Mozilla warns Chrome, Firefox ‘100’ user agents may break sites

Topic

New Reply

https://www.bleepingcomputer.com/news/software/mozilla-warns-chrome-firefox-100-user-agents-may-break-sites/

(may break sites ? People reading this may assume Internet sites will crash)

Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers.

A user-agent is a string used by a web browser that includes information about the software, such as the browser name, its version number, and the various technologies it uses…

Note, if you have the Firefox ‘privacy.resistFingerprinting’ setting set to ‘True,’ your user-agent will be locked to ‘Firefox/78.0.’

Mozilla warns of version 100 user-agent strings:

In August 2021, Mozilla launched an experiment to see if the three-digit ‘Firefox/100’ user-agent string would cause problems with websites. Google soon followed with their own experiment for Chrome 100.

In both experiments, Mozilla and Google found a small number of websites that would not operate correctly when parsing a user-agent string that contained a three-digit version number…

Reply | Quote

Replies

? says:

great, and than you Alex. i do have the resistfingerprinting set to true. i just added

google.com##iframe[src^=”https://ogs.google.”%5D%5Bsrc*=”/widget/callout?prid=”%5D

to Ublock my filters list to get rid of another annoying pop up on the google homepage. keep up the good work…

Reply | Quote

Will using a VPN with an integrated user-agent differ from a browser extension user-agent?

Windows - commercial by definition and now function...

Reply | Quote

Microfix : you can check here : https://ipleak.net/
Run once with VPN, and compare to no-VPN.

Reply | Quote

? says:

thank you, Microfix. the google popup block code came from ghacks,

https://www.ghacks.net/2021/08/31/hide-google-recommends-using-chrome-advertisement-on-google-websites/

more waste-of-time-whack-a-mole, now i’m getting an advert for googalicious “Dark Mode”…

Reply | Quote

This sounds like a nudge to change to Firefox ESR – I’m on 91.6.0 – and to stay there until this is no longer a problem.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

If I understand correctly having privacy.resistFingerprinting set to true has Firefox not open to full screen.  Therefore I changed it to false awhile ago.  Last night I downloaded FirefoxESR (not Firefox Portable) in case I need it in case of regular Firefox 100 problems.  Does this sound like a good plan?

Does anyone else have both regular and FirefoxESR installed?

Also, is it necessary to go into about:config in FirefoxESR to make all the security values changes that I have in regular Firefox?  Or is ESR safe from the getgo?

Sorry for my ignorance.  Any replies appreciated!

 

Reply | Quote

This only matters if sites are using the bad practice of useragent sniffing and if the script is poorly written. The eventuality of a three-digit version number for Chrome and its copycat (Firefox) is something that the script authors would have seen coming for years.

This warning is more a job for website owners… they need to fix the defective scripts before they start getting complaints from users.

From the user end, I would say it’s not likely you will find a site that malfunctions just because of this. You’d be more likely to find a site that doesn’t work because you are using Firefox, which is down to under 5% market share, and is not worth the time for some web developers to bother with.

If you do have trouble, though, you can just spoof the useragent and tell the site you’re using something else. Since the problem is in the useragent string, just change it to something that works. There are plenty of addons that make doing this simple, for Firefox and Chromium derivatives. I use one called “User-agent switcher and manager” on Firefox.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Lars220

Reply | Quote

Thank you Ascaris for your detailed and explanatory reply.  You have put my mind to rest.  Actually, from fideling around with FirefoxESR I found it too awkward to have my Brave browser and two Firefox browsers.  I deleted the Firefox ESR.  If I ever change my mind I can download it again.  I have written down “User-agent switcher and manager” for future reference if needed.

I agree with your assessment of Firefox in general as a browser.  I’m sick and tired of all the about:config tweeks that an average user like myself has to go through to satisfy oneself that all security permutations have been performed.  May I ask what browser(s) you use/recommend?  I stopped using Google chrome when all the reports of spying came out but I know it is still the most popular.

Thanks again for replying!

1 user thanked author for this post.

Lars220

Reply | Quote