Mozilla has released a second security update this week to patch a second zero-day that was being exploited in the wild to attack Coinbase employees and other cryptocurrency organizations.
Firefox 67.0.4 and Firefox ESR 60.7.2 are now available for Firefox users Firefox Addons for developers
Facebook
Twitter
LinkedIn
WhatsApp
Flipboard
With the latest Firefox browser update – Firefox Quantum – Mozilla made a leap forward in the browser game. The new Firefox browser is not only super-speedy and sleek. It caused an uproar as the new version only supports Firefox add-ons using the WebExtensions API.
We researched, reviewed, and hand-picked 12 of the best Firefox add-ons for developers.
The Best Firefox Add-ons for Firefox Quantum
Mozilla got quite some attention after launching Firefox Quantum in November 2017. Mostly due to its surprisingly great performance.
It’s fast. Really fast. Firefox Quantum is over twice as fast as Firefox from 6 months ago.
Apart from the performance improvements, Mozilla updated these features as well:
Minimalistic design
Private browsing & tracking protection
WebExtensions support
On a downside, Firefox might no longer support your favorite add-ons. With the new update, legacy add-ons that do not use the WebExtensions API are not available.
The good news is: We reviewed and collected the best Firefox add-ons for developers (supported by Firefox Quantum).
1. Usersnap
The Usersnap Firefox add-on lets you capture and annotate any website. It works great for collecting and managing user feedback on websites or applications or for tracking bugs in your browser.
All screenshots are directly saved in your Usersnap projects. It integrates with your workflow, and you can connect Usersnap with JIRA, Trello, Slack and 20 other project management tools. A perfect fit for QA and development teams.
2. Web Developer
I absolutely recommend the ‘Web Developer‘ add-on. It gives you some great features which will make your development workflow faster.
I enjoy various CSS, form and image options. No matter if I want to check alt tags, missing images or image dimensions, this add-on is my preferred choice.
3. User Agent Switcher
The User Agent Switcher allows you to switch the user agent of your browser. The add-on will add an option to the tool settings. This option lets you switch the user agent.
4. Ghostery
Ghostery is a great add-on to display installed trackers and pixels of any website. It helps you to find and analyze the used marketing- and tech stack of any website. And you can block them if you don’t want your session to be recorded.
5. ColorZilla
ColorZilla is an advanced color picker and eyedropper. It allows you to get the color of any pixel in the browser window. The extension also has a built-in averaging square. This helps you get a matching color to for a photo. The add-on is pretty simple and easy to use.
6. HTTPS Everywhere
This Firefox add-on encrypts all your communication with many major websites.
As many sites support HTTPS, they still might use HTTP. Or they fill encrypted pages with links that go back to unencrypted sites. The HTTPS Everywhere add-on fixes these problems by rewriting all requests to HTTPS.
7. BuiltWith
The BuiltWith add-on analyses websites and their technologies, servers, and hosts. It works great for analyzing competitor websites and you can get insights on any web page.
And it even displays tracking IDs, like the Google Analytics ID.
8. Web Developer Checklist
The Web Developer Checklist is a simple add-on that gives you an overview of the usability of your site.
9. Cookie Manager
This Cookie Manager lets you check and manage the cookies. You are able to view, add, change or even delete cookies in any of the domains.
You can even export and import cookies. This is helpful to reproduce certain issues by recreating certain browser sessions.
10. NoScript Security Suite
Winning the “PC World Class Award”, this Firefox add-on got quite some attention. It is one of the top-rated add-ons. This extension makes your browser safer by restricting JavaScript and other executable content.
11. Open Lorem
As a web developer or designer, you’ll find this extension quite helpful. Open Lorem generates “lorem ipsum” text for you and your websites.
12. Page Performance Test
It analyses web pages’ performance based on various parameters. The Page Performance Test measures network, browser, and server performance.
You can use Page Performance Test directly on your console:
Open up your console; you will now find a new tab “page performance”
Summary
In this article, we collected the best Firefox add-ons for developers and designers. Firefox Quantum and the listed Firefox add-ons allow you to step up your development workflow. Go, and check out these add-ons and see how they can make your Firefox a more powerful browser.through the browser’s built-in update mechanism.
This second bug was used together with another one that Mozilla patched two days ago, through the release of Firefox 67.0.3 and Firefox ESR 60.7.1.
THE TWO ZERO-DAYS
The first one was described as a “remote code execution” vulnerability that allowed remote attackers to run malicious code inside Firefox’s native process.
The bug (CVE-2019-11707) was discovered on April 15 by a Google Project Zero researcher and reported to Mozilla, who only patched it this week after the Coinbase security team reported attacks exploiting the vulnerability, together with a second zero-day (CVE-2019-11708).
This second zero-day, which Mozilla described as a “sandbox escape” allowed malicious threat actors to escape from the Firefox protected process and execute code on the underlying operating system.
When combined, the two bugs provide a quick avenue for running malicious code from within a website on a visiting user’s computer.
THE TWO ZERO-DAYS USED IN THE SAME ATTACKS
As ZDNet broke the news earlier today, these two zero-days were being used by an unknown hacking group in attempts to infect the Coinbase staff.
Coinbase employees would receive spear-phishing emails that would contain links to malicious sites. If they clicked the links and visited the sites — if they used Firefox — the page would download and run an info-stealer on their systems that would collect and exfiltrate browser passwords, and other data.
The attacks were tailored for both Mac and Windows users, with different malware strains delivered for each OS. The attacks have been going on for weeks before being detected, and Coinbase said they also targeted other cryptocurrency organizations, and not just their employees.
The Firefox bugfix for the second zero-day is expected to land in the Tor Browser in the coming days. Today, the Tor Browser team updated to version 8.5.2, which includes the fix for the first zero-day.
