Firefox 37: find out what is new
Mozilla will release new versions of the Firefox web browser for all supported channels later today.
This brings the stable version of the browser to version 37 while Beta, Aurora and Nightly versions are upgraded to 38, 39 and 40 respectively.
Firefox's Extended Support Release will be upgraded as well to version 31.6.
To find out which channel you are using type about:support in the web browser's address bar and check the version under application basics near the top of the page that opens up.
The guide below provides you with information about changes that went into Firefox 37.
Firefox 37 download and update
Firefox 37 is already available on Mozilla's public FTP server. It is usually not a good idea to download it from there directly as last minute changes may make a different build the release build.
While this does not happen often, it did happen in the past.
Probably the best way to upgrade is to run a manual update check in the browser. You do that by tapping on the Alt-key on your keyboard and selecting Help > About Firefox from the menu bar at the top that is displayed when you do that.
Mozilla hosts all downloads and you can download them from the site as well to upgrade or install anew. Use the following links to do so (note: the recent updates may not be available yet).
Firefox 37 Changes
Firefox 37 does not introduce many new features in the browser that are visible to users.
Media Source Extensions (MSE) on YouTube
When you visit YouTube's HTML5 video player page you will notice that Firefox 37 supports Media Source Extension now on the site.
While you could force support previously by changing browser preferences on the about:config page of the browser, that is no longer necessary at least not for Media Source Extensions and MSE & H.264 which are both enabled by default now on the site.
Tip: To enable MSE & WebM VP9 which is shown as not supported right now do the following:
- Load about:config in the browser's address bar.
- Confirm you will be careful if the warning appears.
- Search for media.mediasource.webm.enabled
- Double-click on it to toggle its value (to true).
Reload YouTube's HMTL5 check page and you should see that the last option is supported as well now on the site.
This feature is limited to YouTube by default. To change that modify the preference media.mediasource.youtubeonly and set its value to false using the method listed above.
You may run into issues on some sites if you enable that feature globally though. If you do, repeat the process to disable it again.
Heartbeat user rating system
Heartbeat adds a User Voice like system to Firefox allowing Mozilla to get user feedback directly from users of the browser.
I covered Heartbeat when it first appeared back in February and suggest you read the article that I wrote back then for additional information about it.
If you don't want to participate in Heartbeat at all, do the following to disable the feature in the browser:
- Open the about:config page again as outlined above.
- Search for browser.selfsupport.url.
- Double-click the parameter and set its value to blank.
To undo the change, right-click on the preference and select reset from the context menu.
Bunch of security improvements
Security improvements are usually not something that are visible to users. The following paragraph lists the improvements that went into Firefox 37.
- Bing Search uses HTTPS by default now.
- Disabled insecure TLS fallback.
- TLS False Start optimization requires a cipher suite using AEAD construction.
- Extended SSL error reporting to report non-certificate errors.
- Improved protection against site impersonation
- Support for local revoked intermediary certificates blocklist
- Added support for e-mail name constraints in certificates.
- Improved certificate and TLS communication security by removing support for DSA
- Opportunistically encrypt HTTP traffic if the server supports it.
New Security panel in Network Monitor
The security panel lists security-related information about the selected entry in the network panel. This includes connection details such as the protocol version and cipher suite used but also certificate information and security features used by the connection.
New Animations panel in Page Inspector
If the selected element on a page is animated, Firefox displays the Animations panel which displays information about it and provides you with play and pause buttons to control it.
Other developer changes
- Debugger panel supports about:// and chrome:// URIs.
- Logging of weak ciphers in web console.
- WebSocket now available in Web Workers.
- IndexedDB now accessible from worker threads.
Firefox for Android
The majority of changes of the desktop version of Firefox were also implemented in the Android version. I suggest you check out the changelog if you are interested in those. Below is a selection of features unique to Firefox for Android.
Tablet interface updates
Tablet interface updates launched in Firefox 37 for Android. You will probably notice right away that tabs are on top now in the new interface.
Other changes include a redesigned tabs tray displaying all open tabs in the browser. You find additional information about the new interface on Medium.
- Support for sending videos to Matchstick devices.
- URL bar displays the url instead of the page title by default now.
Security updates / fixes
Security updates are released a short while after the Firefox 37 release. I'll add those once they become available publicly.
- MFSA 2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
- MFSA 2015-41 PRNG weakness allows for DNS poisoning on Android
- MFSA 2015-40 Same-origin bypass through anchor navigation
- MFSA 2015-39 Use-after-free due to type confusion flaws
- MFSA 2015-38 Memory corruption crashes in Off Main Thread Compositing
- MFSA 2015-37 CORS requests should not follow 30x redirections after preflight
- MFSA 2015-36 Incorrect memory management for simple-type arrays in WebRTC
- MFSA 2015-35 Cursor clickjacking with flash and images
- MFSA 2015-34 Out of bounds read in QCMS library
- MFSA 2015-33 resource:// documents can load privileged pages
- MFSA 2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
- MFSA 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
- MFSA 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Additional information / sources
- Firefox 37 release notes
- Firefox 37 Android release notes
- Add-on compatibility for Firefox 37
- Firefox 37 for developers
- Site compatibility for Firefox 37
- Firefox Security Advisories
Now Read: Firefox Release ScheduleAdvertisement