Building a new Firefox update experience

Planet Mozilla viewers – you can watch this video on YouTube.

Last week I introduced the new Firefox update experience that we’re working on. Since then, we’ve had a few days together in San Francisco to work out a new version (the first version was done last summer). So check out the video above for a walk-though of our progress and the video below for a few scenes of us working together this last week.

Planet Mozilla viewers – you can watch this video on YouTube.

15 thoughts on “Building a new Firefox update experience

  1. The Youtube embeds are giving me 500 errors in Firefox Nightly and Chrome release.

    Also your fonts are being blocked in Nightly by the mixed content blocker : Loading mixed (insecure) active content on a secure page “,600,300”

  2. Looks like the Youtube problem is on their end – is also giving the same 500 error right now !

  3. So you are basically saying if someone injects malicious code to our webserver they could get such control on our browser?
    Sounds like a VERY bad idea.

  4. Hello Elad,
    There is a very limited set of actions that can be performed through this API and there is a whitelist of elements which can be highlighted so the risk seems very low. Another mitigating factor is that the actions can only be taken from the selected tab when it’s on the whitelist. There is an upcoming security review for the feature where risk and potential vulnerabilities will be evaluated but I have yet to see any major issues.

  5. Just to iterate on what Matt has said:

    When we were first building this, I explicitly set out with the assumption that servers would one day be compromised with malicious intent.

    As such, we don’t allow any action that could potentially be used for malicious purposes by any random site on the internet . So even if is compromised, the most it can do is be slightly annoying and distracting. Then on top of that, we have a number of security checks, such as requiring the page to be served only over HTTPS from

  6. Will those techniques be released and documented in such a modular way, that it will be possible to integrate them into UIs of other apps programmed by oneself?

Comments are closed.