Firefox 25: Find out what is new

Another 42 days have passed which means that Mozilla will release the final version of Firefox 25 today if everything goes along as planned.

Firefox 24.0 users will receive update notifications starting later today, provided that they have not blocked the web browser from updating automatically.

All other release channels, that is Beta, Aurora and Nightly, will also be moved up one version so that they will be updated to versions 26.0, 27.0 and 28.0 respectively over the course of the next days.

The release is as usually already available on Mozilla's FTP server from where it can be downloaded. It is usually not recommended though, as last minute changes may replace it with another build that is then distributed to all users of the browser.

If you want to be sure that you get the right update, wait until Mozilla officially announces the release of the new version.

Tip: You can check your version of Firefox with a tap on the Alt-key on your keyboard, and the selection of Help > About Firefox from the menu that opens up.

Firefox 25 What’s New

Firefox 25 ships with a handful of new features or changes only. The following list provides you with information about them.

Find Bar

The Find Bar of the browser can be used to find text on web pages that you have open in the browser. Up until Firefox 24, the bar was shared between all tabs. If you opened it in one tab, it would also be visible in all other tabs.

From Firefox 25 on, this has changed so that the bar is only displayed in the tab it has been opened it.

While that is useful for some users who only want to search in a single tab, it breaks the workflow of users who have used the feature to search in multiple tabs (one after the other).

Mozilla has not implemented a switch or option to the browser to restore the old functionality, and it seems that the organization is not willed to do so citing that this is better left to add-on developers.

One of the first add-ons to implement the functionality is FindBar Tweaks which I have reviewed previously. You can use it to search across all open tabs in Firefox. An Alternative to that is the search add-on Hugo which provides similar capabilities.

Reset Firefox Notifications

I have already reported about this some days ago. If you are not using a Firefox profile for at least 60 days, you will receive a notification on the next start of the web browser that provides you with an option to reset the browser.

The idea behind the change is to make sure that users do not run into any "old" issues when they start Firefox. Resetting will also provide them with options to import another browser's browsing history and settings again into the Firefox browser.

It more or less resets the browser to a state where it was when you installed it for the first time on your system.

Related to that is that resetting the browser does not clear the active browsing session anymore. What this means is that websites and services that were open before the reset feature was invoked are available after the operation has been completed.

OCSP Stapling

While there has been no official confirmation yet about the implementation of OCSP Stapling in Firefox 25, the most recent information released by Mozilla indicated the organization's plan to release the feature in this version of Firefox.

It changes how certificates are verified for servers that support OCSP Stapling, and will fall back to the old way of verifying certificates if that is not the case.

The main change here is that the browser does not connect to a Certificate Authority (CA) server anymore to verify a server's certificate. Instead, the server itself checks with the CA regularly and that data is then submitted to the browser alongside the certificate itself.

The preference responsible for the feature, security.ssl.enable_ocsp_stapling,  seems to have been set to false though by default. You can enable it in the following way:

• Type about:config into the browser's address bar
• Confirm that you will be careful.
• Search for security.ssl.enable_ocsp_stapling
• Double-click the entry.

You can repeat the process to deactivate it again.

SSL False Start

A second security related feature has been implemented in Firefox 25. It is disabled by default as well and needs to be enabled in the following way:

• Type about:config into the browser's address bar
• Confirm that you will be careful.
• Search for security.ssl.enable_false_start
• Double-click the entry.

The feature aims to reduce the latency for certain handshakes.

This document specifies an optional behavior of TLS implementations, dubbed False Start. It affects only protocol timing, not on-the-wire protocol data, and can be implemented unilaterally. The TLS False Start feature leads to a latency reduction of one round trip for certain handshakes. [source]

Related to that is the preference security.ssl.false_start.require-forward-secrecy which is set to false by default. It only makes sense to enable it if you have set security.ssl.enable_false_start to true previously.

Perfect forward secrecy is a property of cryptographic systems which ensures that a session key derived from a set of public and private keys will not be compromised if one of the private keys is compromised in the future. [source]

The preference security.ssl.false_start.require-npn is enabled by default.

This document describes a Transport Layer Security (TLS) extension for application layer protocol negotiation. This allows the application layer to negotiate which protocol should be performed over the secure connection in a manner which avoids additional round trips and which is independent of the application layer protocols. [source]

Web Audio support

While you can play audio on the web without the need for plug-ins in the browser thanks to HTML5, the audio tag itself has severe limitations when it comes to operations that are complex.

Web Audio is a high level JavaScript API for processing and synthesizing audio on the web.

You can find out more about it on Mozilla Hacks where the benefits of the Web Audio API are listed from a game designer, audio engineer and programmer perspective.

Developer changes

Several changes have been made to the Developer Tools.

• The Profiler has an option now to save and load profiling results.
• A right-click menu was added to the Network panel. You can now use it to copy and resend url commands.
• You can now "black box" script files in the Debugger.
• Auto-completion was added to the Inspector for CSS values and names.

Other development related changes:

• The background-attachment CSS property supports the local keyword now.
• -moz-os-version is a new non-standard media query to determine the operating system version (currently only available on Windows).
• -moz-osx-font-smoothing is now available.
• You can now use the srcdoc attribute of iframes.
• HTMLCanvasElement.toBlob now accepts an attribute defining the quality of the image when used with "image/jpeg".
• Array.of() is now implemented on Array.
• The methods Number.parseInt(), Number.parseFloat(), Map.prototype.forEach() and Set.prototype.forEach() have been implemented.
• A boatload of new mathematical methods have been implemented.
• Support for binary and octal integer literals has been added.
• The Web Audio API is supported now.

Consult the source section below for detailed information about all development related changes in Firefox 25.

Firefox 25 for Android (new)

From this month on, we will also be looking at the changes that Mozilla made to the mobile version of Firefox. Currently, that means Firefox for Android only.

Three main new features have been added to the Android version of Firefox:

• A new guest browsing mode has been added. This can be useful if someone else needs to use your phone's browser for a set amount of time. Guest browsing ensures that they do not get access to your browsing history, passwords or bookmarks, and that their browsing session will be deleted as well once they are finished using your mobile device.
• Firefox Mobile supports mixed content blocking now to protect users of the browser from man-in-the-middle attacks and eavesdropping attacks on HTTPS pages.
• Mobile add-ons can add indicators to the address bar of Firefox Mobile now.
• Developers can enable remote debugging with a desktop version of Firefox now from the settings.
• The new Contacts API has been implemented.

Security updates / fixes

MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Additional information / sources

The following links point to official sources that provide you with additional information about the release. Note that some may not have been updated yet and that we will publish the final links once they become available.

1. Add-on Compatibility for Firefox 25
2. Firefox 25 for Developers
3. Firefox 25 release notes
4. Firefox 25 for Android release notes
5. Security advisories for Firefox 25

Now read: How to download a full Firefox installer

Advertisement