negative impact to the health and safety of those affected and their families, not to mention rejecting refugees fleeing persecution, terror and war.

The executive order ignores the single truth that we have come to know;  talented immigrants have had outsized contributions to the growth and prosperity of the United States and countries around the world. Diversity in all of its forms is crucial to growth, innovation and a healthy, inclusive society.

We recognize the rights of sovereign nations to protect their security, but believe that this overly broad order and its implementation does not create an appropriate and necessary balance. It’s a bad precedent, ignores history, and is likely to do more lasting harm than good.


Photo:  Cole Young/Flickr

Air MozillaLondon Privacy Lab - International Privacy Day

London Privacy Lab - International Privacy Day To commemorate 'International Privacy Day' the London chapter of Privacy Lab has gathered together a broad discussion of its effects on our lives.

SUMO BlogIt’s the final countdown… to migration!

Hello, SUMO Nation!

sumo_logoThis post serves as a reminder and a starting point for next week (the week of the migration) and the weeks that will follow.

As you may already know, we are going to migrate all the content and operations from our current home (Kitsune) to a new service. We have been talking about this for over five months now, so chances are you already know it’s happening… But in case you don’t, here are the most important links for your consideration:

These resources should give you a good idea of how we started and where we got with the process for now. We would like to thank one more time all those who had the time and the energy to help us work on the details of the migration and provided their critical feedback and input. We care because you do!

There is still a lot of work going on behind the scenes. We can’t share all the results with you in real time, as the site is being merged from several instances and edited by many people at the same time. Showing you the state of the site in the middle of all the updates happening would only cause a lot of confusion and unnecessary questions. We believe you trust us enough to deliver a working site to you and all other users on the 1st of February.

So, next week you can expect that:

  • We will provide you with materials to help you get started on the new platform. These will include explanations on how the platform itself works, but also the “typical” SUMO documentation that will explain how you can contribute on the new site.
  • We will be present and active on the #sumo IRC channel on Mozilla’s IRC server starting on the morning of 31st of January (Central European Time – CET), until the afternoon (Pacific Time – PST). You can connect directly to the IRC channel using this web client. During that same time, we will also hang out in the SUMO Vidyo room.
  • Things will not work perfectly all the time or may be initially missing.
  • There may be a bit of healthy chaos.
  • There will be requests for help – mostly to review and help fix any launch issues with the new site (e.g. unexpected localization or UX issues).
  • There will be changes in the way some processes or ways of contribution work, due to technical differences between the sites.


  • Relax, all transitions are difficult.
  • Be patient. We all have a lot to go through.
  • If you see something, use the methods of reporting issues that we will provide you with, so that we can fix things as soon as possible.
  • Don’t forget to smile and take it easy.


  • The new site will be new for everybody. We have spent a lot of time preparing it, but we are not sure how it’s going to behave in the wild.
  • There will be training and guidelines available for everyone.
  • You can ask questions and that will help us create an FAQ, if need be.

It was a long and difficult journey from the very first moment we realised we need to migrate to a new site, but you made it worth the pain :-). We hope to see you on the new site and we hope you will build a future-proof SUMO community with us in 2017.

See you on M(igration)-Day!

SUMO BlogWhat’s Up with SUMO – 26th January 2017

Hello, SUMO Nation!

The end of January is upon us – and it’s the end of an era for SUMO as well. Next week we’re moving to a new home to host all your feats of helpfulness for users around the world – Kitsune will be put into a deep-freeze and we’ll start using the new site you’ve been hearing so much about 100% of the time. The first days (or even weeks) may be a bit rough (new places, new tricks to learn), but we are sure we will all emerge victorious on the other side of this migration, together! :-) Looking forward to the new, we tip a hat towards all the greatness that Kitsune has been a symbol and example of over the years.

Now, let’s get to the new news!

Welcome, new contributors!

If you just joined us, don’t hesitate – come over and say “hi” in the forums!

SUMO Community meetings

  • LATEST ONE: 25th of January – you can read the notes here (and see the video at AirMozilla).
  • NEXT ONE: happening on the 1st of February!
  • Reminder – if you want to add a discussion topic to the upcoming meeting agenda:
    • Start a thread in the Community Forums, so that everyone in the community can see what will be discussed and voice their opinion here before Wednesday (this will make it easier to have an efficient meeting).
    • Please do so as soon as you can before the meeting, so that people have time to read, think, and reply (and also add it to the agenda).
    • If you can, please attend the meeting in person (or via IRC), so we can follow up on your discussion topic during the meeting with your feedback.



Social & Support Forum

Knowledge Base & L10n

  • Over 830 edits in the KB in all locales since the last blog post. Whoa! Thanks to everyone who invested their time, energy, and talent in making us more helpful for everyone.
  • No more current updates, as we are tinkering on the upcoming new site – and that takes a lot of time and effort… Expect the first two weeks after the migration to be busy, too!


for Android

for Desktop

for iOS

…and that’s it! Now, as mentioned above, the next week will be a BIG thing for all of us at SUMO. Some of us may feel a bit sad, others quite differently, but… whatever happens, we will be ready to go! See you on the other side of upcoming changes!

Air MozillaConnected Devices Weekly Program Update, 26 Jan 2017

Connected Devices Weekly Program Update Weekly project updates from the Mozilla Connected Devices team.

Mozilla Add-ons BlogMixing Listed and Unlisted Add-ons on

Firefox add-on developers are free to distribute their add-ons as they see fit, as long as they aren’t forced on users. This comes down to two distribution methods: list it on (AMO), or distribute it themselves via a Web page or application installer.

The implementation of add-on signing on AMO added some unwanted restrictions to these options, essentially making developers choose one distribution channel or the other for all versions of an add-on. Switching between one channel and the other is possible, but complicated.

Today we’re removing these restrictions and enabling mixed listed and unlisted versions for add-ons on AMO. When submitting a new version of an add-on, developers will be able to choose if they want to host it on AMO or on their own. This makes it possible to quickly sign an add-on file for user-testing, create a self-distributed pre-release channel, and more. The only limitation is that version numbers need to be unique across both channels.

Part of this feature has been active on AMO for a while. You may have noticed the new add-on and version submission flows, which were the first set of changes we pushed out.

New add-on submissionToday we’ll enable the distribution channel choice for new version uploads, as well as changes to the Developer Hub to make it easier to manage mixed versions.

New version submission

This is the result of many months of engineering work. The add-on lifecycle, signing, reviews, and various add-on/version/file status combinations are at the core of AMO and are surprisingly complex. I’d like to thank Andrew Williamson and Mathieu Pillard for taking on the bulk of this monumental task, and Bram Pitoyo for doing the UX work.

Please report any AMO issues on GitHub.

hacks.mozilla.orgUsing Immutable Caching To Speed Up The Web

When Firefox 49 shipped it contained the Cache-Control: Immutable feature to allow websites to hint which HTTP resources would never change. At almost the same time, Facebook began deploying the server side of this change widely. They use a URI versioning development model which works very well with immutable. This has made a significant impact on the performance of Facebook reloads with Firefox. It looks like other content providers will adopt it as well.

The benefits of immutable mean that when a page is refreshed, which is an extremely common social media scenario, elements that were previously marked immutable with an HTTP response header do not have to be revalidated with the server. Lacking this hint, the browser needs to guess which objects may or may not change on reload – wasting time on one hand or risking website incompatibility on the other.

For smaller objects, the work of this revalidation via a 304 HTTP response code can be almost as much work as just transferring the response fully.

It turns out this can save a lot of work. The page’s javascript, fonts, and stylesheets do not change between reloads. More importantly, the dozens of images do not change either – different images may be included by the markup, but the content of individual images do not change. Indeed, about the only thing that might change is the markup itself.

For Firefox users reloading Facebook content this has been a tremendous boon – the fastest request is one that is never made, and that is exactly what happens over and over again when refreshing a Facebook page. In my testing a typical feed may initially be comprised of 150 different resources. Pressing refresh in Firefox 49 generates just 25 network requests.


As you might imagine, this radically speeds things up. In my testing, it can often cut page reloading time in half. Facebook was also an early adopter of the brotli compression encoding. They use that to reduce the bandwidth usage of the dynamic markup, which cannot be cached, saving around 20% of the bytes transferred when compared to the older gzip standard. Brotli has been available in Firefox since Firefox 44.

Facebook’s servers are big winners too of course – a request never made saves bandwidth and CPU utilization which can in turn be spent on making the site faster for other requests.

“This change effectively eliminated revalidation requests to us from up-to-date versions of Firefox which, in many cases, can improve load times by seconds.” – Nathan Schloss, Software Engineer, Facebook




Facebook has been a great partner in this effort. Lately I’ve been spreading the word about immutable and other developers are adopting it too.

The BBC has picked it up on a trial basis:

Anecdotally, BBC sees reload times improve up to almost 50%, and finds 90% of requests are optimized away by immutable.

Implementations as future-looking as the InterPlanetary File System are interested too:

Also, products as venerable as the Squid proxy:


This has enough experience in the wild now to heartily recommend its use. To ensure adequate documentation it has also been adopted into the IETF on the Standards Track. All you need is a proper caching header to get started with your development.

Air MozillaReps Weekly Meeting Jan. 26, 2017

Reps Weekly Meeting Jan. 26, 2017 This is a weekly call with some of the Reps to discuss all matters about/affecting Reps and invite Reps to share their work with everyone.

QMOFirefox 52.0 Aurora Testday Results

Hello Mozillians!

As you may already know, last Friday – January 20th – we held a new Testday event, for Firefox 52.0 Aurora.

Thank you all for helping us making Mozilla a better place – zstimi, Spandana Vadlamudi, Moin Shaikh, Vuyisile Ndlovu, terrameijar, Avinash Sharma, Varun Kumar Tiwari. 

From Bangladesh team: Nazir Ahmed Sabbir, MD.Majedul islam, Kazi Nuzhat Tasnem, Sabrina Joedder Silva, Maruf Rahman, Syed Nayeem Roman, Md. Mujtaba Asif, Rezwana Islam Ria, Afia Anjum Preety, Asiful Kabir Heemel, Anmona Mamun Monisha, Shahriar Shanto, Iftekher Alam, Tazin Ahmed, Raihan Ali, Mahsanul Islam Nirjhor, Toki Yasir, Abid Rahman, Sajedul Islam, Saima Sharleen. 

From India team: Surentharan R.A, Subhrajyoti Sen, Nagaraj, A.Kavipriya, Paarttipaabhalaji, Roshan Dawande, Sakshi Prajapati, Avinash Sharma, Vinothini, Krithika Sowbarnika.


Again thanks for another successful testday 🙂

We hope to see you all in our next events, all the details will be posted on QMO!


The Mozilla BlogAre you Privacy Aware? Data Privacy Day, and Every Day

In a world where apps, products and devices are all powered by your personal data, creating awareness and enabling people to protect their data privacy is more important than ever. Data Privacy Day is around the corner (January 28) and we’re happy to support this day dedicated to empowering individuals and asking businesses to respect privacy, safeguard data and enable trust.

At Mozilla, every day is Data Privacy Day. What do I mean by this? Respecting privacy, safeguarding data and enabling trust are built into the core of Mozilla, our products and everything we do. This is because we aren’t your average tech company. We’re also the champions of the internet and protectors of internet health. We fight to advance and protect the internet as part of our mission because we believe that the internet is a shared global public resource that needs to remain open and accessible to all.

Respect Privacy

Mozilla has a lot to share for Data Privacy Day.

Today, we launched the new Firefox Focus privacy-centric browser to the world, available in many languages and with more search choices. And, the latest version of Firefox released this week adds clear warnings for users on potentially insecure sites that collect passwords.

We just launched the first version of the Internet Health Report, with privacy and security as the first indicator of a healthy internet. A healthy internet is private and secure. Internet users should be able to have greater choice over what information they share with what organizations and for what benefit. They should have the freedom to express themselves online without unwarranted surveillance. And, they should be able to safeguard their information against attacks.

We asked the new U.S. Presidential Administration to prioritize the internet in their work, and specifically in the area of cybersecurity, because any of the most critical issues that affect internet users are related to cybersecurity.

We’ve advocated for, and done our part to fulfill, the responsibility that technology companies, governments and consumers all share to protect cybersecurity. There is a need for governments, tech companies and users to work together on topics like encryption, security vulnerabilities and surveillance.

We’ll continue to work with governments, companies and consumers to help protect data privacy and make the internet as secure as possible.

Safeguard Data

What can you do to protect your data privacy? To start, use trusted products like Firefox.

Personal information is shared across websites and apps, like breadcrumbs of your identity spread all over the web. It’s important to know how much any web service or app allows you to be in control of your data and experience and what their privacy practices are. You should also know how each of your devices, services, and accounts handles your private information.

You can better protect your data privacy on a daily basis by following some of these basic tips. You can also share these resources because they help create a more secure internet for the billions of people online.

  • Lock down your login: Use strong passwords and the strongest authentication tools available to protect your online accounts and personal information. Richard Barnes has a post with more tips for better password security.
  • Keep a clean machine: Make sure all your Internet connected devices, Web services, and apps are with up to date with the latest software and enable auto updates when you can. Updating your software was the top tip Mozilla gave you to protect your data last Data Privacy Day.
  • Remember- Personal information is like money: Value it and protect it- everything from your location to purchase history. Be aware and in control of what information is shared about you online.
  • When in doubt, throw it out: Cybercriminals are sneaky and often use links in email, social media, and ads to steal your personal information. Even if you know the source, if something looks suspicious, don’t click on it- delete it.
  • Share with Care: Think before your post. Consider who will see the post and how it might be perceived, now or in the future. And, don’t post something about someone else that you wouldn’t want posted about yourself. Mozilla has some great tips about how to share without oversharing on Facebook, Twitter and Instagram.
  • Own Your Online Presence: Consider limiting how and with whom you share information online. Make sure to set your individual app and website privacy and security settings to meet your needs.

Enable Trust

We believe privacy online is a fundamental right and that people should have transparency and control over their data. If users had choice and control around their data sharing, it would build more trust in the system as a whole.

If you are a business or developer that handles user data, you should always be working to create a more trusted relationship with your users around their data. Building trust with your users around their data doesn’t have to be complicated. But it does mean that you need to think about user privacy and security in every aspect of your product. Read Jishnu Menon’s post about Lean Data Practices for more information.

Many of the companies you engage with online ask for your trust without earning. You interact with them everyday but you can’t really tell whether they’ve got your back behind the scenes. They don’t give you meaningful choices over your privacy. They are trusted but not necessarily trustworthy. At Mozilla we strive to be both. Marshall Erwin has more to share about what it means to be a trusted and trustworthy company.

Happy Data Privacy Day!

Mozilla will be participating today in the National Cybersecurity Alliance event to talk more about how to respect privacy, safeguard data and enable trust. You can watch the event here and we’ll share a recap later.

We hope you find some helpful information here to help you be more privacy aware this Data Privacy Day.

Open Policy & AdvocacyEnabling Trust: The Difference Between Being Trusted and Trustworthy

We are getting ready for Data Privacy Day, and you are likely to hear the word “trust” come up often. When you give your data to a company, you are trusting that company to act responsibly with it. And because data powers so many of the products and services we use, that trust is critical to the modern internet. But there is also a negative side to the way we talk about trust and privacy. For me, when I hear the word trust, I think someone is trying to sell me something. I hear, “Give me your data and don’t ask too many questions.”

This gets to the difference between being a trusted company and being a trustworthy company. Many of the companies you engage with online ask for your trust without earning. You interact with them everyday but you can’t really tell whether they’ve got your back behind the scenes.  They don’t give you meaningful choices over your privacy. They are trusted but not necessarily trustworthy. At Mozilla we strive to be both. At Mozilla, every day is Data Privacy Day.

cyber superhero

Building trust with your users around their data doesn’t have to be complicated. But it does mean that you need to think about user privacy and security in every aspect of your product.

We do ask our users to give us their data. That data can help us improve Firefox and give us insight into the health of the internet in general. But we also encourage our users to ask questions, we give them tools to answer those questions, and we make it easy to turn off data collection if they don’t like the answers they find.

For example, a few month ago we launched our first Context Graph experiment, which collects data about how Firefox users browse the web. This can be some pretty sensitive stuff, which is why we asked our users to opt into the collect. The code for that experiment is publicly available, along with the practices that govern the data’s use and the code for analysis we conduct on the data. We’ve tried to put similar tools in place – clear notices, public code and public data documentation – for Test Pilot, our platform for testing and learning from experimental features in Firefox.

What these examples show is that our approach to privacy is actually rooted in our open source culture and commitment to transparency. Transparency is of course a big privacy buzzword, second only to trust. But at Mozilla it actually means something.

Our commitment to transparency is what allows our users to make informed choices about the data we collect. It is also what allows them to hold us accountable when we make mistakes. And to be clear, we do make mistakes. Privacy can be tricky and, despite efforts to the contrary, we do sometimes make the wrong decision about the best way to protect our users. When we make those mistakes, you will know and you will tell us. We think that is a good thing. It is what makes Mozilla more worthy of your trust.

Our responsibility as a technology company is to create secure platforms, build features that improve security, and empower people with education and resources to better protect their privacy and security. All of that starts with your ability to actually see and verify, through our code and our actions, that we’ve got your back.

Open Policy & AdvocacyLean Data Practices: Helping Businesses and Developers be more Privacy Aware

Data Privacy Day is just around the corner. If you are a business or developer that handles user data, you should always be working to create a more trusted relationship with your users around their data.

Building trust with your users around their data doesn’t have to be complicated. But it does mean that you need to think about user privacy and security in every aspect of your product.

That’s why, last year, we introduced the first version of our Lean Data Practices to help any developer or company start to think holistically about the decisions they make with their data.  Lean Data Practices can help even the smallest companies to begin building user trust by fostering transparency and user control.

Lean Data Practices are simple (and even come with a toolkit to make them easy to implement):

  1. stay lean by focusing on data you need,
  2. build in security appropriate to the data you have and
  3. engage your users to help them understand how you use their data.


We use these Lean Data Practices as a starting point for all of our decisions about data along with our Data Privacy Principles. We do this because, at Mozilla, we strive to be both trusted and trustworthy. Mistrust created by even just a few companies can drive a negative cycle that can damage a whole ecosystem. We believe that as more companies and projects use Lean Data Practices, the better they will become at earning trust and, ultimately, the more trusted we will all become as an industry.

Based on all the great interest and feedback we’ve received in this past year, we’re working on new modules that help customize the Lean Data Practices for marketers, non-profits and more that we’ll share later this year.

The Mozilla BlogFirefox Focus Now Available in 27 Languages

International Data Privacy Day is right around the corner and to mark the event we’re happy to announce that Firefox Focus, the privacy browser, is now available for iOS in 27 languages covering billions of users around the world. Mozilla’s community teams hustled to localize all these language versions in time to hit an aggressive launch timetable and we are so grateful for their help. This means that a huge chunk of the world’s population can use Firefox Focus in their language to browse privately, leaving no trace and keeping their thoughts and online activities confidential.

Today’s version launch of Firefox Focus is part of our ongoing drive to give users more control over their web experiences. After we launched Firefox Focus, we saw there was a huge appetite for private web browsing that allows users to erase their web history with a single tap. After serving up many millions of searches on Firefox Focus, we wanted to give users the choice to use it in their native language.

For Mozilla, which has always prioritized inclusiveness and community value, this was a no-brainer. So if you want to browse privately in Arabic, Azerbaijani, Czech, Welsh, German, English (United States), Esperanto, Spanish from Chile, Spanish from Spain, French, Hungarian, Indonesian, Italian, Japanese, Kabyle, Dutch, Polish, Portuguese (Brazil), Russian, Songhay, Slovak, Slovenian, Swedish, Turkish, Ukrainian, Simplified Chinese and Traditional Chinese, among other tongues, we’ve got you covered.  We’re not done, either. We will continue to work with our community to add new languages to the app.

We’re all about giving our users the choice to change the default settings on Mozilla products and customize their browsing experience. That’s why we have also added the option for Firefox Focus users to change their default search provider.  This is similar to the experience on Firefox for iOS and Firefox on Windows or Mac desktops and laptops.

We know from copious user research and constant community feedback that being able to browse the web without stressing about being tracked or served unwanted ads is a big deal. It’s why many of them chose Firefox Focus in the first place. It’s why we built Firefox Focus. And for International Data Privacy Day, we’re particularly proud to extend always-on privacy and the beauty of the really big “Erase Button” (see the upper right corner screen on Firefox Focus) to many more people around the world.

We will continue to listen to our users to see what matters most to them and add new features that will give them the most secure web experience.

You can download Firefox Focus from the App Store.

Mozilla Add-ons BlogWebExtensions in Firefox 53

Firefox 53 landed in Developer Edition this week, so we have another update on WebExtensions for you. With the latest release, a slew of new APIs are now available to help legacy add-on developers transition and extension developers port from other browsers.

New APIs

The majority of browser.browsingData API was implemented. This API allows you to delete data from Firefox that the user has accumulated while browsing. This includes data stored in the following places: plugin data, form data, history, cookies, downloads, passwords, service workers and the cache.

Parts of the browser.identity API was implemented. This makes it easier for extensions to integrate with OAuth providers. The getRedirectURL and launchWebAuthFlow methods have been implemented, but the areas related to Google Accounts have not been implemented.

As previously mentioned, the API had been in a testing phase. It’s passed testing now, and is turned on by default. As this feature rolls out to our users, we will continue to do more testing. It’s worth noting that the storage service is not intended for large amounts of data and comes with no guarantees around stability or uptime.

A new API, browser.contextualIdentities, landed in Firefox 53 to support the security container feature. In Firefox 52, support for contextualIdentities was added to tab and cookie stores. This API provides access to query existing identities, create, update and remove those identities.

As an example:

  .then((result) => {
    for (let identity of result) {

Outputs the existing identities:

Object { name: "Personal", icon: "fingerprint", color: "blue", cookieStoreId: "firefox-container-1" }
Object { name: "Work", icon: "briefcase", color: "orange", cookieStoreId: "firefox-container-2" }

This API is behind the same browser preference, privacy.userContext.enabled, that the rest of the contextual identity code is. We expect the API to track that preference for the moment.

Work has begun on the browser.devtools API and a major foundation of this landed in Firefox 54. We are hoping to land the remained of devtools in Firefox 54, which will allow many developer focused add-ons to work.

API Changes

Context menus have had a big improvement. They can now be applied to pageActions, browserActions, password inputs and tabs.

Screenshot 2017-01-23 14.59.01
A context menu item on a tab

A small change has been made to context menus so they now inherit the submenu contexts from their parent by default.

There was a previous issue where the requestBody on webRequest was not available on release versions of Firefox due to concerns about performance. Those issues have now been resolved and this functionality will be available in release from Firefox 53 onwards.

There was a significant increase in performance for browser.tabs.query which will speed up queries when a large number of tabs exist. Also in tabs, the onUpdated event will now fire when the title of a tab changes.

To complete the browser.sessions API, the browser.sessions.onChanged event landed. This allows extensions to tell when recently closed tabs or windows are changed.

You can now insert CSS into Firefox as a user sheet. As an example:

browser.tabs.insertCSS({..., cssOrigin: "user'})

Finally, function keys now work in commands.


With Firefox 53, required permissions have been enabled for WebExtensions add-ons. The permissions dialog is behind a preference while we complete QA on the feature. We hope that permissions will be turned on by default for Firefox 54. To activate permissions, please create the preference: extensions.webextPermissionPrompts as a boolean and set it to true.

When installing an add-on, a user will get a prompt like this:

Screenshot 2017-01-23 16.20.16
Installing an add-on

Updates will proceed normally, unless you update the permissions of your add-on. In that case  the add-on update will be staged. Unlike Chrome, the existing add-on will continue to work and will not be disabled. Firefox users will get a notification in the hamburger menu:

Screenshot 2017-01-23 17.23.12
An update that includes permission changes to an add-on.

And when they click on it, they will see a new permissions dialog outlining the changes. In this example, it shows that I have added the permission nativeMessaging to the add-on:

Screenshot 2017-01-23 17.23.02
The permission prompt on an update

Finally, if your add-on is being sideloaded, the notification will also change to a new flow. An item in the hamburger menu is shown (similar to above), followed by a slightly different permission prompt:

Screenshot 2017-01-23 17.39.55
A sideloaded extension

This is a big feature and many details are currently being finalized. So feedback or bugs are encouraged so we can solve any problems before Firefox 54.

New contributors

A lot of contributors helped out on this release, so a big thank you to them! They are: Srivatsav Gunisetty, Laurent, André Bargull, Rob Wu and Tomislav Jovanovic.

Air MozillaThe Joy of Coding - Episode 88

The Joy of Coding - Episode 88 mconley livehacks on real Firefox bugs while thinking aloud.

about:communityCommunity Spaces in 2016

Reposted from:

As 2017 gets into full swing, the goal of this post is to reflect on the impact of the Mozilla volunteer-run community spaces we have in Asia. These are the spaces in Jakarta, Manila, and Taipei. I’ll be presenting data and some analysis based on that.

In summary, there was:

  • 351 events
  • 173 Developer focused events, vs 178 other types of events
  • 4832 event attendees
  • Taipei sees the most traffic, in terms of events and attendees

Yet data only tells some of the story. We’ll be also getting input from space stewards with insights on what worked and what didn’t ‘on the ground’ throughout the year.


First, a reminder of what the community spaces program is all about. It is an initiative to open (or use existing) physical spaces for Mozillians around the world. It’s an experiment to create open spaces for people who are passionate about the open web, to collaborate with other communities, attract more talent into Mozilla, to strengthen local communities. The main hypothesis is that great things will happen. At Mozilla it was started by the WPR team in collaboration with the Community Building team in 2014, and in 2016 the Participation team took over the oversight of the project. Huge hat tip to William Quiviger who led the project until I took over in March.

Here are some hypotheses we wanted to work on in 2016:

  1. We can engage more with developers in the local communities that the spaces are in, to promote what’s new in Firefox and Web technologies in general
  2. We can work with more partners (organisations, companies, individuals, …) to amplify common goals
  3. The local spaces strengthen the local Mozilla communities


While it can be used for other purposes such as co-working, the main function of the space that we encourage is events. These can be presentations, workshops, hackathons, and so on. The goal is to promote knowledge sharing, learning, building relationships, and of course raising awareness of what Mozilla does from new and exciting technologies for the web platform going into Firefox to the issues campaigns we run to advocate for users and a better Internet.


In Q2 we teamed up with the developer marketing team to make a targeted effort to have more events in the spaces for developers. The goal was not just to introduce that audience to the latest and greatest technologies coming out of Mozilla, but to talk about the best in Web tech in general. We provided general guidelines on topics to focus on, and tips on how to run effective events. Then we introduced mentors to space stewards, and then left enough room for the magic to happen.


So let’s jump in and look at some numbers, with a reminder that these are not for the whole year but from April onwards. Another caveat is that Jakarta has a handicap of only starting events in mid-May, so 1.5 months less than other spaces.

For reference, the full report is hereThank you to Rizki Kelimutu for putting together this great report based on event data we logged since April.

Events Overview

Events breakdown, in total and per event type

There were 351 events in total, which is almost 1.3 events a day in the collective. This averages out between the three spaces at 117 per space. That’s is a solid rhythm but as you can see the number is not evenly distributed. Taipei comes out on top, with 55.8% of all events.

There is almost an split between developer focused events and other events 173 vs 178. Looking at the breakdown of events between developer focused vs other types, per space they mirror the total however with Taipei a little stronger on developer events and Jakarta stronger on other events.

Events Over Time

Event over 3-week periods

The over time trends shown here for each space show consistency, with several peaks and troughs. They can for the most part be attributed to holidays. For example, in Manila the summer vacation saw a peak as people had time to attend events, and the start of college classes in May/June resulted in a drop. During some months Taipei was seeing close to 25-30 events per month, meaning almost one a day! The November to December rise was helped by a visit from Alex and Nina from who hosted seven events to help people code for the first time in JavaScript.

Attendees Overview

Attendees breakdown, both new and returning, and per-event type numbers

In general, the number of attendees reflects the number of events in each space. A couple of things jump out however:

  • The high number of returning attendees in Taipei. People coming back time after time to the pace shows high positive sentiment and engaging content for the local tech community
  • Manila attracts significantly more new attendees. This could be for a number of reasons, such as a large local community, compelling new content, a wide variety of different topics covered, or increased awareness in 2016 of the Manila space.

And here is the the space by space comparison of attendees:

Attendees Over Time

Attendees over 3-week periods

What is interesting here is the more frequent ups and downs in new attendees in all spaces, but take note that it is exaggerated by the smaller range (150) than returning (300). Attracting both new and returning visitors is a challenge. At its core however, it is about forming a strong sense of community, and ensuring strong and compelling content for people to learn and grow. In general for new vs returning, more detailed exit surveys would be needed to really find out the real story behind the data.

There is one other topic that warrants a look, and that is the size of events. Here is how we classified them, in terms of number of attendees:

  • >30 Large
  • 10-30 Medium
  • <10 Small

Let’s see how the spaces shape up. One thing to keep in mind is that the capacity when comfortably accommodating people is around 30 people, with only Taipei able to fit in more safely by removing tables. So large events would need to happen elsewhere, e.g. there is a cafe below the Jakarta space that they can rent out for bigger events.

Jakarta Event Sizes

Manila Event Sizes

Taipei Event Sizes

So I would say that the main barometer for success in general is that the majority of events lie at the mid-size level. And that seems to be mostly the case in Jakarta and Taipei, with Manila fairing worse with events most months having <10 attendees.

What trends do you see in the report, and what other conclusions would you make from the data? Leave comments on this post if you have anything.

Happenings and Highlights

For me the highlight was visiting the three spaces in 2016. In January I went to Taipei to explore the idea of merging the staff space with the community space. While that didn’t happen this time, I did see up close the prolific and crucial work that volunteers do in the city and more broadly in Taiwan.

In May I visited Jakarta and Manila. The purpose was to be present for the official Jakarta opening as well as: Check the status of the space in Manila, and visit other spaces in the city to see what the co-working/incubator/Maker Space scene is like; Talk to Mozillians in both communities to gauge community health; Monitor progress so far of, and provide guidance for, the developer engagement program; Get a feel for the wider tech scene in both cities to see where Mozilla sits and how we can spread our wings and make new relationships.

MozSpaceJKT - Opening Party

Listening and watching at the Jakarta space opening. Picture by Yofie Setiawan. More photos.

I came away with a fresh appreciation of the intense dedication that a core group of volunteers in the community have towards Mozilla, the impact they have, and more context on the vibrancy of the wider tech scene they are working in.

Here are some more insights and highlights on 2016 from some of the space stewards.


(by Yofie Setiawan)

The Jakarta Space has been and continues to take part in campaigns for Mozilla. We are reaching the local Rust community, Developer community, and Web of Things. We took part in the Inter-Connected Community session at Mozilla Festival 2016, and we also support Mozilla’s marketing campaigns throughout the year.


Our space is limited to maximum 25 people that can fit in the space. Already we have run many events that are really inspiring for many people. The Mozilla Community Space Jakarta Launch Party of course was the most crowded event, which happened on May 2016. We invited many inspiring speakers to share knowledge and do workshops at our space.


Our strengths include that we have a good location central in Jakarta, that is easy to access. We have strong relationships with many inspiring people and communities who love to share their knowledge and ideas through Mozilla Community Space.

Some groups or communities that we’ve been working with are:

  • WebVR Community
  • PHP Indonesia
  • Blogger
  • Framework (NodeJS, Rust, etc)
  • Rust Community
  • Python Indonesia
  • Open SUSE
  • Linux Community


Our main challenge is managing human resources, especially keyholders who help as volunteers to taking care the space when there are events running. We continually adjust for efficiency, so everything will stay well managed.

We would love to see more events, especially which also relate to the ideas, vision, and mission of Mozilla.

Some categories of events that we are looking forward to are:

  • Web of Things workshop
  • Mozilla Tech Speaker workshop
  • SuMo workshop
  • Teach the Web
  • WoMoz programming workshop
  • Engage more activity with Open Source Community
  • Rust Community
  • WebVR Community


(by Bob Reyes)

The year 2016 saw a couple of firsts for the Mozilla Community Space Manila (MozSpaceMNL). Launched in August of 2014, MozSpaceMNL in 2016 became the venue of choice for new or re-established developer communities around the metropolis.

Manila Space

As for Mozilla Philippines Community’s part, we began conducting Introduction to Rust Programming Language events on a monthly basis. This led to the creation of a RustPH Group and the subsequent formation of a RustPH Mentors Group. Said group is now in the process of formulating a Standard Training Module for people in our locale interested in learning Rust as a second programming language.

Rust in Manila

In Summer of 2016, MozSpaceMNL played as host for the 2nd run of Maker Party for Kids (several days in the month of May). Conceptualized in 2015, the Maker Party for Kids events were able to train more than ten (10) kids aged 6 to 12 years old on the basics of HTML, CSS and JavaScript the Webmaker’s Thimble as the primary teaching tool.

Also in 2016, a couple of events related to Privacy awareness were held at the Community Space in Manila. Noteworthy was the forum to discuss the Implementing Rules & Regulations (IRR) of the Philippine Data Privacy Act of 2012 with no less than the Deputy Commissioner of the Philippine Privacy Commission as our resource speaker. This event was followed by smaller weekend pocket sessions targeting on students to be aware of issues related with data and online privacy.

Data Privacy in Manila

Aside from MozillaPH-organized events, MozSpaceMNL also served as venue for meetups of other like-minded organizations:

  • Several Code Camps co-organized with Developers Connect Philippines (DevConPH)
  • Emacs Users Group Philippines Meetup
  • Manila WordPress Meetup (which eventually led to the resumption of Word Camp Manila)
  • Mechanical Keyboard Warriors Meetup
  • Philippine Web Designers Organization Meetup
  • Google Developer Group Philippines (GDGPH) Firebase Live Viewing Party
  • Virtual Reality Philippines (VRPH) Meetup

Manila Space Event

In October 2016, MozSpaceMNL participated in the very first Inter-Connected Community Spaces activity during the Maker Festival held in London, England.

Inter-Connected Community Spaces in Manila

For 2017, we plan to continue with at least one Rust-related event per month. Co-organizing developer-related events with like-minded organizations will also continue. MozSpaceMNL’s support to other organizations by means of providing venue for their meetups and the like will still be there. We also hope for more inter-connected community spaces activities soon.


(by Irvin Chen)

2016 is the third year of Mozilla Community Space Taipei. MozTW and more than 30 local open (source/culture/data/gov) communities together, we had host 320+ various events for 3300 people, and introduced Mozilla and our Mission to more than 600 first time visitors.

Happy Birthday Firefox

A typical MozTW Lab in a special day

The best event in the space is “MozTW Lab” (as always), the local Mozillian’s weekly meetup. Volunteers gathering each Friday night to socialize, work, and give lightning talks on different topics including Mozilla’s latest update. This meetup had been running for 8 years, and in 2016 we had visitors from all over the world including Mark Surman, Brian King, Larissa Shapiro, William Quiviger, Max Ogden, Fa-ti Fan, 田爱娜 and many more.

Mozillians all around!

Mozillians all around! (click/touch and drag image to explore)

Another highlight of 2016 for the Taipei space is the diversity of the events, visitors and connected communities. There are growing types of the communities, dev-rel, open culture, open source and civil society community host events, workshops, meetups, talks, hackathons, and study groups. Different types of fun almost every night happened in Community Space Taipei.

Baking some Firefox cookies

Baking some Firefox cookies

For dev-rel topics, Rust and WebVR workshops are the newest. But people also shared knowledge on JS / NodeJS, Python, Swift, React, Spark, OpenStack, C#, Clojure, Java, D3, Functional Programming, Android App… You can learn and meet community for almost every programming languages, popular or not. We also help by providing the venue for new dev communities such as “WizardAmigos CodeCamp” (local one).

For open culture and non-dev technical events, Wikipedia and OpenStreetMap use Taipei Space for regular meetup, and there are workshops and meetups on Ubuntu, openSUSE, Fedora, R, Arduino, InfoSec, students and many more. There are also many gender based technical communities and events such as WoFOSS, R Ladies, Swift Girls and PyLadies. Larissa Shapiro’s visit in January reminded us of the importance to keep the space a place of diversity and inclusion for all.

Taiwanduino 組裝工作坊

Have you ever build your own Arduino?

One of the most special part of the Taipei space is the events and meetups from local civil societies, open government and open culture communities. Gov. hackers and programmers played an important role in democracy development recent years in Taiwan, and Taipei Community Space had become a base for popular open communities such as Open Culture Foundation and G0V. Our keyholders also actively support events about digital human rights or internet governance from Taiwan Association for Human Rights and Citizen Congress Watch. People came to making, hacking and watching not only the technology, but also the human rights, democracy and civil society in the community space.

Happy Birthday Firefox

What do you want to share in Community Space Taipei?


Let’s revisit our hypotheses and see how we fared.

We can engage more with developers in the local communities that the spaces are in, to promote what’s new in Firefox and Web technologies in general.

We teamed up with developer marketing, and had a total of 173 developer-focused events since April. This was everyone from beginners to experienced developers, on a host of technologies related to the Web.

We can work with more partners (organisations, companies, individuals, …) to amplify common goals

All three spaces have built up a network of all different technology companies and organisations. They engage at different levels, from working together on projects to sharing the space to have events.

The local spaces strengthen the local Mozilla communities

The Philippines community has in recent years been one of our largest and most dynamic, most notably in the area of student engagement. However, 2016 presented a number of challenges that decreased engagement. They have reached out for support from Mozilla and have a desire to bounce back. The communities in Taiwan and and Jakarta have a strong core, and while they have the classic growth challenges that all communities have, they have been trying new things and working in different ways to strengthen the broader open source movement.

On balance, 2016 was a strong year for our community spaces. It has been shown that with the right support, and with alignment with community development and Mozilla goals, spaces can make an impact and raise Mozilla’s profile locally. Other communities around the world have been paying attention, and have requested support for the own spaces leading to an open question is how can we scale this model.

Looking beyond, we can keep momentum going and identify areas for improvement. One thing I would like to see is teams at Mozilla working more directly with the spaces on programs that can help them achieve their goals. So far in conversations I’ve been having, Developer Relations, Developer Marketing, and Connected Devices are interested in doing this. And a broader question is how can the current spaces help with our broader Firefox product goals in Asia.

Many thanks the community space stewards and keyholders who devote their free time to this. It is a great pleasure working with you, and I salute you for what you do!

Web Application SecuritySetting a Baseline for Web Security Controls

Securing modern web applications effectively is a complex process. However there are many straightforward security controls such as HTTP security headers which are very effective at blocking web common attacks.

At Mozilla we provide Security Guidelines as well as a Checklist of security controls for the developers of Firefox Services. Last year, we introduced the Mozilla Observatory, a hosted scanner to evaluate the security of websites and services. In this blog post, we present the ZAP Baseline scan designed to test the security controls of web applications in Continuous Integration and Continuous Deployment (CI/CD).

Verifying that the correct controls are in place across all of our applications can be challenging, especially in a CI/CD environment. We run full vulnerability scans against our services on a regular basis, but these can take a long time to run and are not really adapted to fast release cycles.

This is why we have introduced a ‘baseline’ scan which runs very quickly and on every release of a service, but still gives us crucial feedback about the key security controls that we are concerned about. The baseline scans are included in the CI/CD pipelines of Firefox services to inform developers of potential issues before they reach production environments. We also run it against all of those services every day to generate a dashboard of the overall security status of our services.

This blog post presents the techniques we use to implement baseline scans in our infrastructure.

The ZAP Baseline Scan

Mozilla invests heavily in the development and support of security tools. The author of this blog post leads the OWASP Zed Attack Proxy (ZAP) project,  which we use to run baseline and vulnerability scans.

The ZAP baseline scan is a quick, easy and highly configurable way to test the security controls you care about. The tests are non intrusive so they are safe to run against production applications.
You don’t need to have ZAP installed – the script uses Docker and is included in the 2 ZAP Docker images:

For our baseline scans we use the weekly docker image which has more options available – you can run the script with the -h flag to see all of them.

The script uses the ZAP spider to explore the application, by default for just one minute. Spidering the application is important to verify that all pages, and not only the top one, implement the required security controls. This is particularly useful when web frameworks will handle some of the pages automatically without setting the headers.
The script will then report all of the potential issues found.

The baseline scan can be run against an application by just specifying its URL using the -t flag:

docker run owasp/zap2docker-weekly -t

This will produce output like: 

Total of 3 URLs
PASS: Cookie No HttpOnly Flag [10010]
PASS: Cookie Without Secure Flag [10011]
PASS: Password Autocomplete in Browser [10012]
PASS: Cross-Domain JavaScript Source File Inclusion [10017]
PASS: Content-Type Header Missing [10019]
PASS: Information Disclosure - Debug Error Messages [10023]
PASS: Information Disclosure - Sensitive Informations in URL [10024]
PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025]
PASS: HTTP Parameter Override [10026]
PASS: Information Disclosure - Suspicious Comments [10027]
PASS: Viewstate Scanner [10032]
PASS: Secure Pages Include Mixed Content [10040]
PASS: Weak Authentication Method [10105]
PASS: Absence of Anti-CSRF Tokens [10202]
PASS: Private IP Disclosure [2]
PASS: Session ID in URL Rewrite [3]
PASS: Script Passive Scan Rules [50001]
PASS: Insecure JSF ViewState [90001]
PASS: Charset Mismatch [90011]
PASS: Application Error Disclosure [90022]
PASS: WSDL File Passive Scanner [90030]
PASS: Loosely Scoped Cookie [90033]
WARN: Incomplete or No Cache-control and Pragma HTTP Header Set [10015] x 1
WARN: Web Browser XSS Protection Not Enabled [10016] x 3
WARN: X-Frame-Options Header Not Set [10020] x 1
WARN: X-Content-Type-Options Header Missing [10021] x 1
FAIL-NEW: 0    FAIL-INPROG: 0    WARN-NEW: 4    WARN-INPROG: 0    INFO: 0    IGNORE: 0    PASS: 22

By default the output lists all of the passive scan rules applied and whether they passed or failed.

You can change how the baseline handles different errors by specifying a rule configuration file via either the -c flag (for a local file) or the -u flag for a remote URL.
You can also generate a default file using the ‘g’ option:
As specified in the generated file header you can change any of the “WARN”s to “IGNORE” or “FAIL”.

The script will exit with a 0 if there are no issues, 1 if there are any failures or 2 if there are just warnings. The return value can therefore be used in CI tools like Jenkins, CircleCI, TravisCI, etc. to fail a build step.

For example, the configuration below shows how the baseline scan can run in CircleCI with every pull request:

    # build and run an application container
    - docker build -t myrepo/myapp
    - docker run myrepo/myapp &
    # retrieve the ZAP container
    - docker pull owasp/zap2docker-weekly
    # run the baseline scan against the application
    - |
      docker run -t owasp/zap2docker-weekly \
      -t -m 3 -i

Scanning Multiple Sites

The baseline scan is a great way to check that a single site meets your base security requirements.

In order to run the ZAP Baseline scan against a large number of websites, we have written a set of wrapper scripts specific to Mozilla. You can find  generic versions of these scripts in the ZAP community-scripts repository.

You will need to customize these scripts as detailed in the README:

  • Change the sites listed in
  • Change the relevant user and repo details in
  • Build a docker image
  • Run the docker image, setting the credentials for your user

These scripts will then generate a summary dashboard in your repo wiki:

The ‘Status’ badge is a link to a page containing the latest baseline results for the relevant application and the ‘History’ date links to a page which show all of the previous scans.
Example pages are included on the community scripts wiki:


The baseline scan is highly configurable and allows you to fine tune the scanning to handle your applications more effectively.
You can do things like:

  • Increase the time spent spidering your application
  • Use the Ajax Spider in addition to the standard ZAP spider to handle applications that make heavy use of JavaScript
  • Include alpha passive scan rules as well as the beta and release quality ones used by default
  • Ignore specific URLs or even ignore specific issues on those pages
  • Link known issues to a bugtracker URL
  • Specify any of the options supported on the ZAP command line

For more details see the ZAP wiki:


The baseline scan gives us immediate feedback about the security controls in place across all of our web applications. The scans run on every commit so that we are immediately aware if there has been any regression. The dashboard allows us to track the state of our applications and the CI integration provides the ability to block a deployment if the baseline is not met.

Integrating baseline scanning in CI/CD helps us work more closely with developers and operators. We don’t force our security tools onto DevOps processes, we integrate security into DevOps. The net effect is better collaboration between teams, and faster turnaround on fixing security issues.

Air MozillaJanuary 2017 Privacy Lab - Ask the EFF Privacy State of the Union and Wish List For the Coming Year

January 2017 Privacy Lab - Ask the EFF Privacy State of the Union and Wish List For the Coming Year For our first Privacy Lab of 2017, we've invited a panel of five experts from the EFF to present a Privacy State of the Union...

Mozilla Add-ons BlogPreventing Add-ons & Third-party Software From Loading DLLs Into Firefox

Updated 2017-01-25: Thanks for the feedback given on this post. To lessen the impact of this change on developers, we’ve clarified our policy and updated this post such that it applies only to new add-ons, and those that do not rely on Firefox internals. It also includes further clarification that add-ons loading binaries that depend on Firefox internals could be subject to blocklisting starting in Firefox 53.

Loading a DLL or binary component into the Firefox process is a method employed by third-party software to enable low-level interactions between Firefox and the operating environment and/or applications that run within it. Binaries can be loaded via an add-on using JS-ctypes, or injected directly into the process using other methods to enable functionality not available natively. These techniques, however useful to the developer, do not always account for underlying changes to Firefox, and are frequently the root cause of startup crashes for users running a new version of Firefox for the first time.

Over the past year, these startup crashes have resulted in the delay or revision of four Firefox releases. The crashes erode confidence in Firefox, and can render Firefox and the information it contains unusable. Users of Firefox need the confidence that their browser won’t crash on an update, and that they’ll have a positive experience using the newest and most secure version available. Firefox release managers need the confidence that they can release new versions of Firefox without worrying about crashes brought on by third-party software.

With the introduction of the Native Messaging API in WebExtensions in Firefox 50—released on November 8, 2016—extensions are able to communicate directly with a host executable running in a separate process. These executables are installed separately, and provide low-level interactions outside of the Firefox process without the possibility of crashing it. The use of Native Messaging with extensions is the supported method for third-party developers to perform interactions that are not available natively, and other methods, including using JS-Ctypes, are actively discouraged.

Starting with Firefox 53, to be released on April 18, Mozilla will introduce changes designed to discourage and/or prevent the loading of third-party binaries into the Firefox process(es) that include:

  • Updating our add-on policies and validation methods to reject:
    • Any new add-ons that load binaries using JS-ctypes or other methods
    • Any add-on that loads libraries that depend on Firefox internals.
  • Updating the blocklisting policy to include:
    • Blocking of libraries that third-party software loads (or attempts to load) DLLs into the Firefox process(es) using any method
    • Blocking of add-ons that incorporate binaries that depend on any internal of Firefox
  • Product changes to better protect Firefox from DLL injection

These changes will also prepare us for wider adoption of the 64-bit version of Firefox on Windows in the near future, as some existing DLLs that are injected or loaded will not be compatible.

Add-on developers who are currently using JS-ctypes should begin immediately transitioning to the Native Messaging API using WebExtensions. Documentation and examples for Native Messaging are available on MDN, and you can ask questions or share concerns about these changes in these communication channels.

Air MozillaVersion the Docs - Version control & documentation (Write The Docs London)

Version the Docs - Version control & documentation (Write The Docs London) How do you version your documentation? How do you collaborate with co-authors? Recently a lot of people have gotten really excited about Git and how...

hacks.mozilla.orgWebGL 2 lands in Firefox

With the release of Firefox 51, WebGL 2 support has landed! WebGL is a standard API to render 3D graphics in the Web. It is based on OpenGL ES, which is commonly used by mobile games.

To date, we have been able to use WebGL 1 (based on OpenGL ES 2) to render fancy graphics into a <canvas> element. WebGL 2, however, is based on the OpenGL ES 3.0 specification, which introduces new features – many of them aimed at increasing performance and visual fidelity.

Until today, WebGL 2 had been usable behind a flag or in the Developer Edition or Nightly, but with Firefox 51, it’s now unlocked for all users of Firefox on Windows, MacOS, and Linux.

Demo: “After the Flood” (PlayCanvas)

To give you a taste of the content WebGL 2 enables, we’re excited to highlight After the Flood, an interactive WebGL 2 demo by PlayCanvas. (Please note that this demo is currently desktop only, with mobile support coming soon.) Take a walk through the fantastical environment of water, glass, and steel running entirely within your web browser!


How to use WebGL 2

To request a WebGL 2 context, all we need to do is ask for one from a <canvas> element. The string we use to request WebGL 2 is “webgl2”.

let canvas = document.querySelector('canvas');
let ctx = canvas.getContext('webgl2');

WebGL 2 might not be present in all browsers, so you should include some fallback code:

let canvas = document.querySelector('canvas');
let ctx = canvas.getContext('webgl2');
let isWebGL2 = !!ctx;
if (!isWebGL2) { // try to fallback to webgl 1
    ctx = canvas.getContext('webgl') ||
if (!ctx) {
    console.log('your browser does not support WebGL');

A word of caution…

Keep in mind that while WebGL 2 is based on OpenGL ES 3.0, it’s not identical. For instance, WebGL 2 does not support program binaries, and a number of optional restrictions in OpenGL are made mandatory for WebGL 2. The differences between the two are laid out in the WebGL 2 spec, so if you’re already familiar with OpenGL, you’ll be able to get up to speed with WebGL 2 quickly.

Another thing to note is that WebGL 2 is not strictly backwards compatible with WebGL 1, so there is the possibility that your WebGL 1 code will not work as expected when using a WebGL 2 context. That said, the differences are fairly minimal, and you should be able to port your code and shaders without too much hassle. You can read a backwards incompatibility list in the spec, as well as this quick guide from WebGL2 Fundamentals about migrating code from WebGL 1 to WebGL 2.

Keep in mind that while WebGL 2 will be bringing these new features to many of our users, we cannot offer WebGL 2 to users with old or outdated graphics cards and drivers.

Highlighted features

Updated shading language

WebGL 2 supports OpenGL ES Shading Language 3.0, which allows for much more capable and efficient shading programs. The new toys include:

  • True integer types
  • Uniform blocks
  • Binding the location indices for shader inputs and outputs in the shader source
  • Fragment discard
  • Dynamic loops
  • Sophisticated texture sampling built-ins

Multiple render targets (“MRTs”)

This allows you to render to several color buffers or textures in one pass, using multiple outputs from the fragment shader.

This feature was enabled in WebGL 1 via an extension, but now forms part of the core set of features of WebGL 2, so there’s no need to worry about a fallback path.

One of the main applications of MRTs is a technique called deferred shading – and we have already written about it in Hacks before. It’s a rendering technique that allows for a lot of dynamic lights in a scene, since the complexity on rendering doesn’t depend on the amount of lights, but on the actual number of pixels that are being lit.

Instanced geometry drawing

Instancing allows you to render multiple instances of a geometry with a single draw call, which reduces the burden on the CPU. Note that each instance can have its own attributes, like a transformation matrix, so you could use this to render a lot of similar objects, like particles, trees in a forest, people in a crowd, etc.

The following THREE.js demo uses instancing via an extension – which, remember, is no longer needed in WebGL 2.

New texture features

3D or volume textures are textures where we access the data using three coordinates instead of two (like in regular, 2D textures). These are most commonly used for tone mapping, but also can be helpful for rendering volumetric effects, like smoke, fog, and rays.

2D array textures hold a series of separate 2D layers, which a shader can index into in order to select just one of the contained 2D textures.

Sampler objects are new in WebGL 2. These decouple the way the texture is sampled from the texture selected for sampling, so a single texture can be sampled in several ways, and multiple textures can point to the same sampler object.

WebGL 2 also removes restrictions on non-power-of-two (NPOT) textures.

Transform feedback

Transform feedback captures the output of the vertex shader into a buffer object, often using this output as input to the next frame. This creates a loop that doesn’t leave the GPU, offloading the CPU of these computations. Particle systems often take advantage of transform feedback to iterate each particle’s position and move it in each frame without CPU interaction.

Transform feedback can also be combined with “rasterizer discard”, which allows running the vertex shader without the fragment shader. This allows for natural “map” GPGPU (general-purpose computing on graphics processing units) data processing flows.

And more!

There are many more features that have arrived in WebGL 2, including Vertex Array Objects, MSAA renderbuffers, and Uniform Buffer Blocks to name a few. For a full list of everything new in WebGL 2, you can have a look at the official spec, since it contains just the differences between WebGL 1 and 2.

A number of these features can be seen in relative isolation on the WebGL 2 samples page. These feature-specific demos serve to illustrate the effects possible with new features, as well as to provide example code for how to use them.

What’s next

We’re releasing the API for widespread use today, but there’s still more work to do. We’re looking forward to working on performance improvements, relaxing some restrictions, and improving general polish. We know performance in particular is on a lot of your minds, so we have some exciting work in store to provide applications with the performance they need to deliver even more sophisticated and impactful experiences.

In addition to seeing apps add WebGL 2 support, we look forward to seeing WebGL 2 integration into existing WebGL frameworks and engines. PlayCanvas is supporting WebGL 2, as shown off in our highlight of After the Flood. Three.js also has support for utilizing WebGL 2. Keep an eye out for other engines receiving WebGL 2 support later this year!

Running into an issue? Please file a bug on our Bugzilla. (Remember: GitHub logins work too!)

The Mozilla BlogFirefox Gets Better Video Gaming and Warns of Non-Secure Websites

Today’s release of Firefox includes various features for developers and users that enable a richer and safer experience on the web.

WebGL 2 enables a new generation of 3D graphics on the web

Firefox is the first browser to support the new WebGL 2 standard, which gives developers the ability to utilize compelling 3D graphics that are available for the first time on the web. Expanding on the solid foundation of WebGL 1, WebGL 2 allows content creators to leverage more modern accelerated rendering features, like transform feedback, expanded texturing functionality, and multisampled rendering support. This will make it possible for developers to create more sophisticated and engaging visual content on the web.

The full WebGL2 feature set works on Windows, MacOS, and Linux. Developers interested in learning more about WebGL 2 can read about it on the Hacks blog.

If you’d like to try running a WebGL 2 demo, upgrade to Firefox 51, and check out the After the Flood by PlayCanvas. Here’s a quick video of the demo if you haven’t upgraded yet.

Helping users identify non-secure Web sites

Keeping users safe online has been a key priority for Mozilla, and we’ve long been a vocal proponent for using HTTPS to secure a user’s Web experience through efforts like Let’s Encrypt. HTTPS encrypts your connection to help protect you from eavesdropping and tampering when doing everything from online banking to communicating with your friends.

Starting today in the latest Firefox, web pages that collect passwords, like an email service or bank, but have not been secured with HTTPS will be more clearly highlighted as potential threats.

Up until now, Firefox has used a green lock icon in the URL bar to indicate when a website is secure (using HTTPS) and a neutral indicator (no lock icon), otherwise. In order to more clearly highlight possible security risks, these pages will now be denoted by a grey lock icon with a red strike-through in the URL bar.


Secure (HTTPS) connection

BeforeNon-secure (HTTP) connection

Before nonsecure



Clicking on the “i” icon, will display the text, “Connection is Not Secure” and “Logins entered on this page could be compromised”.

You can read more details about how we help users identify non-secure sites on the Mozilla Security blog.

Continuing to improve responsiveness with multi-process Firefox

Last year, we started the process of rolling out multi-process Firefox to desktop users. Instead of running all of Firefox in one process, Firefox now runs in two processes: one for the browser’s user interface and another for web page content. The result is a Firefox that is faster and more responsive. Today, more than half of desktop users are running Firefox in multiple processes.

There’s more for developers in the new release, too, including IndexedDB 2, a big upgrade to a powerful standard API for local storage.

about:communityFirefox 51 new contributors

With the release of Firefox 51, we are pleased to welcome the 47 developers who contributed their first code change to Firefox in this release, 42 of whom were brand new volunteers! Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions:

  • c3.sazae3: 1296123
  • fiveNinePlusR: 1291830
  • habeebahma1: 1261313
  • ktakashi19980515: 1291061
  • longsleeper: 1293567
  • mgsudhanva: 1282910
  • p.panayiotou2: 1285745
  • rsurve: 1255843
  • skoji: 1295866, 1298571
  • Adam: 1288745, 1299143, 1299144
  • Akihiko Odaki: 1298565
  • Akshay CV: 1296182
  • Andrew Magdy: 1293000
  • Anthony Miyaguchi: 1277595
  • Arseny Malkov: 1295531
  • Bhuvnesh Maheshwari: 1299207
  • Calvin Lui: 1287594
  • Divyanshu Vishwakarma: 1292998
  • Dragoslav Mlakar: 1282289
  • Glenn Fernandes: 1022545, 1292542, 1296395, 1296945
  • Gregory Moore: 1298709
  • Hallvord R. M. Steen: 1291069
  • Hassan Ali: 1256929
  • Igor: 1197328, 1197331, 1289890, 1293384, 1296180
  • Jason Woofenden: 1008019
  • John Paul Adrian Glaubitz: 972945
  • Julian Chu: 1296748
  • Kacper Michajłow: 1297794
  • Kim Moir: 1277579, 1293730, 1296088
  • Ninad Bhat: 1301628
  • Paul Yang: 1286513
  • Pierre Bertet: 1224863
  • Piyush Sinha: 1274167
  • Prakhar Agrawal: 1298909
  • Pranaydeep Singh: 1293738
  • Saheda Reza: 1298016
  • Sumit Tiwari: 1290566, 1290698, 1292999, 1298512
  • Tanuja : 1285940
  • Udayan Baidya: 1297693
  • Wil Clouser: 1288178
  • Wladimir Palant: 918600, 1300735
  • Yuri Kazuna: 1291481
  • kashyap: 1290701
  • kevin: 1134307, 1140286, 1254867, 1273369, 1283704, 1301126
  • ou shinjo: 1266165, 1274484
  • sj: 1295080, 1295556
  • tuhina chatterjee: 1293002
  • yusukeTMJP: 1297000