Firefox 23.0: Find out what is new
Another 42 days have passed which means that all versions of the Firefox web browser will be updated in the coming days. First to receive the update traditionally is the stable version of Firefox, which will jump from version 22 to Firefox 23 later today.
While it is almost set in stone that the update will happen today, last minute bugs may prevent that from happening after all.
The release is already on Mozilla's official ftp server and on many of the third party distribution servers to make sure that updates run for all users without issues or delays.
If you have automatic updates configured in Firefox, you will receive an update notification that lets you update to Firefox 23. You can alternatively download Firefox from the Mozilla website once it has been released, or, if you are adventurous, download it from the FTP server directly or third party download portals.
Firefox 23 What’s New
The final release notes get published when the browser update is made available publicly. This What's New article uses the beta release notes as a source, as it is the only available at the time of writing. I'll take a look at the final release notes of Firefox 23 once they get published to make sure nothing was missed.
Mixed Content Blocking
This is a new security feature in Firefox 23 that prevents man-in-the-middle attacks and eavesdropping when you are on (secure) https pages. Mixed Content refers to sites that use http and https resources. There are two types of mixed content, active and passive.
Mixed Active Contents are scripts and other dynamic resources, and Mixed Passive Contents are static resources like images.
Firefox 23 will block Mixed Active Content by default and allow Mixed Passive Content.
To change that behavior, do the following:
- Type about:config into the browser's address bar and hit the enter key.
- Search for security.mixed_content.block_display_content and double-click the preference name to set it to true.
- This blocks Mixed Passive Content in Firefox as well.
You can override the feature on a per-page basis by clicking on the icon in front of the website's address. Here you are informed that Firefox has blocked content that isn't secure. A menu at the bottom lets you disable the protection on the page so that blocked contents get loaded.
You can alternatively disable mixed content blocking completely. This is done in the advanced configuration.
- Type about:config into the browser's address bar and hit the enter key.
- Search for security.mixed_content.block_active_content and double-click the preference name to set its value to false.
- This disabled Mixed Active Content Blocking in Firefox.
Mozilla has removed several preferences from the browser's options. The removed preferences are:
- Load images automatically.
- Always show the tab bar.
To change the default image loading behavior, search for permissions.default.image and set it to 1 to load all images, 2 to block all images, or 3 to block all third party images from loading.
As far as the tab bar preference goes, it has been removed completely from code so that the browser.tabs.autohide preference is no longer working in Firefox 23 or newer.
Search provider changes
Up until Firefox 22 Firefox users were able to select different search engines for the browser's address bar and the search bar. You could set the address bar search to use DuckDuckGo and the search bar Google or Bing for instance.
With Firefox 23 comes a unified search experience that removes this option. There is only one search provider in Firefox which will be used by the address bar and the search bar.
That's a problem if you want to use different providers to be flexible in your searches, and while it is possible to use keywords to run searches on different engines in the address bar, it means that you need to type more for the same effect.
You can revert the change by installing the add-on keyword.URL Hack! which adds the original functionality back to the Firefox web browser.
If you have never used keyword.url before, you need to add it as a preference before it becomes available.
- Type about:config in the address bar and hit enter.
- Confirm you will be careful.
- Right-click a blank space here and select New > String from the context menu.
- Name the preference keyword.URL.
- Set its value to the search engine that you want to use, e.g. https://duckduckgo.com/?q=
On the good side of things, if you switch to a new search provider it is automatically across the entire browser so that you do not need to modify multiple preferences anymore for that.
Content Security Policy 1.0
Improved about:memory interface
The about:memory page has been modified. First, it won't display data on load like it did before. You need to click on one of the buttons, e.g. measure or load, to display the browser's memory allocations.
Mozilla did remove url modifications on the page as well, so that you cannot use any url parameters anymore.
Missing plugin notification interface
When you visit a web page that relies on plugins, you may get a missing plugin indicator in Firefox's address bar. You can click on that for a prompt to install that missing plugin in the browser to access the contents.
This appears to work for popular plugins like Java, Adobe Flash, Quicktime or Shockwave at the time of writing.
- The new Mac Os X 10.7 scrollbar style is now supported.
- The Firefox logo has been updated.
- DXVA2 has been enabled on Windows Vista and newer versions of Windows that aims to accelerate H.264 video decoding.
- The Web Console has been renamed to Console.
- A Network Panel has been added to the browser's Developer Tools. It offers additional details that the "net" view does not provide you with in the console.
- Toolbox options to disable or enable features like remote debugging or theme changes.
- The <blink> element is not supported anymore.
- The ability to add a sidebar panel has been dropped.
- Share button and panel added to the Social API. It adds one-click sharing functionality to Firefox.
Check out the additional information sources section below for additional developer-specific changes in Firefox 23.
- MFSA 2013-75 Local Java applets may read contents of local file system
- MFSA 2013-74 Firefox full and stub installer DLL hijacking
- MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
- MFSA 2013-71 Further Privilege escalation through Mozilla Updater
- MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
- MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
- MFSA 2013-68 Document URI misrepresentation and masquerading
- MFSA 2013-67 Crash during WAV audio file decoding
- MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
- MFSA 2013-65 Buffer underflow when generating CRMF requests
- MFSA 2013-64 Use after free mutating DOM during SetBody
- MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Additional information / sources
- Add-on Compatibility for Firefox 23
- Firefox 23 for Developers
- Firefox 23 Release Notes
- Security Advisories for Firefox
Firefox 23.0.1 Update
Mozilla has updated the stable channel to version 23.0.1 today. The update fixes several issues in the application that crept up after the final was released.
It fixes H.264 playback issues under Windows Vista, WebRTC audio issues, the deactivation of Turn (Traversal Using Relays around NAT) and a issue that affected dictionaries with non-Ascii characters.Advertisement