DEV Community

Quentin Sonrel
Quentin Sonrel

Posted on

Firefox 64 drops RSS support, thoughts?

Bonus question: do you (still) use RSS? For those of you who do, what client do you use?

Discussion (23)

Collapse
ondrejs profile image
Ondrej

Yes, Snownews (on HBSD). Would highly recommend it. I do not use Firefox though, Chrome/Chromium is much more secure.

Collapse
rhymes profile image
rhymes

Chrome/Chromium is much more secure

?

You can't drop a sentence like this without an explanation, my dear Watson 🧐

Do you mean because Chromium has a bigger community and therefore more eyes on the code? Or are you referring to something in particular?

Collapse
ondrejs profile image
Ondrej

Mozilla, the company that makes Firefox, formalized a release schedule for handling their development. It is based on fixed windows (6 weeks) where builds cascade down a series of different channels (Nightly, Aurora, etc.), each time with more bug fixes and stability. This is transparent and a perfectly acceptable way to manage a software project (Chrome has a similar series of channels, although they move much faster and not on a fixed schedule.)

Mozilla releases Nightly builds every day (basically)
Aurora builds are released every 6 weeks
Beta builds are bug fix releases of Aurora, every 6 weeks
Release builds are final bug fix releases of Beta, every 6 weeks
Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. To be clear - only Critical and High security bugs.

Thread Thread
ondrejs profile image
Ondrej • Edited on

Here are some minor quirks, but in comparison to Firefox ESR's bug-fix scenario no big deal.

Thread Thread
ondrejs profile image
Ondrej

Case of threat modelling:

Chain a series of Medium / Low vulnerabilities together until they get the level of access they require, e.g. remote code execution. They have a permanent window of exposure.

Is it enough? I think we've gone beyond boundaries of this topic too far.

Thread Thread
ondrejs profile image
Ondrej • Edited on

Ah, I almost forgot this nice little 'feature'.

Thread Thread
tobiassn profile image
Tobias SN

You gotta remember that it just means that Firefox builds are thoroughly tested before release.

Thread Thread
ondrejs profile image
Ondrej

Yes, but again - Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. Chain a series of Medium / Low vulnerabilities together and you could get RCE very easily for adversary with proper resources.

Thread Thread
tobiassn profile image
Tobias SN

If it’s so easy, do it and I’ll talk to you when you’re done.

Thread Thread
ondrejs profile image
Ondrej

Do you understand the concept of threat modelling? Obviously not. We're talking about adversaries with proper resources (e.g. Nation States, APTs, Offensive Intelligence, Major hacker groups).

Thread Thread
ondrejs profile image
Ondrej • Edited on

But usually cleverly crafted XSS (which is opportunistic kind of attack) works with Firefox ESR too. They are mainly blocked by Chrome at the same time.

Thread Thread
tobiassn profile image
Tobias SN

Well you said that RCE was easy with the proper resources, so I'm asking you to obtain those resources and prove your point.

Thread Thread
ondrejs profile image
Comment marked as low quality/non-constructive by the community. View Code of Conduct
Ondrej

Do I see like an adversary with proper resources? If yes, you should probably take a cold shower. If not, why do you ask me stupid question like this. Let's make a deal: Try to study main concepts of information security at your local university and then we can discuss it like two people with equivalent degree of knowledge and understanding in this field. Otherwise, please do not ask me another stupid questions. Thank you.

Collapse
tobiassn profile image
Tobias SN

I find it to be good, as I personally don’t use RSS, neither does the majority of people. Thus, Mozilla has reduced what to most is bloat, and won’t have to maintain it. Besides, there’s a dozen extensions out there that one could use instead.

Collapse
danroc profile image
Daniel da Rocha

What does this mean for RSS and its users (who happen to use Firefox as their main browser)?

I use Feedly and Firefox every day. Never once I thought about Firefox as "providing RSS support", not even sure how would that affect me and my (heavy) RSS usage.

Collapse
ivolimmen profile image
Ivo Limmen

I use CommaFeed. With a 100+ feeds...

Collapse
rbyd3vyaox profile image
RBYD3vYaox

Not a huge problem for me.

I use Inoreader to subscribe and read news.

Collapse
belinde profile image
Franco Traversaro

Bummer, I really like RSS. I'm not using Firefox, but it's sad such a handy technology gets dismissed. I'm using Feedly (and Newsfold on Android) for everything, also dev.to.

Collapse
marissab profile image
Marissa B

Ditto on Feedly. It was my replacement for Google Reader when that was decommed.

Collapse
jonrandy profile image
Jon Randy

I get all my daily news through RSS feeds, viewed in Feedly. Best way to do it as far as I can see

Collapse
goebish profile image
Goebish

Yes I do, I use Thunderbird to read the feeds but I wonder how I'll be able to subscribe now that the RSS button has disappeared from Firefox.

Collapse
erikpischel profile image
Erik Pischel