Mozilla Connect

Please consider adding native support for this. Hate having to switch to Chrome, just to use a web installer.

https://nvd.nist.gov/vuln/detail/CVE-2024-9680

Animations were a security problem, should they have been removed? No, they were patched like any reasonable solution to a security problem. Could the same be done for Web Serial? Absolutely!

I hate to say this but over course of recent years every change that Firefox team brings is sort of questionable.

Chrome and Safari provide better support of web-standards, work faster and become more and more usable. TBH, I use Safari more and more. Also, it renders fonts a little bit nicer.

Instagram reels section just hangs in Firefox.

Mozilla developed a super-fancy Rust but can't use it to make the browser secure.

There are real problems but developers add a weather widget to a new tab.

Dear developers, if you don't get focus back onto your customer's demands you will lose Firefox.

at the end of the day it really is just simply this ^^^

they aren't focusing on what the community wants and are doing questionable and, frankly bad or pointless decisions and they're really gonna start losing users over it soon if they don't get their act together

Meanwhile Arduino released in-browser IDE that works with every other browser except Firefox https://blog.arduino.cc/2024/10/28/the-web-based-arduino-lab-for-micropython-editor-is-out-with-chro...

Arduino is the most popular platform amongst the ideal target audience for Firefox.

It is sad to see how Firefox turns into Internet Explorer.

Actually you are right. Why not do it? Heck, let's give websites Ring -1 privileges on the CPU, it can make remote debugging so much easier!

That's an absolutely insane false equivalency. You can't seriously compare sandboxed, limited access to hardware devices authorized by the user to granting websites unfettered hypervisor access. This is just a disingenuous argument.

Adding any new feature will increase attack surface, and how low level a feature is does not necessarily dictate how much risk is involved. Most vulnerabilities in browsers these days are because of poor memory management, not due to the nature of the APIs that are implemented. For example, the very recent CVE-2024-9680 was due to a bug in the AnimationTimeline API. It is ostensibly a high-level API, but resulted in arbitrary code execution in which the attacker could do pretty much anything.

So just because a feature allows lower-level access to hardware devices does not mean it's any more likely to introduce a vulnerability than any other feature. The risk introduced by a feature must be evaluated against the usefulness of it, and so far it seems Web USB, Web Bluetooth, etc. have filled a niche that has seen adoption with some great use cases, for example:

• Arduino has a web-based IDE which can flash directly from the browser. This is advantageous because Arduino hardware is often used in educational settings, where weak and often locked-down devices like Chromebooks or netbooks are ubiquitous. It simplifies setup for educators, administrators, and school IT, and in fact hardens security posture.
• iFixit's soldering iron can be configured from the web without installing any native software.
• Pixel phones can be recovered from a bricked state using a web-based tool, without the need to install any additional software.
• ESPHome and the related ESP Web Tools project are often-used in the home automation space to facilitate quick configuration or flashing of firmware onto ESP-based devices.

I'm sure there are others I've missed; these are just from the top of my head. What all of these things have in common are that end users do not need to install an additional piece of software to work with their device, and the hardware manufacturers do not need to worry about maintaining a tool (including: updating dependencies that have bugs, being careful with memory management, etc.) for many different platforms. See my previous comment for more thoughts on that.

As this suite of APIs sees more mainstream adoption, Firefox will be seen as lagging behind other browsers.

[deleted]

Having to install Google Chrome on Linux in order to replace Stock Android on a pixel device with a more privacy-respecting OS is soooo twisted 😵... C'mon Firefox! 😉

Another vote for proper support of WebSerial in Firefox.  I've got several devices I use regularly that I have to go over to Chrome or Edge to configure:

• My ergo keyboard (uses the Vial extensions to QMK)
• My Flipper Zero
• Arduino type devices

I get that there are probably some legitimate security concerns.  But Firefox devs seem to think that metaphorically burying their heads in the sand is a legitimate response, and that's just sad. 

⌛⏳⌛

The lack of support for WebUSB is the only reason I have a Chromium-based browser installed on my computer, and it's sad.

(Note: similar ideas have been merged into this thread)

@Jon this feels like a dumping ground with merged threads and no official interest.

Please lock and close the thread or maybe see if someone at Mozilla cares (maybe try find an embedded developer)

I'd hate to see the thread close and I do appreciate that at least someone is taking random posts from interested parties and connecting them to here.

Don't give up! Fight the power!