Firefox 23.0: Find out what is new
Another 42 days have passed which means that all versions of the Firefox web browser will be updated in the coming days. First to receive the update traditionally is the stable version of Firefox, which will jump from version 22 to Firefox 23 later today.
While it is almost set in stone that the update will happen today, last minute bugs may prevent that from happening after all.
The release is already on Mozilla's official ftp server and on many of the third party distribution servers to make sure that updates run for all users without issues or delays.
If you have automatic updates configured in Firefox, you will receive an update notification that lets you update to Firefox 23. You can alternatively download Firefox from the Mozilla website once it has been released, or, if you are adventurous, download it from the FTP server directly or third party download portals.
Firefox 23 What’s New
The final release notes get published when the browser update is made available publicly. This What's New article uses the beta release notes as a source, as it is the only available at the time of writing. I'll take a look at the final release notes of Firefox 23 once they get published to make sure nothing was missed.
Mixed Content Blocking
This is a new security feature in Firefox 23 that prevents man-in-the-middle attacks and eavesdropping when you are on (secure) https pages. Mixed Content refers to sites that use http and https resources. There are two types of mixed content, active and passive.
Mixed Active Contents are scripts and other dynamic resources, and Mixed Passive Contents are static resources like images.
Firefox 23 will block Mixed Active Content by default and allow Mixed Passive Content.
To change that behavior, do the following:
- Type about:config into the browser's address bar and hit the enter key.
- Search for security.mixed_content.block_display_content and double-click the preference name to set it to true.
- This blocks Mixed Passive Content in Firefox as well.
You can override the feature on a per-page basis by clicking on the icon in front of the website's address. Here you are informed that Firefox has blocked content that isn't secure. A menu at the bottom lets you disable the protection on the page so that blocked contents get loaded.
You can alternatively disable mixed content blocking completely. This is done in the advanced configuration.
- Type about:config into the browser's address bar and hit the enter key.
- Search for security.mixed_content.block_active_content and double-click the preference name to set its value to false.
- This disabled Mixed Active Content Blocking in Firefox.
Preferences removed
Mozilla has removed several preferences from the browser's options. The removed preferences are:
- Load images automatically.
- Enable JavaScript.
- Always show the tab bar.
These preferences have not only been removed from the options window, their values have also been reset to their defaults. If you run Firefox with JavaScript turned off by default, you will notice that it has been turned on again.
You can check out my detailed guide on how to disable JavaScript in new versions of Firefox. The controls have been removed from the UI, but not from the browser itself.
You can still disable JavaScript using about:config by setting javascript.enabled to false.
To change the default image loading behavior, search for permissions.default.image and set it to 1 to load all images, 2 to block all images, or 3 to block all third party images from loading.
As far as the tab bar preference goes, it has been removed completely from code so that the browser.tabs.autohide preference is no longer working in Firefox 23 or newer.
Search provider changes
Up until Firefox 22 Firefox users were able to select different search engines for the browser's address bar and the search bar. You could set the address bar search to use DuckDuckGo and the search bar Google or Bing for instance.
With Firefox 23 comes a unified search experience that removes this option. There is only one search provider in Firefox which will be used by the address bar and the search bar.
That's a problem if you want to use different providers to be flexible in your searches, and while it is possible to use keywords to run searches on different engines in the address bar, it means that you need to type more for the same effect.
You can revert the change by installing the add-on keyword.URL Hack! which adds the original functionality back to the Firefox web browser.
If you have never used keyword.url before, you need to add it as a preference before it becomes available.
- Type about:config in the address bar and hit enter.
- Confirm you will be careful.
- Right-click a blank space here and select New > String from the context menu.
- Name the preference keyword.URL.
- Set its value to the search engine that you want to use, e.g. https://duckduckgo.com/?q=
On the good side of things, if you switch to a new search provider it is automatically across the entire browser so that you do not need to modify multiple preferences anymore for that.
Content Security Policy 1.0
Mozilla has added support for CSP 1.0 to Firefox 23. The feature has been designed to prevent many cross-site scripting attacks from being carried out against users. To be effective, webmasters need to set a list of domains that they want JavaScript code to run from. Any other site that loads code, or inline code for that matter, is blocked from being run thus protecting users against code injection and other attack forms.
Improved about:memory interface
The about:memory page has been modified. First, it won't display data on load like it did before. You need to click on one of the buttons, e.g. measure or load, to display the browser's memory allocations.
Mozilla did remove url modifications on the page as well, so that you cannot use any url parameters anymore.
Missing plugin notification interface
When you visit a web page that relies on plugins, you may get a missing plugin indicator in Firefox's address bar. You can click on that for a prompt to install that missing plugin in the browser to access the contents.
This appears to work for popular plugins like Java, Adobe Flash, Quicktime or Shockwave at the time of writing.
Other changes
- The new Mac Os X 10.7 scrollbar style is now supported.
- The Firefox logo has been updated.
- DXVA2 has been enabled on Windows Vista and newer versions of Windows that aims to accelerate H.264 video decoding.
Developer changes
- Â The Web Console has been renamed to Console.
- A Network Panel has been added to the browser's Developer Tools. It offers additional details that the "net" view does not provide you with in the console.
- Toolbox options to disable or enable features like remote debugging or theme changes.
- The <blink> element is not supported anymore.
- The ability to add a sidebar panel has been dropped.
- Share button and panel added to the Social API. It adds one-click sharing functionality to Firefox.
Check out the additional information sources section below for additional developer-specific changes in Firefox 23.
Security updates
- MFSA 2013-75 Local Java applets may read contents of local file system
- MFSA 2013-74 Firefox full and stub installer DLL hijacking
- MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
- MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
- MFSA 2013-71 Further Privilege escalation through Mozilla Updater
- MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
- MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
- MFSA 2013-68 Document URI misrepresentation and masquerading
- MFSA 2013-67 Crash during WAV audio file decoding
- MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
- MFSA 2013-65 Buffer underflow when generating CRMF requests
- MFSA 2013-64 Use after free mutating DOM during SetBody
- MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Additional information / sources
- Add-on Compatibility for Firefox 23
- Firefox 23 for Developers
- Firefox 23 Release Notes
- Security Advisories for Firefox
Firefox 23.0.1 Update
Mozilla has updated the stable channel to version 23.0.1 today. The update fixes several issues in the application that crept up after the final was released.
It fixes H.264 playback issues under Windows Vista, WebRTC audio issues, the deactivation of Turn (Traversal Using Relays around NAT) and a issue that affected dictionaries with non-Ascii characters.
Advertisement
Btw. So much to Mozilla Arrogancy..
“And I totally understand that. Mozilla Chrome isn’t really the right term, since we will always be more customizable and free than Chrome is, but I respect your choice. Plus, Cyberfox is based on Firefox, and it’s only because we are so open that this can happen.”
http://infinite-josiah.blogspot.co.at/2013/07/the-state-of-thunderbird-team-and.html?showComment=1376751830230
@Orihn – I concur.
I can’t believe Mozilla is going to force Australis onto us like Microsoft did with metro to Windows 8.
Is Mozilla even aware of everyone’s disdain for this user interface lift.
Sad fact is so less people do know about Australis. Just make sure you tell everyone you know, write in boards, blogs and whatever else for places you visit. Spread the News!
It is nothing wrong in showing others what is awaiting on them. And no matter how hard Mozilla and some true believers think that “Mozilla Chrome” is the only right way, a lot of people will soon take away what they posess.. Their share of the Mozilla Firefox Marketshare.
We’ll all need add-ons for almost everything soon enough.
*sigh* I await the day when we finally get disqus.
So there’s no way to turn off that wasteful tab bar now? I’m running out of reasons to keep using Firefox.
As ususal there’s an addon to help: https://addons.mozilla.org/en-US/firefox/addon/hide-tab-bar-with-one-tab/
There should not be the need to replace everything with an add-on – Mozilla wants to recreate “the ultimate Chrome experience” in Firefox.
And that way Firefox loses it’s own identity, and the users are forced to install Add-ons which are again breaking when Version Updates are coming, or the developer decides that Firefox does not fit his/her needs anymore.
Core Features, about changing some parts of the Inferface SHOULD stay in the Browser and not put into addon devs hands.
And that is the reason why a Firefox with Australis, or better known as “Googlezilla Firechrome” or “Googlezilla Chromefox” will suck without ends!
Btw. i am using again Palemoon for a bit since it seems clear that the Dev of this Fork is not interested at all in creating a Mozilla Chrome!
So everyone who is not interested in “Mozilla’s personal version of Chrome” should give at least Palemoon or Cyberfox a try. No Australis, Full Customization without the need for replacing Core Feature after Core Feature with add-ons.
And btw. for all who do not know it, Full Themes are also inofficially on the Kill list because they are not Chrome enough! Hiding the Full Themes Section in the addon Mozilla Section costs Theme Devs many many downloads each month.
Mozilla knows that they can not easily get rid of full themes, so they do everything to get the download numbers that much down that they are able to come along with their “statistics trick” again – “Not much users are using that feature anyway, Killed!”
Just wait and see.
I really recommend switching Browsers, no matter if Palemoon, Cyberfox, Seamonkey or Browsers like Opera or Midori and Qupzilla!
Ken: Sure, but Mozilla should have made the users AWARE of these possibilities in case of these blatant feature removals or when complete redesigns happens like the one that comes with FF25. At least in a form of a blog post or something. It’s not a bad thing to admit that some changes made for the majority will not fit for some other people. Admitting this especially doesn’t hurt for a non-profit organization.
Let’s search for or encourage people to make alternatives and offer them in time. It’s been done before in case of Thunderbird when a popup dialog offered add-on alternatives for removed features. This will hugely reduce “bitchings” about that are very valid at the moment.
That’s right, and people need to remember the “As ususal” part when bitching about things, especially Firefox 25.
The reason why some posts are not being accepted is because this sites host (WordPress), has an auto spam, scam detector with a wide filter that looks for a broad range of wording styles it deems as spam/scam and auto deletes them. Sadly my style falls under that range and is often deleted. Personally I thought I was being singled out and targeted. Martin filled me in on this hosts auto filters.
I know exactly what you mean, that certainly seems like the path we’re heading toward,
simply because we keep passively accepting this plutocratic garbage.
A part of me can’t believe what is going on in the world today, we’ve been fed way too much ########.
If we don’t stand-up against this thing, we’re not going to have much of a future to look forward to.
@ Ken Saunders – Fantastic, this add-on seem much better, copying all the time is hassle.
Thanks for this, I’ll certainly give it a try.
mixed content thingy is ON by default on upgrading
…oh goodie the auto deleter on the host site deleted my reply rant again… I’m soo delighted..
You could get an add-on called ‘clipple’, it extends your clipboard beyond the default single clip.
All you have to do is copy your the comment before you post it
then if you notice that it has been removed you can use clipple to re-post the text
you had previously copied.
note: clipple can hold as much as 40 clips [ 40 – ctrl + c or rightclick > copy ].
If you make copying your comments a habbit then you’ll never loose a comment again!
It’s add-ons like this that makes Firefox the multitool among browsers
you can do almost anything with it.
Thank-you, I’ll give it a try as in the past I used stickies, and various notepad add-ons, but sadly when I went from FF 3 to 4 the specific one I liked using stopped working and thus all my saved notes were lost. I have yet to find one that I like that doesn’t open in a new tab, set width, can be blocked by Ghostery, or NoScript, have way too many functions, have way too many menus and sub-menus to get to the save menu etc…
As for the forced upgrades each time we use FF, there used to be a way to add a line to the Windows Host file to re-route the Firefox updater to loop back on itself so it would only upgrade when you wanted it to. But alas that capability went out after FF6 was released and though I love FF, I feel each upgrade only drags us along for the ride, and forcing us to take whatever crap they think we need.
The same reason why we can add add-ons, they should leave well alone and not force us to take stuff because they said so. I might go back to MSIE as it seems faster now that the new FF practically pre-screens every site link we use thus slowing down overall surfing. I would move to Chrome again if I could figure out why it stopped working a few months back… *sigh*
Text Area Cache is very good, probably the best
I’d like to add… with, “security.mixed_content.block_display_content”, turned on, it will block embedded images in e-mail, which can be annoying so I turned it off. =P
That’s precisely why it is off by default ;)
No, on upgrading to v23, it change that switches default position to, “ON”, but it’s now a few hours later and now I’m beginning to realize even with it OFF, a lot of my sites no longer work properly. Even Adblocker Plus and Ghostery don’t quite work the way they’re suppose to and even Grease Monkey scripts all seem buggy.
Nothing seems to work the way it’s suppose to work and even sites we have a history of using in the past including 128/256b encrypted sites (banking) don’t work properly. WTF have they done now. I’m getting fed up with this Apple mentality they seem to be adapting… we aren’t sheep out to slaughter.
I have enabled “automatic update” for FF, but Help:About still shows that I’m on v. 22 and “up to date.”
Is there any reason to wait, or not to update to v. 23 from the Mozilla site?
I would download the new version manually and update this way.
So far so good for me. Australis is the disaster to come.
Click to play no longer work on this version.
Mozilla has changed the way this is handled. I have published a guide that explains it all: https://www.ghacks.net/2013/08/07/how-to-get-click-to-play-working-in-firefox-23-or-newer/
I personally don’t think the removal of multiple search options as a standard feature is such big deal, there are multiple add-ons that could supplement this feature (I use the ‘add to search bar’ add-on, which adds any search element on a webpage as a custom search option, don’t add Google though – bad mojo).
Ah man, they’re doing this because we’re all collectively getting dumber!
If an ‘inexperienced’ user who wants such functionality in their browser then they can simply search it up on the net (of course, this premise would be under the assumption that they have enough brains to think of searching for a solution in the first place which seems to be an ever lacking attribute in the human species).
One step closer to Australis ~ ♪ ohh, if you tolerate this then your children will be next ♫
your (grand)children will have chips in brains . At wake-up=start-up clearing individual temporary memory + load remotedly default advised(with no alternatives=obligatory) current personalized Smart-Face-Dial interface
it will be accepted just like cellulars today, because implementation will be done gradually .
I dunno, but I updated to FF 23 and so far I like it. I especially like the blocked content shield that is located in the far left corner of the address bar when FF comes across what it thinks is insecure content. Once you click on the icon a drop down menu opens, and you can unblock what FF has blocked if you know it’s a safe site. So far no issues what so ever….
Thank you for your prompt response, Martin.
Yes, I used the customize toolbar again and now deliberately removed the bookmark icon, restarted The Fox, used the customize toolbar again to bring the icon up and to the right and now everything works as before. Thank you very much, Martin. (I was already wading through about:config.)
Great that I could be of help, somewhat ;)
there goes the ‘experience’.
Great, with the update my bookmark icon was gone and after I brought it back from the Customize Toolbar, it now shows my bookmarks on the left and also in an unpleasant way. (Still looks from the menu bar.) Any help on that would be appreciated. Thank you.
there are two bookmark icons in my customize window. one displays a drop down and the other displays bookmarks on the left
Can you make a screenshot of that? Can’t you just drag and drop the icon to the right when you use the customize toolbar option again?
So they removed the tab bar option. Does that mean the tab bar is always automatically hidden when only one tab is open? I’ve always found that behavior very irritating.
Does Mozilla have some sort of hidden motivation to reduce their market share? The trend they’re on with FF makes me wonder. They seem to be reading the same book as MS with Win8 and Surface.
No, it is always visible.
I really like the updated version of Firefox ..its performance has been improved very much .Thanks for sharing with us the update .
-Pramod
Regarding HTTPS security :
BREACH Compression Attack Steals HTTPS Response Secrets in under 30 seconds
A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security.
The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes….
..“We are currently unaware of a practical solution to this problem,†said the CERT advisory..
http://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579?utm_source=Newsletter_080513&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
http://www.kb.cert.org/vuls/id/987798
Every new version of FF is making me like this browser less and less. I understand technological improvements but why did Mozilla have to remove the ability to easily use multiple search providers? What exactly was bothering the developers in this feature?
I totally agree with you.I mean in the new 29 version it fills the hole screen so you can’t even see the windows start bar.Thats why i went back to version 24,only to find out,there is not back and forward buttons,and nothing that can be activated from options relating to it.Thats why i will go back to the 23.The first version was so nice and easy to use,but now they do it like the cars,more “easy to use” (for some mentally impared people) but more complicated …
“why did Mozilla have to remove the ability to easily use multiple search providers”
They didn’t. I believe that you’ve misread something.
They won’t.
It would mean the end of OpenSearch plugins, Mycroft Project, site specific search plugins, it would destroy smaller search providers, and end a revenue stream for Mozilla.
They’ll be an a combined Omnibar type implementation, but you’ll still be able to use different providers.
They haven’t yet.
The only hope for our mental sanity is using actively-developed Firefox forks (i.e. Palemoon). ;-D
It all comes down to making things easier for the “inexperienced”.
…it’s surprising in this day and age there still are, “inexperienced”, users. But its this type of thinking that makes the rest of us suffer with simplicity to the point of stupidity.