Firefox 23.0: Find out what is new - gHacks Tech News

Firefox 23.0: Find out what is new

Another 42 days have passed which means that all versions of the Firefox web browser will be updated in the coming days. First to receive the update traditionally is the stable version of Firefox, which will jump from version 22 to Firefox 23 later today.

While it is almost set in stone that the update will happen today, last minute bugs may prevent that from happening after all.

The release is already on Mozilla's official ftp server and on many of the third party distribution servers to make sure that updates run for all users without issues or delays.

If you have automatic updates configured in Firefox, you will receive an update notification that lets you update to Firefox 23. You can alternatively download Firefox from the Mozilla website once it has been released, or, if you are adventurous, download it from the FTP server directly or third party download portals.

Firefox 23 What’s New

The final release notes get published when the browser update is made available publicly. This What's New article uses the beta release notes as a source, as it is the only available at the time of writing. I'll take a look at the final release notes of Firefox 23 once they get published to make sure nothing was missed.

Mixed Content Blocking

This is a new security feature in Firefox 23 that prevents man-in-the-middle attacks and eavesdropping when you are on (secure) https pages. Mixed Content refers to sites that use http and https resources. There are two types of mixed content, active and passive.

Mixed Active Contents are scripts and other dynamic resources, and Mixed Passive Contents are static resources like images.

Firefox 23 will block Mixed Active Content by default and allow Mixed Passive Content.

To change that behavior, do the following:

  1. Type about:config into the browser's address bar and hit the enter key.
  2. Search for security.mixed_content.block_display_content and double-click the preference name to set it to true.
  3. This blocks Mixed Passive Content in Firefox as well.

firefox mixed content blocking

You can override the feature on a per-page basis by clicking on the icon in front of the website's address. Here you are informed that Firefox has blocked content that isn't secure. A menu at the bottom lets you disable the protection on the page so that blocked contents get loaded.

firefox disable mixed content protection

You can alternatively disable mixed content blocking completely. This is done in the advanced configuration.

  1. Type about:config into the browser's address bar and hit the enter key.
  2. Search for security.mixed_content.block_active_content and double-click the preference name to set its value to false.
  3. This disabled Mixed Active Content Blocking in Firefox.

Preferences removed

Mozilla has removed several preferences from the browser's options. The removed preferences are:

  • Load images automatically.
  • Enable JavaScript.
  • Always show the tab bar.

These preferences have not only been removed from the options window, their values have also been reset to their defaults. If you run Firefox with JavaScript turned off by default, you will notice that it has been turned on again.

You can check out my detailed guide on how to disable JavaScript in new versions of Firefox. The controls have been removed from the UI, but not from the browser itself.

You can still disable JavaScript using about:config by setting javascript.enabled to false.

To change the default image loading behavior, search for permissions.default.image and set it to 1 to load all images, 2 to block all images, or 3 to block all third party images from loading.

As far as the tab bar preference goes, it has been removed completely from code so that the browser.tabs.autohide preference is no longer working in Firefox 23 or newer.

Search provider changes

Up until Firefox 22 Firefox users were able to select different search engines for the browser's address bar and the search bar. You could set the address bar search to use DuckDuckGo and the search bar Google or Bing for instance.

With Firefox 23 comes a unified search experience that removes this option. There is only one search provider in Firefox which will be used by the address bar and the search bar.

That's a problem if you want to use different providers to be flexible in your searches, and while it is possible to use keywords to run searches on different engines in the address bar, it means that you need to type more for the same effect.

You can revert the change by installing the add-on keyword.URL Hack! which adds the original functionality back to the Firefox web browser.

If you have never used keyword.url before, you need to add it as a preference before it becomes available.

  1. Type about:config in the address bar and hit enter.
  2. Confirm you will be careful.
  3. Right-click a blank space here and select New > String from the context menu.
  4. Name the preference keyword.URL.
  5. Set its value to the search engine that you want to use, e.g. https://duckduckgo.com/?q=

On the good side of things, if you switch to a new search provider it is automatically across the entire browser so that you do not need to modify multiple preferences anymore for that.

Content Security Policy 1.0

Mozilla has added support for CSP 1.0 to Firefox 23. The feature has been designed to prevent many cross-site scripting attacks from being carried out against users. To be effective, webmasters need to set a list of domains that they want JavaScript code to run from. Any other site that loads code, or inline code for that matter, is blocked from being run thus protecting users against code injection and other attack forms.

Improved about:memory interface

firefox about:memory

The about:memory page has been modified. First, it won't display data on load like it did before. You need to click on one of the buttons, e.g. measure or load, to display the browser's memory allocations.

Mozilla did remove url modifications on the page as well, so that you cannot use any url parameters anymore.

Missing plugin notification interface

missing plugins firefox

When you visit a web page that relies on plugins, you may get a missing plugin indicator in Firefox's address bar. You can click on that for a prompt to install that missing plugin in the browser to access the contents.

This appears to work for popular plugins like Java, Adobe Flash, Quicktime or Shockwave at the time of writing.

Other changes

  • The new Mac Os X 10.7 scrollbar style is now supported.
  • The Firefox logo has been updated.
  • DXVA2 has been enabled on Windows Vista and newer versions of Windows that aims to accelerate H.264 video decoding.

Developer changes

firefox 23 network monitor

  •  The Web Console has been renamed to Console.
  • A Network Panel has been added to the browser's Developer Tools. It offers additional details that the "net" view does not provide you with in the console.
  • Toolbox options to disable or enable features like remote debugging or theme changes.
  • The <blink> element is not supported anymore.
  • The ability to add a sidebar panel has been dropped.
  • Share button and panel added to the Social API. It adds one-click sharing functionality to Firefox.

Check out the additional information sources section below for additional developer-specific changes in Firefox 23.

Security updates

  • MFSA 2013-75 Local Java applets may read contents of local file system
  • MFSA 2013-74 Firefox full and stub installer DLL hijacking
  • MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
  • MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
  • MFSA 2013-71 Further Privilege escalation through Mozilla Updater
  • MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
  • MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
  • MFSA 2013-68 Document URI misrepresentation and masquerading
  • MFSA 2013-67 Crash during WAV audio file decoding
  • MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
  • MFSA 2013-65 Buffer underflow when generating CRMF requests
  • MFSA 2013-64 Use after free mutating DOM during SetBody
  • MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Additional information / sources

  1. Add-on Compatibility for Firefox 23
  2. Firefox 23 for Developers
  3. Firefox 23 Release Notes
  4. Security Advisories for Firefox

Firefox 23.0.1 Update

Mozilla has updated the stable channel to version 23.0.1 today. The update fixes several issues in the application that crept up after the final was released.

It fixes H.264 playback issues under Windows Vista, WebRTC audio issues, the deactivation of Turn (Traversal Using Relays around NAT) and a issue that affected dictionaries with non-Ascii characters.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. yoav said on August 6, 2013 at 3:37 am
    Reply

    Every new version of FF is making me like this browser less and less. I understand technological improvements but why did Mozilla have to remove the ability to easily use multiple search providers? What exactly was bothering the developers in this feature?

    1. Martin Brinkmann said on August 6, 2013 at 3:43 am
      Reply

      It all comes down to making things easier for the “inexperienced”.

      1. blue_bsod said on August 6, 2013 at 12:17 pm
        Reply

        …it’s surprising in this day and age there still are, “inexperienced”, users. But its this type of thinking that makes the rest of us suffer with simplicity to the point of stupidity.

    2. qaz said on August 6, 2013 at 6:14 am
      Reply

      The only hope for our mental sanity is using actively-developed Firefox forks (i.e. Palemoon). ;-D

    3. Ken Saunders said on August 6, 2013 at 6:21 am
      Reply

      “why did Mozilla have to remove the ability to easily use multiple search providers”

      They didn’t. I believe that you’ve misread something.

      1. anon said on August 6, 2013 at 7:37 am
        Reply

        They haven’t yet.

      2. Ken Saunders said on August 6, 2013 at 8:18 am
        Reply

        They won’t.
        It would mean the end of OpenSearch plugins, Mycroft Project, site specific search plugins, it would destroy smaller search providers, and end a revenue stream for Mozilla.

        They’ll be an a combined Omnibar type implementation, but you’ll still be able to use different providers.

    4. George said on May 14, 2014 at 3:24 am
      Reply

      I totally agree with you.I mean in the new 29 version it fills the hole screen so you can’t even see the windows start bar.Thats why i went back to version 24,only to find out,there is not back and forward buttons,and nothing that can be activated from options relating to it.Thats why i will go back to the 23.The first version was so nice and easy to use,but now they do it like the cars,more “easy to use” (for some mentally impared people) but more complicated …

  2. ilev said on August 6, 2013 at 3:53 am
    Reply

    Regarding HTTPS security :

    BREACH Compression Attack Steals HTTPS Response Secrets in under 30 seconds

    A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security.

    The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes….

    ..“We are currently unaware of a practical solution to this problem,” said the CERT advisory..

    http://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579?utm_source=Newsletter_080513&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=

    http://www.kb.cert.org/vuls/id/987798

  3. Pramod said on August 6, 2013 at 5:32 am
    Reply

    I really like the updated version of Firefox ..its performance has been improved very much .Thanks for sharing with us the update .

    -Pramod

  4. Jim said on August 6, 2013 at 11:35 am
    Reply

    So they removed the tab bar option. Does that mean the tab bar is always automatically hidden when only one tab is open? I’ve always found that behavior very irritating.

    Does Mozilla have some sort of hidden motivation to reduce their market share? The trend they’re on with FF makes me wonder. They seem to be reading the same book as MS with Win8 and Surface.

    1. Martin Brinkmann said on August 6, 2013 at 11:41 am
      Reply

      No, it is always visible.

  5. Aram said on August 6, 2013 at 12:35 pm
    Reply

    Great, with the update my bookmark icon was gone and after I brought it back from the Customize Toolbar, it now shows my bookmarks on the left and also in an unpleasant way. (Still looks from the menu bar.) Any help on that would be appreciated. Thank you.

    1. Martin Brinkmann said on August 6, 2013 at 12:39 pm
      Reply

      Can you make a screenshot of that? Can’t you just drag and drop the icon to the right when you use the customize toolbar option again?

    2. wiel said on August 6, 2013 at 2:08 pm
      Reply

      there are two bookmark icons in my customize window. one displays a drop down and the other displays bookmarks on the left

  6. Aram said on August 6, 2013 at 1:14 pm
    Reply

    Thank you for your prompt response, Martin.

    Yes, I used the customize toolbar again and now deliberately removed the bookmark icon, restarted The Fox, used the customize toolbar again to bring the icon up and to the right and now everything works as before. Thank you very much, Martin. (I was already wading through about:config.)

    1. Martin Brinkmann said on August 6, 2013 at 4:10 pm
      Reply

      Great that I could be of help, somewhat ;)

      1. ;) said on August 7, 2013 at 5:52 am
        Reply

        there goes the ‘experience’.

  7. Joe said on August 6, 2013 at 1:50 pm
    Reply

    I dunno, but I updated to FF 23 and so far I like it. I especially like the blocked content shield that is located in the far left corner of the address bar when FF comes across what it thinks is insecure content. Once you click on the icon a drop down menu opens, and you can unblock what FF has blocked if you know it’s a safe site. So far no issues what so ever….

  8. XenoSilvano said on August 7, 2013 at 5:11 am
    Reply

    I personally don’t think the removal of multiple search options as a standard feature is such big deal, there are multiple add-ons that could supplement this feature (I use the ‘add to search bar’ add-on, which adds any search element on a webpage as a custom search option, don’t add Google though – bad mojo).

    Ah man, they’re doing this because we’re all collectively getting dumber!

    If an ‘inexperienced’ user who wants such functionality in their browser then they can simply search it up on the net (of course, this premise would be under the assumption that they have enough brains to think of searching for a solution in the first place which seems to be an ever lacking attribute in the human species).

    One step closer to Australis ~ ♪ ohh, if you tolerate this then your children will be next ♫

    1. one who knows said on August 7, 2013 at 3:32 pm
      Reply

      your (grand)children will have chips in brains . At wake-up=start-up clearing individual temporary memory + load remotedly default advised(with no alternatives=obligatory) current personalized Smart-Face-Dial interface
      it will be accepted just like cellulars today, because implementation will be done gradually .

  9. Cattleya said on August 7, 2013 at 7:15 am
    Reply

    Click to play no longer work on this version.

    1. Martin Brinkmann said on August 7, 2013 at 7:48 am
      Reply

      Mozilla has changed the way this is handled. I have published a guide that explains it all: https://www.ghacks.net/2013/08/07/how-to-get-click-to-play-working-in-firefox-23-or-newer/

  10. mma173 said on August 7, 2013 at 11:34 am
    Reply

    So far so good for me. Australis is the disaster to come.

  11. KRS said on August 8, 2013 at 8:11 am
    Reply

    I have enabled “automatic update” for FF, but Help:About still shows that I’m on v. 22 and “up to date.”

    Is there any reason to wait, or not to update to v. 23 from the Mozilla site?

    1. Martin Brinkmann said on August 8, 2013 at 8:17 am
      Reply

      I would download the new version manually and update this way.

  12. blue_bsod said on August 8, 2013 at 4:57 pm
    Reply

    I’d like to add… with, “security.mixed_content.block_display_content”, turned on, it will block embedded images in e-mail, which can be annoying so I turned it off. =P

    1. beemeup2 said on August 9, 2013 at 4:50 am
      Reply

      That’s precisely why it is off by default ;)

      1. blue_bsod said on August 9, 2013 at 6:51 am
        Reply

        No, on upgrading to v23, it change that switches default position to, “ON”, but it’s now a few hours later and now I’m beginning to realize even with it OFF, a lot of my sites no longer work properly. Even Adblocker Plus and Ghostery don’t quite work the way they’re suppose to and even Grease Monkey scripts all seem buggy.

        Nothing seems to work the way it’s suppose to work and even sites we have a history of using in the past including 128/256b encrypted sites (banking) don’t work properly. WTF have they done now. I’m getting fed up with this Apple mentality they seem to be adapting… we aren’t sheep out to slaughter.

  13. blue_bsod said on August 9, 2013 at 6:52 am
    Reply

    …oh goodie the auto deleter on the host site deleted my reply rant again… I’m soo delighted..

    1. XenoSilvano said on August 9, 2013 at 7:57 am
      Reply

      You could get an add-on called ‘clipple’, it extends your clipboard beyond the default single clip.

      All you have to do is copy your the comment before you post it
      then if you notice that it has been removed you can use clipple to re-post the text
      you had previously copied.

      note: clipple can hold as much as 40 clips [ 40 – ctrl + c or rightclick > copy ].
      If you make copying your comments a habbit then you’ll never loose a comment again!

      It’s add-ons like this that makes Firefox the multitool among browsers
      you can do almost anything with it.

      1. Ken Saunders said on August 9, 2013 at 8:28 am
        Reply

        Text Area Cache is very good, probably the best

      2. blue_bsod said on August 9, 2013 at 12:39 pm
        Reply

        Thank-you, I’ll give it a try as in the past I used stickies, and various notepad add-ons, but sadly when I went from FF 3 to 4 the specific one I liked using stopped working and thus all my saved notes were lost. I have yet to find one that I like that doesn’t open in a new tab, set width, can be blocked by Ghostery, or NoScript, have way too many functions, have way too many menus and sub-menus to get to the save menu etc…

        As for the forced upgrades each time we use FF, there used to be a way to add a line to the Windows Host file to re-route the Firefox updater to loop back on itself so it would only upgrade when you wanted it to. But alas that capability went out after FF6 was released and though I love FF, I feel each upgrade only drags us along for the ride, and forcing us to take whatever crap they think we need.

        The same reason why we can add add-ons, they should leave well alone and not force us to take stuff because they said so. I might go back to MSIE as it seems faster now that the new FF practically pre-screens every site link we use thus slowing down overall surfing. I would move to Chrome again if I could figure out why it stopped working a few months back… *sigh*

  14. blue_bsod said on August 9, 2013 at 6:53 am
    Reply

    mixed content thingy is ON by default on upgrading

  15. XenoSilvano said on August 9, 2013 at 8:35 am
    Reply

    I know exactly what you mean, that certainly seems like the path we’re heading toward,
    simply because we keep passively accepting this plutocratic garbage.

    A part of me can’t believe what is going on in the world today, we’ve been fed way too much ########.

    If we don’t stand-up against this thing, we’re not going to have much of a future to look forward to.

    1. XenoSilvano said on August 9, 2013 at 8:48 am
      Reply

      @ Ken Saunders – Fantastic, this add-on seem much better, copying all the time is hassle.
      Thanks for this, I’ll certainly give it a try.

  16. blue_bsod said on August 9, 2013 at 12:49 pm
    Reply

    The reason why some posts are not being accepted is because this sites host (WordPress), has an auto spam, scam detector with a wide filter that looks for a broad range of wording styles it deems as spam/scam and auto deletes them. Sadly my style falls under that range and is often deleted. Personally I thought I was being singled out and targeted. Martin filled me in on this hosts auto filters.

  17. Greg said on August 14, 2013 at 8:49 pm
    Reply

    So there’s no way to turn off that wasteful tab bar now? I’m running out of reasons to keep using Firefox.

    1. Tom said on August 15, 2013 at 3:44 am
      Reply
      1. Ken Saunders said on August 15, 2013 at 5:00 am
        Reply

        That’s right, and people need to remember the “As ususal” part when bitching about things, especially Firefox 25.

      2. Tom said on August 16, 2013 at 12:14 pm
        Reply

        Ken: Sure, but Mozilla should have made the users AWARE of these possibilities in case of these blatant feature removals or when complete redesigns happens like the one that comes with FF25. At least in a form of a blog post or something. It’s not a bad thing to admit that some changes made for the majority will not fit for some other people. Admitting this especially doesn’t hurt for a non-profit organization.
        Let’s search for or encourage people to make alternatives and offer them in time. It’s been done before in case of Thunderbird when a popup dialog offered add-on alternatives for removed features. This will hugely reduce “bitchings” about that are very valid at the moment.

      3. Orhin said on August 17, 2013 at 8:53 am
        Reply

        There should not be the need to replace everything with an add-on – Mozilla wants to recreate “the ultimate Chrome experience” in Firefox.

        And that way Firefox loses it’s own identity, and the users are forced to install Add-ons which are again breaking when Version Updates are coming, or the developer decides that Firefox does not fit his/her needs anymore.

        Core Features, about changing some parts of the Inferface SHOULD stay in the Browser and not put into addon devs hands.

        And that is the reason why a Firefox with Australis, or better known as “Googlezilla Firechrome” or “Googlezilla Chromefox” will suck without ends!

        Btw. i am using again Palemoon for a bit since it seems clear that the Dev of this Fork is not interested at all in creating a Mozilla Chrome!

        So everyone who is not interested in “Mozilla’s personal version of Chrome” should give at least Palemoon or Cyberfox a try. No Australis, Full Customization without the need for replacing Core Feature after Core Feature with add-ons.

        And btw. for all who do not know it, Full Themes are also inofficially on the Kill list because they are not Chrome enough! Hiding the Full Themes Section in the addon Mozilla Section costs Theme Devs many many downloads each month.

        Mozilla knows that they can not easily get rid of full themes, so they do everything to get the download numbers that much down that they are able to come along with their “statistics trick” again – “Not much users are using that feature anyway, Killed!”

        Just wait and see.

        I really recommend switching Browsers, no matter if Palemoon, Cyberfox, Seamonkey or Browsers like Opera or Midori and Qupzilla!

  18. XenoSilvano said on August 15, 2013 at 5:26 am
    Reply

    We’ll all need add-ons for almost everything soon enough.

    *sigh* I await the day when we finally get disqus.

  19. XenoSilvano said on August 17, 2013 at 9:21 am
    Reply

    @Orihn – I concur.

    I can’t believe Mozilla is going to force Australis onto us like Microsoft did with metro to Windows 8.

    Is Mozilla even aware of everyone’s disdain for this user interface lift.

    1. Orhin said on August 17, 2013 at 10:29 am
      Reply

      Sad fact is so less people do know about Australis. Just make sure you tell everyone you know, write in boards, blogs and whatever else for places you visit. Spread the News!

      It is nothing wrong in showing others what is awaiting on them. And no matter how hard Mozilla and some true believers think that “Mozilla Chrome” is the only right way, a lot of people will soon take away what they posess.. Their share of the Mozilla Firefox Marketshare.

  20. Orhin said on August 17, 2013 at 11:18 am
    Reply

    Btw. So much to Mozilla Arrogancy..

    “And I totally understand that. Mozilla Chrome isn’t really the right term, since we will always be more customizable and free than Chrome is, but I respect your choice. Plus, Cyberfox is based on Firefox, and it’s only because we are so open that this can happen.”

    http://infinite-josiah.blogspot.co.at/2013/07/the-state-of-thunderbird-team-and.html?showComment=1376751830230

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.