Another 42 days have passed which means that Mozilla will release the final version of Firefox 25 today if everything goes along as planned.
Firefox 24.0 users will receive update notifications starting later today, provided that they have not blocked the web browser from updating automatically.
All other release channels, that is Beta, Aurora and Nightly, will also be moved up one version so that they will be updated to versions 26.0, 27.0 and 28.0 respectively over the course of the next days.
The release is as usually already available on Mozilla's FTP server from where it can be downloaded. It is usually not recommended though, as last minute changes may replace it with another build that is then distributed to all users of the browser.
If you want to be sure that you get the right update, wait until Mozilla officially announces the release of the new version.
Tip: You can check your version of Firefox with a tap on the Alt-key on your keyboard, and the selection of Help > About Firefox from the menu that opens up.
Firefox 25 ships with a handful of new features or changes only. The following list provides you with information about them.
The Find Bar of the browser can be used to find text on web pages that you have open in the browser. Up until Firefox 24, the bar was shared between all tabs. If you opened it in one tab, it would also be visible in all other tabs.
From Firefox 25 on, this has changed so that the bar is only displayed in the tab it has been opened it.
While that is useful for some users who only want to search in a single tab, it breaks the workflow of users who have used the feature to search in multiple tabs (one after the other).
Mozilla has not implemented a switch or option to the browser to restore the old functionality, and it seems that the organization is not willed to do so citing that this is better left to add-on developers.
One of the first add-ons to implement the functionality is FindBar Tweaks which I have reviewed previously. You can use it to search across all open tabs in Firefox. An Alternative to that is the search add-on Hugo which provides similar capabilities.
Reset Firefox Notifications
I have already reported about this some days ago. If you are not using a Firefox profile for at least 60 days, you will receive a notification on the next start of the web browser that provides you with an option to reset the browser.
The idea behind the change is to make sure that users do not run into any "old" issues when they start Firefox. Resetting will also provide them with options to import another browser's browsing history and settings again into the Firefox browser.
It more or less resets the browser to a state where it was when you installed it for the first time on your system.
Related to that is that resetting the browser does not clear the active browsing session anymore. What this means is that websites and services that were open before the reset feature was invoked are available after the operation has been completed.
While there has been no official confirmation yet about the implementation of OCSP Stapling in Firefox 25, the most recent information released by Mozilla indicated the organization's plan to release the feature in this version of Firefox.
It changes how certificates are verified for servers that support OCSP Stapling, and will fall back to the old way of verifying certificates if that is not the case.
The main change here is that the browser does not connect to a Certificate Authority (CA) server anymore to verify a server's certificate. Instead, the server itself checks with the CA regularly and that data is then submitted to the browser alongside the certificate itself.
The preference responsible for the feature, security.ssl.enable_ocsp_stapling, seems to have been set to false though by default. You can enable it in the following way:
You can repeat the process to deactivate it again.
SSL False Start
A second security related feature has been implemented in Firefox 25. It is disabled by default as well and needs to be enabled in the following way:
The feature aims to reduce the latency for certain handshakes.
This document specifies an optional behavior of TLS implementations, dubbed False Start. It affects only protocol timing, not on-the-wire protocol data, and can be implemented unilaterally. The TLS False Start feature leads to a latency reduction of one round trip for certain handshakes. [source]
Related to that is the preference security.ssl.false_start.require-forward-secrecy which is set to false by default. It only makes sense to enable it if you have set security.ssl.enable_false_start to true previously.
Perfect forward secrecy is a property of cryptographic systems which ensures that a session key derived from a set of public and private keys will not be compromised if one of the private keys is compromised in the future. [source]
The preference security.ssl.false_start.require-npn is enabled by default.
This document describes a Transport Layer Security (TLS) extension for application layer protocol negotiation. This allows the application layer to negotiate which protocol should be performed over the secure connection in a manner which avoids additional round trips and which is independent of the application layer protocols. [source]
Web Audio support
While you can play audio on the web without the need for plug-ins in the browser thanks to HTML5, the audio tag itself has severe limitations when it comes to operations that are complex.
You can find out more about it on Mozilla Hacks where the benefits of the Web Audio API are listed from a game designer, audio engineer and programmer perspective.
Several changes have been made to the Developer Tools.
Other development related changes:
Consult the source section below for detailed information about all development related changes in Firefox 25.
From this month on, we will also be looking at the changes that Mozilla made to the mobile version of Firefox. Currently, that means Firefox for Android only.
Three main new features have been added to the Android version of Firefox:
Security updates / fixes
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Additional information / sources
The following links point to official sources that provide you with additional information about the release. Note that some may not have been updated yet and that we will publish the final links once they become available.
Now read: How to download a full Firefox installerAdvertisement
If you like our content, and would like to help, please consider making a contribution: