Firefox 27: Find out what is new
A new stable version of the Firefox web browser will be released by Mozilla in the coming 24 hour period. Firefox 27 brings Firefox one step closer to the Australis theme which will be launched as part of Firefox 29 if things go as planned (it is moved to the Aurora channel right now).
Adventurous users can download the newest stable version of Firefox from Mozilla's FTP server or a third-party download site as they are usually offered there prior to the official release announcement and availability on Mozilla's website or via Firefox's automatic update feature.
It is usually not recommended to update early, as last minute changes can make another build the final one. Usually though, that does not happen.
You can check for new versions manually with a click on the Firefox button, and the selection of Help > About Firefox.
Downloads will later be posted here on the Mozilla website. Note that you may get a net-installer by default. Check out this guide that explains how to download full Firefox versions from Mozilla.
Firefox 27 Whatâ€™s New
Firefox 27 is one of those builds that do not change a lot in regards to features. It does introduce a couple of interesting features or feature updates though, as you will see in our analysis.
Support for TLS 1.2 and TLS 1.2 enabled by default
Firefox 27 supports TLS (that is Transport Layer Security) 1.2 now. TLS is more or less the successor of SSL, and version 1.2 is the most recent cryptographic protocol that Firefox supports.
I have reviewed the change in detail here, but want to go over the most important bits of information again.
To establish a secure connection, browser and server need to agree on a protocol that they both support. Up until now, that meant to see if TSL 1.0 is supported, and if it is, it would be used. If not, browser and server would fallback to SSL v3 instead.
With TLS 1.2 support in Firefox stable, TLS 1.2 is now used if supported by the server, and only if it is not supported, TLS 1.1, TLS 1.0 and SSL v3 are checked and the first one that is supported is used to secure the connection.
The two preferences that handle this are:
Min is set to 0 by default, while max to 3. Here is a short list of what the values mean:
- 0 refers to SSL 3
- 1 refers to TSL 1.0
- 2 refers to TLS 1.1
- 3 refers to TLS 1.2
You can change the minimum requirements (or maximum but that is not suggested) so that TLS is always used. This may mean however that connections to some servers, those that only support SSL 3 but not TLS, cannot be established anymore.
SocialAPI supports multiple providers
Firefox's SocialAPI enables webmasters to offer services that make use of it in the browser. The prime example here is Facebook's Messenger for Firefox which was one of the first to make use of it.
The messenger application added notifications and chat to Firefox in the form of buttons and a sidebar that could easily be displayed and be hidden again when not needed.
Up until now, only one social provider could be active at the same time in the browser. Firefox 27 changes this as you can now receive notifications and other information from multiple social providers.
The feature is only supported by a few providers including Facebook, msnNOW, Cliqz and Mixi.
Social features are not enabled by default, and come only into play once at least one social provider has been added to the browser.
Up until now, you had to switch providers manually whenever you wanted them to provide you with their functionality.
Update: New social partners announced today, including Delicious and Saavn. More information about those here.
Mozilla added support for Google's SPDY networking protocol to Firefox 11. The main goal of the protocol is to reduce web page load latency and improve security at the same time.
Servers that you connect to need to support SPDY for this to work though, with many major sites such as Twitter, Facebook, WordPress.com or the majority of Google properties supporting it in varying degrees.
SPDY 3.1 is only supported by some servers, Google's servers support it for instance, while many others do not support it yet. This will change over time though.
You can find out if a particular service supports SPDY, and if so which versions of the protocol, by loading Spdycheck in your browser.
- The Inspector supports the editing of HTML elements now.
- Allow-popups directive for iframe sandbox implemented.
- Reflow logging now supported.
- Background-urls and colors have a preview in Inspector.
- The Debugger can break on DOM events.
Firefox 27 for Android
The mobile version of Firefox for Android and the desktop version share most of the improvements. There are however a couple of features that are exclusive to Firefox's Android version.
- New languages added to Android multi-locale builds (Slovenian, Lithuanian, South African English and Thai).
- Favicon caching improved.
- Overscrolling on web content removed, now highlights on Android.
- Default font set to Clear Sans.
Security updates / fixes
The security updates are only made available after the official release. We will add those once they become available.
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Additional information / sources