How secure is firefox hello?

Similar Messages

• How secure is Firefox Sync on Android

  First, let me summarize how I understand the current security concept of Firefox4Linux, as some of the documents I read may be old:
  L1) During sync setup Firefox4Linux creates recovery key, encrypt all passwords, bookmarks, ... using this recovery key and upload them to the server[1].
  L2) Passwords are encrypted only by using the recovery key, (not by master password)[2].
  L3) When pairing J-PAKE (Password Authenticated Key Exchange by Juggling) is used to securely transfer the recovery key[3].
  L4) On Firefox4Linux master password is used to encrypt the Recovery Key. Based on my own observation as it is not possible to view Recovery Key without entering the master password at least once.
  This all seems to me reasonably secure and there should be no leakage of recovery key without compromising Master password. Now regarding my findings for Firefox4Android:
  A1) Firefox4Android stops syncing passwords when master password is used[4].
  A2) Based on my observations Firefox4Android continue to sync bookmarks, tabs, ... even when it is still asking for master password and I am not providing it.
  A3) Based on A1 and A2 it looks like that, recovery key is not encrypted using master password.
  A4) Based on A3 anybody who gets physical access to the Android device, can get recovery key, setup synchronization on PC and obtain all the passwords!
  Please let me know, if I missed something. As it looks to me, using synchronization on Firefox4Android is not secure even if you use Master Password.
  Currently I see possible workaround for this issue:
  1) Disable master password on Firefox4Android
  2) Setup synchronization
  3) Let passwords, bookmarks, synchronize
  4) Disable synchronization (deleting synchronization account should delete recovery key)
  5) Enable master password
  Only security issue with this workaround may be, that recovery key may be readable from the NAND flash for a while, because of the wear-leveling techniques. Possible workaround for this, would be generating new recovery key, after performing each synchronization with Android.
  [1] http://support.mozilla.org/en-US/kb/firefox-sync-data-secure-find-out-more
  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=540975
  [3] http://gregoryszorc.com/blog/2012/04/08/comparing-the-security-and-privacy-of-browser-syncing/
  [4] http://support.mozilla.org/en-US/kb/use-master-password-protect-passwords-firefox-andr

  I would need a help, how to use Firefox Sync safely on Android devices, without that crazy workaround. I believe I am not the only person having this problem and somebody has find out something more straight forward.

• How to initiate firefox hello conversation on Android?

  There is a smiling face button on the desktop version, but there is no such button on the mobile version.

  hi xuphys, currently the conversation has to be initiated by a desktop user - but if you have a call link you can also take part in a conversation via firefox on android.

• How can I Remove Firefox Hello in a high-security environment?

  Hi,
  After a recent Firefox update in a test environment for a high-security environment (I'm not at liberty to disclose the nature of this environment, sorry. Let's just say we have to disable Firefox from contacting Mozilla's servers and further disable Google's "Safe Browsing" due to possibility of inadvertent unauthorized disclosure) We have noticed a feature: "Firefox Hello", this feature causes Firefox to violate strict policy as it transforms it from being classified as strictly a "Web Browser" (which is permitted) to a "Chat Application", all of which are completely banned. Simply disabling Hello is not a sufficient option as Firefox still contains the code to run Hello, which still constitutes it a "Chat Application" as per policy. We have the capability to edit out unauthorized code from open source software internally, but we don't know where to start to remove this code from the Firefox codebase as Hello seems pretty well integrated.
  Currently I only have two options, both of which do not please me as for me personally, (I really like Firefox and have fought to include it in any environment I can):
  1. Discontinue permanent use of Firefox.
  2. Discontinue updating Firefox permanently or until Hello is removed as a non-modular element. This is unacceptable as it'd mean we can't keep it secure, which causes us to fall back to (1).
  I would graciously like any third option. Internet Explorer seems to be the only browser that provides sufficient enterprise-level control without extraneous features at the moment with the addition of Hello to Firefox. We have banned Chrome from our environment due to how tightly bound it is with Google's "Cloud" services and hope that Firefox isn't becoming a "Cloud" browser for Mozilla, Sync has already placed Firefox under the microscope as it is.
  Thank you.

  We have WebRTC traffic blocked (We have a setup that audits SSL traffic before it leaves or enters the network).
  Our primary issue with Hello is that policy classifies the actual code used to run it as being very much like an Easter Egg, code that was inserted that goes beyond the spec of being a web browser and thus difficult to audit. It's easy to block services in general, but when an a single unauthorized service becomes a core feature and has code strapped to the browser, that throws up red flags that Mozilla is moving Firefox away from being a organization-managable browser and more toward an exclusively mozilla-managed "Cloud" browser, where there is a possibility that Mozilla will seek more control over user experience that will increase attack surface.
  It's reasons like this we decline to install Chrome into our environment, because Google has several services built-in to the core of their browser and do not leverage their extensions capabilities, but rather mandates that these features "must be installed" and that users can only toggle them off.
  It's easy to uninstall an extension or to recompile with a flag, but it's hard when a vendor makes decisions for you and tells you "This is good for you, you must embrace it" irrespective of policy of organizations or even individual users wishes.
  Thank you all for this information, it will help our future audits and help determine if Firefox is right for our needs.
  Unfortunately I can't mark this thread as "Solved" since the root issue is still not solved (Mozilla's development practices making something that should be an extension, a core aspect of the browser), so marking it solved would be a lie. But thank you both nonetheless.

• Is firefox Hello (v36.0) automatically opening a listening port when starting up? Is this a security risk?

  After updating to firefox 36, windows firewall offered to block firefox. That usually happens when a program opens a port to accept INCOMING connections. Currently I have blocked it!
  Is firefox opening a listening port and is that a security risk?
  Have fun

  Mozilla Firefox is very security conscious and privacy aware.
  Some of the connections made are intended to increase security by ensuring everything is updated.
  See
  * https://www.mozilla.org/privacy/websites/ {and follow linked articles)
  * [[How to stop Firefox from automatically making connections without my permission]]
  I am not certain if the Hello & social button do anything, but you can experiment with the settings mentioned in the above article, although generally it would be best if after any experiments you returned to the default settings.

• How to disable web security in firefox

  Please let us know how to disable web security in mozilla firefox .
  I tried re-setting the below :
  security.fileuri.strict_origin_policy;true
  network.http.referer.XOriginPolicy
  but its not working.
  Whereas in chrome we have the below option to set websecurity :
  chromium-browser --disable-web-security
  Please advice.

  Hi,
  I understand that you would like to know how to disable web security in Firefox and you have tried: security.fileuri.strict_origin_policy;true and network.http.referer.XOriginPolicy. These are cross domain single origin policy that refers to a specific header int HTTP.
  The chromium-browser --disable-web-security essentially does the same thing. (Ideally) It seems from a couple of sources that this does not actually disable Cors as well? Hence (https://bugzilla.mozilla.org/show_bug.cgi?id=1039678)
  Please do report back with what you find!
  EDit: It sounds like the feature you are looking for has not been implemented yet.

• How to reset firefox profile if it crashes on start (also safe mode)

  Hello,
  I need to know how to make Firefox do a profile reset when it crashes on start even in safe mode. It starts fine with a new profile.
  I had this before today, and then after the 3rd crash report send, a popup offered me a solution to reset my profile while retaining the most important settings. I tried that option and it worked. But I could no longer sync my password with the new sync because of a master password set. I find this a show stopper, so I did a profile restore (mozbackup), I wish I didn't have.
  I now have the same problem again with Firefox crashing, but it no longer offers the popup with a solution by trying safe mode (i did manually doesn't work) or resettting the profile.
  I need to know a command line switch the make Firefox reset the profile while retaining the important data or how to force it show the pop-up.
  Thanks a lot, I'm really pulling my hair out over this and need my Firefox experience back!
  Thank you
  Regards

  Note that a profile created via a reset still can carry over issues because some data is recovered automatically.
  If you use the Profile Manager then you get a completely clean profile and if that works then you can copy files yourself to the new profile or possibly try to identify what is wrong and repair your previous profile.
  You only see button to Reset Firefox on the "Help > Troubleshooting Information" page and in the Safe Mode startup window if you use the profile that is marked as Default=1 in the profiles.ini file (Profile Manager).
  If you do not have the "Reset" button then either use the Profile Manager to create a new profile or use the Profile Manager to start with the current default profile to get the Reset button in Firefox.

• How to configure Firefox to use OpenVPN?

  summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
  details:
  I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
  I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
  * `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
  * I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
  * I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  * browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
  Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
  https://wiki.debian.org/openvpn%20for%20server%20and%20client
  me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
  Sat Nov 8 16:49:00 EST 2014
  port 1194
  proto udp
  dev tun
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/server.crt
  key /etc/openvpn/server.key
  dh /etc/openvpn/dh1024.pem
  server 10.8.0.0 255.255.255.0
  ifconfig-pool-persist ipp.txt
  push "redirect-gateway def1 bypass-dhcp"
  push "dhcp-option DNS 8.8.8.8" # google public DNS
  keepalive 10 120
  comp-lzo
  user nobody
  group nogroup
  persist-key
  persist-tun
  status openvpn-status.log
  verb 3
  me@laptop:~$ date ; cat /etc/openvpn/client1.conf
  Sat Nov 8 16:51:31 EST 2014
  client
  dev tun
  proto udp
  remote ser.ver.IP.num 1194
  resolv-retry infinite
  nobind
  user nobody
  group nogroup
  persist-key
  persist-tun
  mute-replay-warnings
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/client1.crt
  key /etc/openvpn/client1.key
  ns-cert-type server
  comp-lzo
  verb 3
  up /etc/openvpn/update-resolv-conf
  down /etc/openvpn/update-resolv-conf
  My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
  me@jumpbox:~$ date ; sudo iptables -L
  Sat Nov 8 16:42:06 EST 2014
  Chain INPUT (policy ACCEPT)
  target prot opt source destination
  fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
  Chain FORWARD (policy ACCEPT)
  target prot opt source destination
  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination
  Chain fail2ban-ssh (1 references)
  target prot opt source destination
  RETURN all -- anywhere anywhere
  After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
  me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
  Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
  Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
  Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
  Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
  Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
  Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
  Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
  Sat Nov 8 17:48:25 2014 GID set to nogroup
  Sat Nov 8 17:48:25 2014 UID set to nobody
  Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
  Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
  Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
  Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
  Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
  Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
  Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
  me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
  Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
  Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
  Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
  Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
  Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
  Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
  Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
  Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
  dhcp-option DNS 8.8.8.8
  Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 GID set to nogroup
  Sat Nov 8 17:49:16 2014 UID set to nobody
  Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
  I then see the following on my client:
  * `ifconfig` shows a new entry=`tun0`, which looks correct
  * I can `ping` the server using either its real IP# or `10.8.0.1`
  * I can `ssh` to the server using either its real IP# or `10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  ... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
  This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
  Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
  Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
  your assistance is appreciated, Tom Roche <[email protected]>

  You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
  Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
  http://hg.mozilla.org/labs
  but it's not clear what you need.

• How to make Firefox to never update that slow custom look since FF 29?

  How to make Firefox to never update that slow custom look since FF 29? How to change windows installation and ubuntu installation so they never update after FF 28 witch was last normal speed normal browser?
  Hello. I can easy remove on Windows FF 29 or FF 30 and its slower on fast computer. But its affected by millions of users. With FF 28 it was allways fast.
  Why fast? I dont know but its SLOW Now any version after FF 28.
  Since FF 29 FF loads and hangs very very slow each time loading, starting, or changing tabs. It is making problem for everyone and now everyone calls with help- "why computer is slow.. oh its FF? Chrome? Chrome was slow but now its not the slowest one?"
  Very colorfull Example- one comp is 10" and its very very very very low specs. So it wont run at all.
  Now on small comp we can try linux and FF BUT no matter what OS just couldnt get back with any plugins back normal speed. Since FF 29 its very very very slow and that needs to have a solution. Today came update and still unneded custom menu button and its slowness hasnt been removed (unnoticed) so it needs a fix so it works for people who are not just for browsing internet buying new computer and cant get any faster speed then Chrome since now theres no FF anymore.
  SO- How to do that on Windows and Linux- installing FF 28 and making it never upgrade
  OR even better- Making a package that already has this update disbled setting ON?
  p.s. Should you first ask people how they like slow browsers before making fast one to a slow one?
  p.p.s. i dont get how menu could be added by thouse who need it as an add-on ass allways and not presuring everyone who never touches any button.
  p.p.p.s. your business was beeing neutral ngo making browser for people and not for making cloged systems so new computers could be sold by some company advice or infiltrated mole who will suggest such unneded feature as any other addons, but sticking it in for everyone.

  Hello,
  You can download version 28 from here:
  https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/28.0/
  Also, you'll have to disable auto updates to remain with version 28 by following the steps described in this support article:
  https://support.mozilla.org/en-US/kb/advanced-settings-browsing-network-updates-encryption#w_update-tab

• Have bookmarks on usb key backup, cannot figure out how to open firefox (already installed) to import the book marks .

  I know how to take bookmarks from Windows 7 (firefox) and put them into another windows machine. I know to import them into Ubuntu, I have to open up firefox in Ubuntu (already pre-installed). I just cant find any bookmarks list in the Ubuntu firefox list that I can access, so I cannot import them using "import" (which everyone says glibbly) to get them in. How do I access bookmarks in the pre-installed firefox.

  Hello,
  You'll need to transfer the bookmarks backup file from your Windows PC to your Ubuntu PC - perhaps by emailing it to yourself or copying it onto a USB stick. Once you've done this, here's how to copy (import) them into Firefox on Ubuntu:
  # Click the Bookmarks button [[Image:Bookmarks-29]] and select ''Show All Bookmarks''.
  # At the top of the Library window, click on ''Import and Backup'' and select ''Restore''.
  # Click ''Choose file''
  # In the new window that appears, browse for the bookmarks file, select it and click ''Open''
  # Your bookmarks from Windows should now be imported.
  For more information, see the [[Restore bookmarks from backup or move them to another computer]] article.
  Did this fix your problems? Please report back to us!
  Thank you.

• How to move firefox history from macbook?

  Hello,
  Need to know how to move firefox history from macbook to other new macbook?
  Thank you

  You can use Firefox Sync to sync the history.
  You can also copy the places.sqlite database file from the old computer to the new computer.
  *https://support.mozilla.org/kb/Recovering+important+data+from+an+old+profile
  You can use this button to go to the Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
  In Mac OS X v10.7 and later, the $HOME/Library folder is a hidden folder.
  Open Finder and use one of these:
  *Go > Go To Folder (Shift-Command-G) and in the dialog type: ~/Library
  *Open the "Go" menu and hold down the Option key to make the Library appear
  *http://kb.mozillazine.org/Show_hidden_files_and_folders

• How to launch firefox 4 in full screen mode

  hello, How to launch firefox 4 in full screen mode. I dont want to press SHIFT CMD F each time? thx

  There needs to a be a space before -fullscreen and that switch needs to be placed after the quotes
  *"C:\Program Files\Mozilla Firefox\firefox.exe" -fullscreen
  But I don't think that it will work. Firefox 4 doesn't have that switch by default, so support should be added via an extension.

• How to make Firefox open automatically a new, empty tab in each start, but keep last sessions?

  How to make Firefox open automatically a new, empty tab in each start? (keep last sessions as well) It will be good, because Firefox wont load the previous sessions last watched tab after start straight away, but keep my previous sessions tab as well in the browser.

  Hello,
  You can change your home page settings to open a blank tab:
  * Tools (or [[Image: New Fx Menu]]) > Options > General
  * Beside "Startup", change to "Show a blank tab"
  * See the article [[Startup, home page and download settings]] for more information
  To retrieve your previous browsing session, first make sure that you are not running in [[Private Browsing - Browse the web without saving information about the sites you visit|Private Browsing mode]]. When you start Firefox, to recover your previous session, you can go to:
  * History (or [[Image: New Fx Menu]] > History) > Restore Previous Session
  * Please see [[Restore previous session - Configure when Firefox shows your most recent tabs and windows]] for more information

• Why do you automatically assume the people I wish to contact via Firefox Hello are on Gmail or Yahoo?

  I was "trying" Firefox Hello but when I tried to use it for the first time, to connect with anyone I'd know, I was only given the choice of using Gmail or Yahoo as sources for email links. I primarily use Outlook and any contact I'd care to connect with would be located there. When the "Choose an application" window came up showing only Gmail and Yahoo, I clicked to find another app to use and have no idea how to find/connect with my Outlook app for email links. The Firefox app shows no way to access any other kind of email and I think that's damned short-sighted and arrogant of Firefox to not allow for customers/users of their app to access email links by other means!

  hi Janthony, you could try to use this addon to direct mailto:-links to your outlook webmail: https://addons.mozilla.org/en-US/firefox/addon/livemailer/

• How secure is an open wireless network?

  Hello everyone,
  I'd like to get your opinion on the following:
  Situation: Staying at a Motel with free wireless. It's completely unsecure- I managed to log onto the Wireless Router with a blank password and if I wanted to, could seriously mess around with the settings, e.g. block out all Mac addresses other than my own, change base ID, enable WEP etc. The Motel employees are clueless about this and don't know anything about it other than making sure the wireless AP is plugged in and blinking.
  I'd like to check my banking statements online (Https of course) and am pondering the following:
  How secure is my connection? Could someone feasibly run a wireless sniffer like Airsnort and capture my id and password to my online bank? Is there anyway I can protect myself against such attacks?
  Thanks for you input.
  -Rich

  Could someone feasibly run a wireless sniffer like Airsnort and capture my id and password to my online bank?
  It's possible, though any commercial entity such as a bank runs their web site such that account names and passwords are encrypted from your browser (that's what HTTPS does). So anyone wanting to grab your information would have to not only sniff the stream at exactly the right time (or capture a lot of data and try and sort it out), they'd have to then break the encryption. It's possible but it's not trivial, so very few people waste their time trying, just for a single account. Most such crooks spend their time trying to hack the servers at the bank or company where they can harvest hundreds or thousands of accounts, not just one.
  So is it possible? Yes. Is it likely? No.