Firefox

Firefox 150.0.1 is out with a Facebook fix and security patches

Posted on by Martin Brinkmann

Mozilla released point updates for its open source Firefox web browser yesterday evening. The updates are available for all three supported stable versions of the browser:

  • Firefox 150.0.1
  • Firefox 140.10.1 ESR
  • Firefox 115.35.1 ESR

However, only the main stable release, Firefox 150.0.1 is getting bug fixes and security patches. The two extended support release versions do get the security fixes only.

Here are the fixed security issues:

  • CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component
  • CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1
  • CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
  • CVE-2026-7324: Memory safety bugs fixed in Firefox 150.0.1

The changes in Firefox 150.0.1

Mozilla lists five non-security fixes and a change in the official release notes:

  • Fixed issues accessing Facebook and other unnamed websites on systems with Bitdefender security software installed.
  • Fixed an issue where a geolocation permission prompt would be shown again on a second attempt.
  • Fixed an issue that prevented tabs to be added to older saved tab groups.
  • Fixed a drop-down menu display issue that had them show all list items at once.
  • Fixed a zooming issue on macOS and Windows that caused some borders and outlines on some page elements to disappear.

The change affects Firefox indirectly only. Mozilla increased the email masks limit of its Relay service to 50 for free users. The previous limit was five.

The new versions are available already. Most non-managed systems should get the updates automatically, but you can speed up the installation by selecting Menu > Help > About Firefox.

About Brave Browser’s Shred Button on Android

Posted on by Martin Brinkmann

Back in late 2024, Brave introduced a Shred button for its mobile browser on iOS. Now, that same function is finally coming to Android as part of the Brave 1.89 release.

What does Shred do? Shred is a privacy feature that deletes site data that could be used to identify users across visits.

The main idea is to visit a site and, before you leave, hit the shred button to remove potentially identifiable information. It is designed to remove stored data from a single website.

Brave describes it in a new post on its website:

Shred lets you instantly erase any data a site stores on your device. Shred on Android offers the same easy and site-specific data erasure as Shred on iOS. This means you can instantly wipe one website’s stored data without being forcibly logged out of all websites, eliminating the need for complex site-by-site exceptions. This sets Shred apart from similar features in other privacy-focused browsers.

But the manual option is not the only one available. You can also set up shred to automatically delete data on specific websites. Have a site that you visit frequently but want to know as little as possible about you and your activity? The Auto Shred may be the option for you then.

Brave highlights that Shred has other applications, other than protecting against tracking. For instance, it may help with visits to sites that limit access to content artificially for a period, like three free articles per week or month.

Here is how you use the new Shred feature:

  • Open the main menu of the browser and pick Shred site data.
  • Open the tab switcher and tap on the Shred icon.
  • Open the Shields icon and select the Shred option.

To configure auto-shredding, do the following:

  1. Open the Shields icon on the site that you want to configure Auto Shred for.
  2. Select Advanced Controls > Shred site’s data.
  3. Tap on Auto Shred and set it to “site tab closed” or “app close”.

Brave will then shred the site automatically when you close it or when you close the browser.

Last but not least, you can also configure the behavior for all sites.

  1. Open the Settings.
  2. Go to Brave Shields & privacy.
  3. Tap on Auto Shred.

There you get the same two options (tab close or app close).

Amazon ends sideloading on new Fire TV sticks

Posted on by Martin Brinkmann

Amazon Fire TV sticks are one option for users who want to use a streaming device instead of the “smart” capabilities of the television itself. Up until now, Amazon supported installing apps from its official store and also as APK files from the Internet, since it was based on Android.

This meant that you could install a third-party YouTube client or any other app on the device and use it as if you’d be using it on a mobile or tablet.

This changed recently with the release of the newest Fire TV Stick HD and Fire TV 4K Select, which do not support sideloading anymore.

Amazon confirms this on the product page. When you ask the AI whether the new Fire TV stick supports sideloading, it repllies:

For enhanced security, Fire TV Stick HD prevents sideloading or installing apps from unknown sources. Only apps from the Amazon Appstore are available for download.

Means, if an app is not listed on the Amazon Appstore, then you can’t install it. Amazon claims that the change is all about security. This may sound logical on first glance: sideloaded apps are not vetted and they may introduce malware or other unwanted behavior.

However, this is also removing choice from customers. Even if you know what you are doing, you can’t install apps anymore that are not offered at the official Amazon Store. This removes choice and makes the coming Fire TV sticks a bad deal for anyone who’d even consider sideloading apps.

Amazon Fire TV alternatives

If sideloading third-party apps, custom launchers, or ad-free YouTube clients is a dealbreaker for you, you need to migrate to a device running Google TV or Android TV. These operating systems are still open, allow you to enable “Developer Options,” and let you install whatever you want.

Here are options that still work:

  • Google TV Streamer 4K
  • NVIDIA Shield TV Pro
  • Xiaomi Mi TV Stick 4K or MECOOL

Other popular brands, including Apple or Roku, do not support sideloading.

Firefox

How to enable Firefox’s secret ad-blocker

Posted on by Martin Brinkmann

For years, I asked myself why Mozilla did not add a good content blocker to Firefox. It would be a great fit. An organization that values privacy, an open source browser that blocks most tracking out of the box.

However, for Mozilla, integrating a content blocker would also mean torpedoing its main revenue stream coming from Google.

Mozilla never made the step and others, including Brave, led by Mozilla’s ex-CEO, stepped in to fill that gap.

This changed recently

Mozilla did integrate Brave’s Rust-based adblock engine into its Firefox browser. More precisely, it is part of Firefox 149 and Mozilla describes it as a prototype rich content blocking feature.

It is not yet available as an option in the user-facing interface, let alone as something similar to the Shield feature of Brave. Still, users who run Firefox 149 can enable the content blocker and make use of it right away for testing.

Here is how that works:

  1. Load about:config in the Firefox address bar.
  2. Search for privacy.trackingprotection.content.protection.enabled
  3. Set the value to True with a click on the toggle on its right.
  4. Search for privacy.trackingprotection.content.protection.test_list_urls.
  5. Paste https://easylist.to/easylist/easylist.txt|https://easylist.to/easylist/easyprivacy.txt as the value.
  6. Restart Firefox

This enables two EasyLists, but you can add any other list that uses the same format. Separate lists with the character |.

Clearly, this is done for testing purposes. Mozilla would very likely add controls to the preferences or another user facing interface to make this easier to configure and use.

For now, it is a work in progress implementation, but one that shows that Mozilla could finally integrate what many users of its browser have wanted (or did not know they wanted) for a long time.

Mozilla fixed 271 vulnerabilities in Firefox 150 thanks to AI

Posted on by Martin Brinkmann

When Mozilla released Firefox 150 earlier this week, it revealed that it had fixed what looked like the usual number of security issues in the browser. However, what Mozilla did not tell at the time was that it had fixed a significant number of vulnerabilities.

A post on the official Mozilla blog reveals that engineers fixed 271 vulnerabilities in total, a significant number. However, this time, Mozilla’s engineers did not hunt for vulnerabilities using traditional means. Instead, the company used Anthropic’s Mythos AI to do so.

Mozilla writes:

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

So, what is Claude Mythos?

Claude Mythos is a powerful, unreleased frontier AI model developed by Anthropic. Announced in April 2026, it is famous—and highly controversial—for its unprecedented capabilities in cybersecurity, specifically its ability to autonomously hunt down and exploit software vulnerabilities.

This is not the first time that Mozilla used an AI from Anthropic for that purpose. Back in February 2026, it used Claude and discovered 22 “security-sensitive bugs”.

Mozilla says that this is great news for software developers and what it calls defenders, legitimate developers who need to secure their applications against a constant barrage of threats.

While the use of AI continues to be controversial, it is usually ethical and privacy concerns that are raised. Good uses for AI, like using it to discover vulnerabilities before the bad guys find them, is probably something that most might not find nearly as problematic.

I would not go as far and say that the days of the 0-day threats are numbered, as Mozilla does, but it looks as if it can help. Still, threat actors could also leverage AI tools for finding vulnerabilities.

Brave Origin is a stripped-down version of the browser that you need to buy

Posted on by Martin Brinkmann

When it comes to browsers, most Internet users expect them to be free. Many times, this means that the developer has found other means of generating revenue to keep the business running. This can mean selling default search engine slots, putting sponsored icons on the new tab page, or using user data for all kinds of things.

Paid browsers are rare and most of the time, they do not seem to work overly well. However, the idea of introducing a free and paid version of a browser is something that Internet users know from other apps and services.

So, Brave Software, maker of the Brave Browser, has introduced Brave Origin. This is a “minimalist version” of the browser that cuts all revenue-generating features and can be purchased by making a one-time payment. There is one exception to that: a Linux version of Brave Origin is available for free.

The features that Brave Origin does not support:

  • Leo
  • News
  • Playlist (currently iOS only)
  • Rewards (which also disables browser-based Brave Ads)
  • Speedreader
  • Stats like the daily usage ping, crash logs, and privacy-preserving product analytics (P3A)
  • Talk
  • Tor
  • VPN
  • Wallet (which also disables Web3 domains)
  • Wayback Machine
  • Web Discovery Project

Some of these were discussed controversially in the past, but others including Tor or the Wayback Machine, not so much.

Note: Brave Origin is available as a standalone deskop app or an upgrade. On mobile, the browser is only available as an upgrade. In other words, you can replace Brave with Brave Origin on all supported systems, but install it next to Brave only on desktop systems.

Once you have downloaded and installed the Brave Origin browser, you need to purchase it, unless you opted-in to use the free version on Linux. The price at the time of writing is $60.

Brave says that this is a one-time purchase that is good for up to 10 activations per license across devices.

Closing Words

Launching a paid version is an interesting approach to diversifying revenue. Users can support development of the browser by making this purchase and may also get some of the features removed from it that they do not use or find problematic. At its core, it is still Brave browser, built on Chromium, with a good integrated content blocker.

It probably won’t convince most critics of the browser, or its founder, but it is still an interesting experiment to look at, as it could be an option for other organizations as well.

Copilot key laptops

Microsoft confirms yet another BitLocker Recovery Screen issue in Windows 11

Posted on by Martin Brinkmann

Another one? That could be the reaction of veteran Windows users who read the headline. Microsoft confirmed another BitLocker related issue in Windows 11. This one may be caused by installing the most recent cumulative update for the operating system.

In the Known issues section of the update, Microsoft confirms that devices might boot into the BitLocker Recovery screen and not the desktop.

According to the description, the issue is caused by an “unrecommended BitLocker Group Policy configuration”. Only a “limited number of systems” are affected according to Microsoft. The company says that the issue affects only systems for which all of the following conditions are true:

  • BitLocker is enabled on the OS drive.
  • The Group Policy “Configure TPM platform validation profile for native UEFI firmware configurations” is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually).
  • System Information (msinfo32.exe) reports Secure Boot State PCR7 Binding as “Not Possible”.
  • The Windows UEFI CA 2023 certificate is present in the device’s Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default.
  • The device is not already running the 2023-signed Windows Boot Manager.

Devices that meet the conditions may boot into recovery mode after installing the KB508376 for Windows 11, versions 24H2 or 25H2.

A workaround is available to remove the Group Policy configuration before installing the update.

  1. Open Group Policy Editor (gpedit.msc) or your Group Policy Management Console.
  2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. Set “Configure TPM platform validation profile for native UEFI firmware configurations” to “Not Configured“.
  4. Run the following command on affected devices to propagate the policy change: gpupdate /force
  5. Run the following command to suspend BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -disable C: 
  6. Run the following command to resume BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -enable C: 
  7. ​​​​​​​This updates the BitLocker bindings to use the Windows-selected default PCR profile.

Microsoft plans to release a permanent fix in the future to address this. Windows users who use a Microsoft Account can look up the recovery key for BitLocker online.

WhatsApp Plus launches: would you pay for these features?

Posted on by Martin Brinkmann

The writing was on the wall for some time. Meta-owned WhatsApp is rolling out a paid subscription service called WhatsApp Plus to a first batch of users of the messaging app.

For a price of 2.50 Euro per month (roughly 2.94 US Dollar), the price is not know for all regions), users get a range of extra features. WhatsApp reassures users that all core features remain free.

So, what do Plus users get? WABetaInfo has created a detailed post about the features that subscribers do get currently.

  • Send premium stickers – exclusive stickers that recipients also see, but can’t use.
  • Change your app’s theme – get 18 new colors options.
  • Choose a custom app icon – change the default icon of the app.
  • Pin extra chats – pin up to 20 chats.
  • Get premium ringtones – ten exclusive ringtones.
  • Upgrade your chat lists – enables options to update chats in bulk.

Interestingly enough, this does not change anything else. No removal of ads or improved usability features, which is often part of such a deal.

Related post: WhatsApp is rolling out long-overdue username privacy feature

The main question is, how many users of WhatsApp will find this selection of exclusive features worth the price? Will be interesting to see how this evolves over time. Maybe Meta is planning to take a cue from Google’s playback by moving some features into the paid plan or introducing an ad-free experience.

Google App for Desktop is now available and it is all about AI

Posted on by Martin Brinkmann

Interact with AI right from the desktop. That is the main idea of Microsoft’s integration of Copilot in Windows and now also of the new Google App for Desktop.

Google released the app officially for Windows; other desktop systems are not supported right now. It is only available in English and works under Windows 10 and Windows 11. The app’s main slogan is “Ask anything with the
Google app for desktop” and that is exactly what you get: direct access to the Gemini AI from the desktop.

Once installed, you may bring up the Gemini prompt with the shortcut Alt-Space. Clearly, this requires an active Internet connection as all the processing happens remotely on Google servers.

You may wonder why you’d consider using the app when all the AIs are just a browser-click away on the World Wide Web. Google has added screen sharing and Lens into the app. This means you can share part of the screen or the entire screen with the AI.

While that is also possible online, by taking a screenshot first, it is more convenient this way. The built-in search feature covers local files and files on Google Drive, according to the description. Google claims that the index that it uses for file searches is stored locally and not on Google servers.

The battle for desktop supremacy

Google is invading Microsoft’s “turf” with the release of Google’s new desktop tool. Up until now, Microsoft had little competition for its Copilot AI that it added to the operating system.

Both AI tools have several things in common, but there are also differences.

The Similarities

  • AI access: Generative AI that supports conversations, follow-ups and some extra features, like summarizing documents or drafting emails.
  • Keyboard-Shortcut: The Google App maps to the Alt + Space shortcut, while Windows Copilot may be summoned via Windows Key + C or the dedicated hardware Copilot key on newer keyboards. However, starting with Windows 11 version 24H2, Microsoft allows users to map the Copilot key to other applications.
  • Screen-Access: Both AI tools can get access to the desktop.
  • Unified Search: Both offer local and Internet search capabilities, especially for cloud-storage files.
  • Access: While Copilot used to be integrated deeply into Windows, it is now a standalone app just like Google’s app. This means that both apps can’t make changes to the system anymore.

The Differences

  • AI Models: Copilot or Gemini, that is the main difference between the two services.
  • Ecosystem: This one is obvious. The AIs are tied heavily to the Google or Microsoft ecosystem. For example, Google’s App can access Google Drive content while Microsoft’s app integrates with OneDrive and Microsoft 365.
  • Installation: Microsoft Copilot is built directly into Windows 11. Google’s app needs to be installed.

Closing Words

Google is making an offer to Windows users: here is our AI app, which you may use instead of Copilot. Users who already use Gemini may find that offer attractive enough to give it a try.

Windows users who prefer Copilot will stick to the AI, especially if Microsoft is introducing new useful functionality that Google can’t replicate with its desktop app.

As for those who do not use AI, they won’t use the Google App anyway. Since it is a manual install, there are no precautions to take.

Windows 11 Context Menu Manager: remove items with a click

Posted on by Martin Brinkmann

When Microsoft introduced the two-tier context menu of Windows 11 it claimed that one reason for the change was to streamline the context menu of the operating system. This did not turn out too well, considering that users juggle between the new and the classic menu regularly since the release of Windows 11.

Apps may still add entries to the Windows context menu and since there is no central editor to manage all entries, it is either done through the app itself — if it offers such an option — or the Registry Editor.

Windows 11 Context Menu Manager is a free open source tool that offers another option. It focuses on items added by apps and not the Microsoft entries.

When you launch it, you see all context menu items in a list. The default scenario is to remove them for the user. You can also remove them machine-wide, but that requires running the app with elevated rights.

Each entry is listed with its name and some information. To be honest, this is not super useful, but it becomes useful when you expand the entry. There, you find information about file types.

To give you one example. The program listed two entries for Adobe Acrobat Reader. One was for PDF files, the other for any other file type that Acrobat Reader supported.

Even this advanced view is limited. The seven OneDrive entries did not reveal any information about their purpose when I expanded them. They were labeled command0, command1 and so on, and listed a wildcard under file and no directory.

With that in mind, you get an option to toggle the items off or on again. Other actions become available when you expand an item. There you find options to uninstall, open the file location, the settings of the app, or the Microsoft Store.

With those caveats, it is still a handy tool to hide certain items from the Windows 11 context menu, especially if the app does not provide options to do so in its preferences. (via Deskmodder)