Firefox 26: Find out what is new

Later today, Mozilla will release an update that will bring the stable channel of the Firefox browser to version 26.

As with all stable updates before, we have taken a very close look at what is new and changed in the update, so that you can prepare yourself for it.

Firefox's other release channels, that is Beta, Aurora and Nightly, will also be updated in the next days and moved up a version. This means that Beta will hit Firefox 27, Aurora Firefox 28 and Nightly Firefox 29.

Especially the Nightly update is of importance, as it is likely the version that the new Australis interface will be launched in all versions of the browser.

Firefox 26 is already available on Mozilla's ftp server, and while you can head over to it to download it right now, it is not something that Mozilla encourages because if too many users do it, it puts too much strain on the server.

Plus, last minute updates can still force the organization to replace the version that it intended to release with a new one.

The better way is to use the internal update check to find out if the new version has been released officially. To do so tap on the Alt-key on your keyboard, and select Help > About Firefox from the context menu.firefox 26 review

Firefox 26 What’s New

Firefox 26 introduces several new features and changes to the Firefox web browser, of which some will affect a lot of users.

All plug-ins default to click-to-play except Flash

Update: Only Java defaults to click to play, all other plug-ins remain their status.

Mozilla announced back in September that it would default all plug-ins but the Adobe Flash plug-in to click-to-play in Firefox 26.

What this means is that plug-ins will not be loaded automatically when websites load, but only on user request. This improves the security of the connection significantly, as websites cannot exploit old plug-in code or vulnerabilities in the last version of a plug-in anymore.

It does mean however that users will face challenges when it comes to accessing legit sites that require plug-ins. Instead of being able to use them right away, they need to allow the sites to load plug-ins.

For visual elements such as videos, an activate box should appear on the location of the element on the page. Firefox indicates that a plug-in is required by displaying the activate link in the center of the element.

In addition to that, you also find the plug-in indicator at the top of the page near the address of the website.

activate plug-in

Clicking on the activate link has the same effect as clicking in the icon in the browser's main toolbar. Here you can select to allow the execution right now, or allow it and remember it for future sessions.

If you select the second option, it means that plug-in contents will be loaded automatically on the website from that moment on, so that you are not bothered anymore by the feature.

Tip: While all plug-ins default to Ask to Activate in Firefox 26 with the exception of Flash, it is possible to change that state in the plug-in manager. Do the following to do so:

  1. Load about:addons in the browser's address bar.
  2. Locate the plug-in that you want to change the activation state for, it should either read "Ask to Activate" or "Never Activate"
  3. Click on the menu and change it to the desired activation status. If you want it to load at all times automatically, select "Always Activate".

Password manager now supports script-generated password fields

The default password manager in Firefox did not support script-generated password fields until now. Basically, what users did experience was that while passwords could be remembered by the password manager, auto-fill did not work out because of the dynamic nature of the login form.

This issue has now been resolved, and Firefox should not have any issues anymore saving and filling out passwords if script-generated are used.

Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)

The update fixes issues where Firefox was installed for limited user accounts on Windows.  The main issue here was that Firefox could not be updated by the user of the account directly due to the limited rights of the account.

This meant that Firefox would not be updated until a system administrator would run the update, which in turn meant that the browser would be vulnerable to attacks targeting known vulnerabilities in the meantime.

The change allows updates to be performed if the Mozilla Maintenance Service is being used on the system.

Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed

This improves HTML5 video compatibility on Linux, as H.264 contents can now be played using HTML5 Video provided that gstreamer plug-ins are installed.

Previously, support for this was added to several Windows operating systems as well.

Mozilla cannot distribute the necessary codecs with Firefox, but decided to use them if they are installed on the host system Firefox is running on.

Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions

This is another one of those changes mentioned in the last paragraph. Native mp3 support has been added to Firefox running on Windows XP systems.

CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec

Mozilla implemented Content Security Policy (CSP) in Firefox 4. Back then, it was not based on W3C specification as there was none at the time.

Back in June 2013, CSP 1.0 was implemented in Firefox. The feature is used by webmasters to specify which domains are allowed to run scripts and styles on the web page a user is connecting to. It prevents cross-site scripting attacks among other things.

The update adds support for multiple policies to Firefox.

Other changes

When a standalone JPEG  image gets loaded in Firefox, the browser will now use EXIF orientation information to display its correct orientation.

The page loading times have been improved as Firefox is no longer decoding images that are not visible when they are downloaded. They are instead decoded when they become visible in the browser.

Developer changes

  •  Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality
  • There is no longer a prompt when websites use appcache
  • Support for the CSS image orientation property
  • New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
  • IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage

Other development related changes are:

  • Several changes to CSS properties, --moz-text-blink has been removed, support for the image-orientation property, or position: sticky among others.
  • Several changes to HTML elements, like HTMLInputElement.width and HTMLInputElement.height returning 0 now if the type is not an image.
  • New EcmaScript 6 features like support for Generators (yield).
  • Lots of changes to interfaces, APIs and DOM
  • The Inspector supports remote now.

Firefox 26 for Android

Firefox 26 for Android follows the same release schedule as the desktop version of Firefox.

  • about:home interface updated with top sites thumbnails, and ability to pin browser tabs to the Firefox homepage.
  • The built-in password manager supports script-generated password fields now.
  • Performance has been improved on some NVIDIA devices.
  • CSP now supports multiple policies.

Security updates / fixes

A total of 14 security related issues have been fixed in Firefox 26. Of those, five have received the highest rating critical, three the rating of high, three the rating of moderate, and the remaining three a rating of low.

MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Additional information / sources

facebooktwittergoogle_plusredditlinkedinmail


Responses to Firefox 26: Find out what is new

  1. nonqu December 10, 2013 at 9:07 am #

    If anyone doesn't like the click-to-whitelist approach (IMHO this defeats the purpose of CTP) you can install the Click to Play per-element extension https://addons.mozilla.org/en-US/firefox/addon/click-to-play-per-element/ to make Firefox behave like every other browser on the market.

    • exdues December 10, 2013 at 11:06 am #

      The extension "Click to Play per-element" is still "experimental" desptie overwhelming 5-star user reviews. Firefox 26 is good news I think for those who have slow PCs...

      • nonqu December 10, 2013 at 1:22 pm #

        The experimental status has nothing to do with the add-on actually working. There are hundreds of "reviewed" addons that do not work.

        By telling everyone that an add-on is experimental Mozilla simply says that they didn't check it for malicious code and you install and you take the risk upon yourself.

        From the FAQ:

        "Preliminary Review

        Preliminary reviews are appropriate for experimental add-ons and provide a way to get user testing and feedback without going through the longer, more thorough review process. We aim to complete these reviews in under 3 days.
        Testing Methods

        When performing a preliminary review, editors will review the source code for security issues and major policy violations, but will not install the add-on to test functionality in most cases. Preliminary review will be granted unless a security vulnerability or major policy violation is discovered."

        So if they decide the next step for this add-on is a preliminary review and then a full review.

        As for "We aim to complete these reviews in under 3 days." they have poor aim as many important add-ons have stayed unreviewed for months.

  2. Dwight Stegall December 10, 2013 at 12:14 pm #

    This Click To Play is nonsense. Everyone is going to click it anyway regardless of the warnings. So why not have a way to opt out of it for those that don't want it? They have forced me to watch videos in Chrome. But I'm sure they will have it soon too. I bet a lot of people will install version 24 and turn off updating.

    There's going to be a lot of ticked off users raising hell about this after they have clicked on this 50 times a day. Maybe someone will make an add-on that will turn this crap off.

    I wouldn't mind this if they had something to replace Flash with. But we both know that HTML 5 video isn't even close to being ready for prime time and 99% of video sites still use Flash. :(

    • nonqu December 10, 2013 at 1:14 pm #

      It doesn't affect Flash and you are able to turn it off for every other plug-in.

    • Neal December 11, 2013 at 8:12 am #

      Except Chrome already does what Firefox is now doing since forever. All third party plugins that is not Flash, are click to play by default in Chrome. It has been that way for a while too.

      Also Google is taking it even further in the next January, blocking all third party plugins by default. Then at the end of year stop even supporting them.

  3. Pierre December 10, 2013 at 4:06 pm #

    So sorry but I have just upgraded FF to 26.0 : no click-to-play by default in 26.0 : all plugins are in "always activate"

    • Martin Brinkmann December 10, 2013 at 4:35 pm #

      Now that is strange. Update: Mozilla has made a last minute change. Only the Java plug-in defaults to click to play.

      • Pierre December 10, 2013 at 4:53 pm #

        Yes that's right (i have just activated Java, I generally keep it desactivated).
        And Java deployment toolkit is "always desactivated"
        In Nightly (currently 29) there is "ask for activate" except for Flash player as announced

  4. December 10, 2013 at 6:05 pm #

    This is a useful article. Thank you always.
    I may be negative, but my conclusion is:

    a ) There is nothing really exciting or worthwhile in Firefox 26. ´罒`

    b) The Firefox team are running out of ideas, because there is an update every six weeks.

    c) The Linux H.264 was already available in Firefox 24. It was present, but it was turned off by default in Firefox 24. See:-
    http://www.ghacks.net/2013/0LC6/23/firefox-24-for-linux-gets-native-mp3-aac-and-h-264-support/

    d) As a Linux user I really wish Firefox will do something about the 'Flash' problems for Linux users. In case Windows users do not know, the Flash version for Linux is two years old. Firefox should concentrate on the 'Shumway' project instead of 'Australis'. 'Shumway' is already one year old and nothing seems to work well.⌒︻⌒

    Perhaps, other people disagree with me. Sorry, I cannot see that Firefox 26 is worth the trouble of updating to it and risking broken extensions.⁰︻⁰

    • Martin Brinkmann December 10, 2013 at 8:22 pm #

      It has not been mentioned, but it is likely that it is included.

  5. iMacMike December 10, 2013 at 10:05 pm #

    Still the slowest on my MBA, especially in Flash performance. On the plus side, Hover.ie is playable where it would hang in v25. Two hours of general browsing and v26 hasn't gone over 500Mb memory usage so Mozilla is doing something right. 2011 13" MBA, 4GB, Mavericks 10.9

    Peacekeeper: BrowserMark
    FF 25 2422 4500
    FF 26 2520 4673
    GC 31 3832 5353
    Saf 7 3575 6596

  6. Advanced Web User December 11, 2013 at 11:42 am #

    browser.download.useToolkitUI - not working anymore in FF26
    The icon that substitute the old Download Manager window is a bullshit!!!!!!

    • Not Happy December 12, 2013 at 4:49 pm #

      "browser.download.useToolkitUI - not working anymore in FF26
      The icon that substitute the old Download Manager window is a bullshit!!!!!!"

      This is a major problem, if this isn't fixed I will have to go back to 25. The new download manager is worse in every single way.

  7. PeterO December 12, 2013 at 2:02 pm #

    Yeah, good old download manager is definitely gone, replaced by super annoying arrow and new all in one manager (labels, bookmarks, history, download) is big and overcomplicated to just check for downloaded file...

  8. Gonzo December 12, 2013 at 8:23 pm #

    FWIW Palemoon also updated today and included all the security fixes released with FF 26.

  9. Franta December 13, 2013 at 4:21 pm #

    FUCK OFF Firefox 26 !!!

  10. Zanaboo December 13, 2013 at 8:47 pm #

    Since about 1-2 years now, each time Mozilla release a new Firefox version, either something which no one asked for has been added, making the program heavier and slower, OR something that people found useful has been removed.

    Imposing these changes without leaving an option for the user to decide whether he wants them, proves that Mozilla are no longer catering for their users' interests, just like Microsoft IE before them.

    I've been using Pale Moon for a while now and it's a good alternative for people used to Firefox, minus the excess garbage and Mozilla's unilateral decisions. Besides that critical aspect, it's for all practical purposes the same browser - except more versatile and friendlier to the user's personal preferences. I recommend it for people who, like myself, have grown sick and tired of Mozilla's bs.

  11. SickOfFirefox's SHIT December 14, 2013 at 6:07 am #

    FUCK!
    Why do developers ALWAYS fuck EVERYTHING up?
    I just want the old download manager window...is that really a fucking hard thing to just leave alone?
    Who's the fucking ass hole that DEMANDS that the download window be removed when you have the fucking option to turn it on or off.

    FUCKING dicks...I'm so fucking sick and tired of this total bull shit.

    Firefox...suck my dick!

  12. 高橋瞳 December 14, 2013 at 2:54 pm #

    It is just my opinion, but is it good to allow people to write immature profinities on this site. It is a professional site, which contains information for intelligent people.
    The comments from 'SickOfFirefox's SHIT' and 'Franta' seem to originate from children. ⁰︻⁰

    • Tom December 14, 2013 at 4:58 pm #

      Yeah, people are different, some are just whining or crying like a baby or swearing like a kid while other people try to find a solution or just keep calm knowing that the solution will be available soon. The latter is what usually happens with FF, it has been only 4 days since FF26 is released and there are a couple of good add-ons already avaliable to fix this problem.
      However it does not save from the fact that Mozilla keeps their most faithful userbase annoyed with each and every release since FF4 and the best annoyance in the form of Australis is still ahead.
      Sad, but it looks as if Google's support money had the desired effect on FF, afterall.

  13. 高橋瞳 December 14, 2013 at 10:12 pm #

    The history of browsers is rapidly changing. Since the internet began, browsers have come and gone.

    Sooner or later a new browser will be born, which can be customised as easily as Firefox. Next time it may not even be American or Western.

    History of mankind shows that 'the future always provides solutions' for the unhappy masses.

    At the moment, Firefox is the most easily customisable browser.

  14. Martha B December 14, 2013 at 10:57 pm #

    I've always loved Firefox and used it exclusively. Until the last update. No matter what I do, it refuses to accept my sign in to my email at Xfinity where I have always read my mail. It lets me sign in, then puts me in a loop when I try to access my mailbox. This is Not a Comcast/Xfinity glitch because I can access my mail just fine on my iPhone and my laptop (where I did not permit the update). I can get it just fine on Safari, Opera and Google Chrome.

    Is there a fix? I tried System Restore but that didn't work either.

  15. Tom December 15, 2013 at 12:48 am #

    Martha, results of a google search of your problem suggest that clearing the browser cache might solve your issue, which if the right solution, is definitely a problem at Comcast.

    • Martha B December 15, 2013 at 9:06 pm #

      Thanks, Tom. I appreciate the advice but, unfortunately, clearing cache does not help. I can access my Xfinity email fine on several other browsers as well as other devices that did not suffer the recent FF update. Can you tell me how to remove that update? I dislike using other mail programs like Thunderbird etc. and prefer to read from the site but if the FF thing can't be fixed I'll just have to use Chrome or Safari.

      • 高橋瞳 December 15, 2013 at 9:30 pm #

        To Martha B,
        A more general Firefox Forum may be more helpful to you, but let's try troubleshooting.

        a) Are you using any extensions which may block ads or analytical tracking cookies, beacons or widgets? I had a similar problem with a site, which had an 'ad analytical tracker'. I had to temporarily disable the Ghostery Extension.

        b) What are your privacy settings regarding cookies (Preferences→ Privacy)?

        c) Try starting Firefox in Safe Mode. (Preferences→ Help→ Restart with addons disabled). This temporarily disables all extensions.

        d) Have there been any recent updates on Virus Software, which may have caused your problem?

        If these tips do not work, try a google/yahoo search under 'Comcast/Xfinity login problem'. Incidentally, it seems to be aproblem for Chrome users also. Therefore, changing browsers may not be a solution.http://productforums.google.com/forum/#!topic/chrome/C1sH2dZGguA

      • Tom December 15, 2013 at 11:25 pm #

        Martha, to downgrade, simply download FF25 from Mozilla, install it and disable the auto update function. However, that's not the best solution since FF26 comes with security fixes as well so keep using an older version your system will be increasingly vulnerable.
        I'd rather google for 'firefox 26 xfinity' or 'firefox 26 xfinity problem' it comes up with several results with discussion of the problem. Still, in most of the results they conclude that clearing the cache and comcast related cookies is the right solution.

  16. FF(ail) December 17, 2013 at 2:13 am #

    Oh yeah, Firefox, the fine guys who leave major bugs unsolved for EIGHT years, and then get snappy about the users complaining.

    Go here for a quick laugh:
    https://bugzilla.mozilla.org/show_bug.cgi?id=341886

Leave a Reply

Subscribe without commenting