Mozilla: CSS, Fuzzers, Firefox Release, and Cookie Protection on Firefox

posted by Roy Schestowitz on Oct 24, 2022

• "Thousand" Values of CSS - otsukare

  W3C TPAC 2022 in Vancouver is over. It was strange to meet after these 3 years away. There would be a lot more to say about this. During the CSS WG meetings, participants are talking about all kind of CSS values. It's quickly confusing.

• Nick Fitzgerald: How Fuzzy are Your Fuzzers?

  As long as a fuzzer is uncovering a steady stream of bugs, we can have confidence it’s serving its purpose. But a silent fuzzer is harder to interpret: is our program finally free of bugs, or is the fuzzer simply unable to reach the code in which they are hidden?

  Code coverage reports can help here: we can manually check which functions and blocks of code the fuzzer has executed. We can see what coverage is missing that we want or expected to be covered, and then figure out ways to help the fuzzer explore that code. We implement those changes, run the fuzzer again, check the coverage reports again, and can verify our changes had the desired effect.

  But how can we be sure that the fuzzer will continue exercising these code paths — especially in evolving code bases with many developers collaborating together? Imagine this scenario: we have a generator that creates test cases that are guaranteed to be syntactically correct, but aren’t guaranteed to type check even if they do in practice 99% of the time. Therefore, our try-and-compile-the-input fuzz target intentionally ignores type errors so it can skip to the next probably-well-typed input, hoping that compiling that next input will trigger an internal compiler assertion or find some other bug. However, some change in one of the generator’s dependencies perturbed the generator so that now it only generates ill-typed programs. After this change, the fuzzer will never exercise our compiler’s mid-end optimizations and backend code generation because it always bounces off the type checker. This is a huge reduction in code exercised by the fuzzer and nothing alerted us to this regression!

• Firefox 106 Lands with Back-Forward Swipe Gesture Support

  The latest release of Firefox is out, and it adds two important new features to the open source browser.

  The popular open source web browser has been updated to version 106 and includes a pair of features that should excite many users…with a caveat. But first, the features.

  With the release of Firefox 106, users will be greeted with the ability to use trackpad gestures (two-finger swipes left and right) to go backward and forward in the browser. Although this feature has bounced in and out of the browser, previously it required using the Alt key to make it work. Now, the Alt key isn't necessary.

  However, the caveat is that this feature only works with Wayland, so X11 users are out of luck. If, however, Wayland is your X server of choice, the feature works flawlessly.

• Keep your family’s internet private with Total Cookie Protection on Firefox

  By the time a kid turns 13, more than 72 million pieces of personal data have been collected about them on the internet, according to a 2018 report. These can include name, date of birth, address, family members, where they hang out, the people they interact with, what they do in the classroom, and which websites they visit. In other words, TMI.

  As a product manager working on Total Cookie Protection, which Firefox rolled out by default to all users in June, I wanted to learn more about how this privacy feature could benefit families. So I designed a family cookie experiment. While it wasn’t as yummy as it sounds, the experience reminded me of why online privacy is so important, especially for kids and teens.