Firefox 43: Find out what is new
Firefox 43's official release data is December 15, 2015. This overview provides you with information about new features, updates, and changes in the new version of the web browser for the desktop and Android.
All Firefox channels are updated on the day. This means that Firefox Beta, Developer Edition and Nightly versions of the browser are updated as well.
To be precise, Firefox Beta is updated to 44, Firefox Developer Edition to 45, Firefox Nightly to 46, and Firefox ESR to 38.5.
The information provided by this article covers only the Firefox Stable update and no other version.
Executive Summary
- Add-on signing is enforced in Firefox 43, but it can be disabled with a configuration switch in this version.
- Firefox 64-bit Stable is now officially available.
- A second block list that is stricter has been added to the browser's tracking protection feature.
Firefox 43 download and update
Mozilla Firefox 43 will be made available via the browser's automatic update mechanism. You can run a manual check for updates at any time by tapping on the Alt-key on your keyboard, and selecting Help > About from the menu at the top.
The browser queries a Mozilla server when you do and will download the update or prompt you to do so depending on how you have configured the browser.
New Firefox releases are available directly from Mozilla as well. There you find stub installers (which require an Internet connection during installation), and full offline installers which don't.
- Firefox Stable download
- Firefox Beta download
- Firefox Developer download
- Nightly download
- Firefox ESR download
Firefox 43 Changes
Add-on signing enforcement
Firefox 43 is the first version of the browser that enforces add-on signing. The browser will block the installation of add-ons that are not signed.
Mozilla planned to launch the feature with Firefox 40 initially but postponed it to Firefox 43 instead. Please note that this will affect already installed add-ons as well.
Firefox 43 ships with an override to install unsigned add-ons in the browser.
- Load about:config in the browser's address bar.
- Confirm you will be careful if the prompt appears.
- Search for xpinstall.signatures.required.
- Double-click the preference to set it to false.
Mozilla plans to remove the preference in Firefox 44.
The idea is to eliminate the majority of malicious or invasive add-ons by requiring them to be signed so that they can be installed in Firefox.
Add-on signing has been criticized as ineffective.
Search Suggestions in address bar opt-in prompt
When you run a search in Firefox 43 for the first time after upgrading to the version you may receive a search suggestions prompt in the address bar.
It asks you if you want to enable search suggestions in the browser and links to a resource page with additional information.
If you accept, everything that you type -- with the exception of hostnames and urls -- is sent to the default search engine which then returns a list of suggestions based on that text.
Search Suggestions are disabled in private browsing mode automatically. You can edit the preference directly in Firefox as well:
- Load about:preferences#search in the browser's address bar.
- Check, or uncheck, the "show search suggestions in location bar results.
Second Block List for Tracking Protection
A second blocklist has been added to the browser's Tracking Protection feature. The feature blocks trackers and scripts automatically when you connect to sites, and works similar to adblockers in this regard.
The focus is on blocking user tracking however and not disabling all advertisement or other annoyances on the Internet.
You can check and enable the second list in the following way:
- Load about:preferences#privacy in the browser's address bar.
- Click on the "Change Block List" button under the tracking header.
- Select one of the available lists there.
You are probably wondering how they differ:
- Disconnect.me basic protection: blocks trackers but has been designed for maximum compatibility so that websites you visit function properly.
- Disconnect.me strict protection: blocks more trackers but may impact the functionality of some sites.
Other changes
- Firefox Stable 64-bit is now officially available. It only supports Flash and Silverlight as plugins.
- WebRTC streaming on multiple monitors.
GTK3 integration (GNU/Linux only).- On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater.
- Improved Big5 support for Hong Kong supplementary characters on Windows XP.
Developer Changes
- Access to Web Storage (i.e. localStorage and sessionStorage) from third-party IFrames is now denied if the user has disabled third-party cookies
- Display Server-side messages in the console.
- Improved API support for m4v video playback.
- Network entries in the console link to the network monitor.
- Overriding CSS declarations have a magnifying glass next to them. A click on it shows only the rules that set the same property which makes it easy to see which rule is overriding the declaration.
- Server logging in the web console.
- Use in Console in Inspector.
- WebIDE has a sidebar UI now.
Firefox for Android
Only features unique to the Android version of Firefox are listed here.
- Accessibility improvements (TalkBack, BrailleBack)
- Firefox for Android displays audio indicators in the tab list.
- Reading List panel supports marking the read state of items.
- Toolbar menu updated to match "latest Android UI designs".
- Cloud printing support using the Android print service.
- URL is included when text is shared from web pages.
Security updates / fixes
Security updates are disclosed after the official release. We update the article as soon as they become available.
MFSA 2015-149 Cross-site reading attack through data and view-source URIs
MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-145 Underflow through code inspection
MFSA 2015-144 Buffer overflows found through code inspection
MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
MFSA 2015-142 DOS due to malformed frames in HTTP/2
MFSA 2015-141 Hash in data URI is incorrectly parsed
MFSA 2015-140 Cross-origin information leak through web workers error events
MFSA 2015-139 Integer overflow allocating extremely large textures
MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-137 Firefox allows for control characters to be set in cookies
MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Firefox 43.0.1
Mozilla has released Firefox 43.0.1 on December 18, 2015 days after the organization released Firefox 43. The release notes reveal no information about the new release but bug 1079858 indicates that this is about Sha2 patches.
release channel:
* 43.0 (no sha2 patch) -> 43.0.1 (sha2 patch 1) -> 43.0.1 (sha2 patch 2)
* when we need watershed rule: 43.0.1 is starting tomorrow
Firefox 43.0.2
Firefox 43.0.2 has been released on December 22, 2015. It features the second part of the Sha2 patch described above.
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox 43.0.3
Mozilla released Firefox 43.0.3 on December 28, 2015. It fixes or changes the following in the web browser:
Fix network issue when using Nvidia's Network Access Manager (1233237)
On some Windows configurations, improve the decoding of some videos on YouTube (1233970)
Firefox 43.0.4
Firefox 43.0.4 was released on January 6, 2016 to the release channel. It fixes the following issues:
Fix for startup crash for users of a third party antivirus too (G Data Security Software). (1235537)
Multi-user GNU/Linux download folders can be create. (1233434)
Re-enable SHA-1 certificates. (1236975)
Additional information / sources
- Firefox 43 release notes
- Firefox 43.0.1 release notes
- Firefox 43.0.2 release notes
- Firefox 43.0.3 release notes
- Firefox 43.0.4 release notes
- Firefox 43 Android release notes
- Add-on compatibility for Firefox 43
- Firefox 43 for developers
- Site compatibility for Firefox 43
- Firefox Security Advisories
Some interesting references for all people that are being annoyed by the enforced new search bar:
Vote for requests to restore old functionality at:
https://bugzilla.mozilla.org/show_bug.cgi?id=1233810
https://bugzilla.mozilla.org/show_bug.cgi?id=1233810
The “bugfix” by means of which the old search bar was deleted:
https://bugzilla.mozilla.org/show_bug.cgi?id=1119250
Oh, and be careful, if you complain there you get warned that you annoy multiple people at once. Whereas they don’t seem to realize that enforcing the new search bar annoys thousands of people, every hour over and over again…
Here are some interesting threads where the announced new search upset many users already over a year ago:
https://blog.mozilla.org/addons/2014/11/27/new-search-ui-coming-in-firefox-34/comment-page-1/#comments
https://blog.mozilla.org/ux/2014/11/find-it-faster/
Judging from the comments, they should have known that the change would be ill received.
Why the default site suggestion is NOT a website I visit frequently, but it is instead a generic web search on the term?
The unified search bar sucks.
Probably stupid question, but… Still.
I already used CTR to get the old search back, and turned off the keywords in about:config.
Yet, when I enter anything into the address bar, I get a “visit XXX” prompt as the first result, rather than the first match between the letters and my history/bookmarks.
Is there a way to disable that behaviour/”feautre”?
Never mind, I figured it out:
about:config -> browser.urlbar.unifiedcomplete -> set to “false”
Firefox 43.0.1. Firefox screws over security software yet again.
I am SO fed up with Firefox thumbing it’s nose at security software that users have paid for and maintained, by helping itself to ‘disabling’ them.
Furthermore, an internet security business like Kaspersky, is neither stupid nor slack in providing signatures. Anyone who falls for the Firefox blame game, isn’t too bright.
Firefox passes the buck – entirely dishonestly – to cover up it’s own incompetence by claiming that your security software isn’t ‘signed’.
Personally, I think it’s either a case of sour grapes on the part of Firefox against Kaspersky, or Firefox now only employs idiots.
Firefox 43.0.1 has disabled 5 Kaspersky extensions, how do I fix this…? Can’t be done in about config…?
Yes, see this article: https://www.ghacks.net/2015/12/16/what-you-do-when-firefox-disables-installed-add-ons/
Yeah, the first time i searched about config it didn’t show up for some reason, worked this time… Thanks… Will i need to go back to “true” once the signatures are sorted out…?
https://www.palemoon.org/
https://en.wikipedia.org/wiki/Pale_Moon_%28web_browser%29
Firefox fork for those who think FF used to not be broken.
Thanks for your explanation on how to override the enforcement of add-on signing.
Enforcement disabled ten of my add-ons including such crucial ones as Class Theme Restorer, Adobe Acrobat DC (the current version), Bookmark Backup, Get Mail Plus, Print/Print Preview, and some really nice ones like Colorful Tabs, Cute Buttons-Crystal SVG, AddOn List Dumper.
I had no idea that malicious add-ons were such a problem. Fortunately I could — thanks to your instructions — override enforcement, for now. I guess I will not upgrade FireFox once it hits version 44 and will have to switch to another browser which irritates the hell out of me since nothing really compares to Firefox.
Why are the folks at Mozilla doing things like this to drive people away from Firefox, especially as the number of Firefox users continues to dwindle?
38 was the last Firefox I actually used, but I had nothing much to do yesterday, so I installed 43 to take a look at it. NoScript is the only add-on I bothered to install. Most of the add-ons I’ve typically used won’t even exist once XUL/XPCOM are removed from Firefox. In the future I may just use the DevEdition instead since it’s a simpler way to get the DevEdition theme and avoid other Mozilla stupidities. I’ve moved most of my casual browsing over to a Chromebook anyway. If GalliumOS looks good, then I’ll probably run Vivaldi on that some time next year. If not, then Debian on a different box (but still probably Vivaldi). I’m still using SeaMonkey, but I don’t know how long that will last. Firefox just isn’t on my radar anymore.
Well, I carried forward some of my CSS from before I started to always use the DevEdition theme, and 43 looks pretty much like it did before (35? 31? whenever the DevEd theme became a choice for stable)–mostly just slim down the tabs/nav-bar (toolbox). Meh.
It’s funny (though not really)… Mozilla built market share for Firefox by creating an environment that attracted devs to create all kinds of add-ons to enhance the browser. Now they’re doing the exact opposite by–effectively–“taking their ball and going home” (so no one else can play with it). Yeah, there’s a remote possibility that they’ll come up with a “great” browser (though not likely), but they’ll still be “dead” because their *former* community of devs and users will have moved on to more satisfying places and products.
I’ve held off switching to a Firefox fork for the longest time, but I might be compelled to find one if FF doesn’t allow us to disable add-on signing in v44.
I forgot about disabling those pointless updates and now I’m regretting it.
Does somone know how to disable this new first thing that shows up when I write
something into the address bar? It’s quite redundant and is just visually annoying.
I know that I either go to the page or googling something, no need to tell me ff.
Also the thing with 44 sounds like the worst garbage to me anyway, the main reason
I use FF IS an unsigned addon. Allthough there were times when it was signed, but whatever.
Set browser.urlbar.unifiedcomplete to false I think.
How nasty. “browser.search.showOneOffButtons” was one of the features, which I used very very very often (multiple times per day). Why fix things that aren’t broken?
Can’t we make a new feature request for:
1. Making the one-click selected search provider sticky.
2. Displaying the active search provider’s icon in front of the search bar.
Where could I find out if such an initiative is already underway or make the request myself?
For every new release, Mozilla clearly illustrated that it is incompetent as an organization that values its user. Because of this they have lost their only edge. They are not delivering a user centric product anymore. They are outsourcing this to addon developers so users have to wait for those addons to be signed and hope that the addons are well optimized not to impact the browsers performance.
The only reason I’m sticking with Mozilla is because of NoScript*. Other than that, other browsers seem all the more attractive for every new Firefox release.
*There is no true NoScript alternative for any other browser.
hello,
do you know when firefox will be automaticaly updated to ver. 43 in Poland? now i have to open about to start update
I was holding out vague hope that whatever they did to cause hardware acceleration to stop working correctly with YouTube 60fps playback for me was going to be remedied by this update, but unfortunately for me it was not.
I updated Firefox on Linux Mint this morning and all the extensions that were disabled in Windows 7 Firefox 43.0 weren’t disabled in Linux Mint 43.0. ??? :/
Classic Theme Restorer did the trick!! https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/
Go to General UI > Old search (experimental) and you’re done!
you’re done, IF you have the privileges
Thank you!
What about iOS??!!!
Many people asked why “Mozilla plans to remove the preference”. I thinks it’s a good move because it prevents Firefox’s user.js to be changed and dangerous addon can install to Firefox. What do you think?
If you create/edit a user.js file, then that is your decision and prerogative, regardless of what preferences you wish to control/reset on a new firefox start. This is normal behaviour and has nothing to do with security. But if your user.js file is being modified without your knowledge, then you’re already not in control of your system and its too late. The enforcement of signed addons thru AMO is to ensure that Mozilla can run their tests on it in order to catch any malicious/dodgy addons. Its basically the same as Windows Apps must be submitted to the Windows Store, iOS apps to the Apple Store, android apps to Google Play, chrome extensions to the google webapp store and so on in order to be verified/signed/etc. Clearly if the preference to not enforce signatures is removed, then you can;t even change it in about:config – it has nothing to do with a user.js, which is merely one more mechanism provided by Firefox to control settings.
It looks like these preferences have been changed from version 42.0 to 43.0:
removed in 43.0:
network.http.use-cache
dom.ipc.plugins.enabled
browser.search.showOneOffButtons
browser.safebrowsing.appRepURL
browser.safebrowsing.gethashURL
browser.safebrowsing.malware.reportURL
browser.safebrowsing.updateURL
browser.trackingprotection.gethashURL
browser.trackingprotection.updateURL
pfs.datasource.url
added in 43.0:
browser.safebrowsing.provider.google.appRepURL
browser.safebrowsing.provider.google.gethashURL
browser.safebrowsing.provider.google.lists
browser.safebrowsing.provider.google.reportURL
browser.safebrowsing.provider.google.updateURL
browser.safebrowsing.provider.mozilla.gethashURL
browser.safebrowsing.provider.mozilla.updateURL
captivedetect.canonicalURL
loop.linkClicker.url
Thanks.
dom.ipc.plugins.enabled and network.http.use-cache – never seen them, never had them on any list .. maybe they’re quite old
————————————
DEPRECATED (confirmed)
// 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search]
// user_pref(“browser.search.showOneOffButtons”, false);
// 1803: (43+) remove plugin finder service – http://kb.mozillazine.org/Pfs.datasource.url
// as you can see mozilla are doing away with NAPI plugins [except flash/java/silverlight, i think thats all of them]
// user_pref(“pfs.datasource.url”, “”);
// 0309: (43+) disable sending plugin crash reports – keep FF quiet
// see https://developer.mozilla.org/en-US/Firefox/Releases/43
user_pref(“dom.ipc.plugins.flash.subprocess.crashreporter.enabled”, false);
// 0310: (43+) disable sending the URL of the website where a plugin crashed – privacy issue
// see https://developer.mozilla.org/en-US/Firefox/Releases/43
user_pref(“dom.ipc.plugins.reportCrashURL”, false);
The two dom.ipc* options I left uncommented as resetting them did not delete them – despite the information stated at https://developer.mozilla.org/en-US/Firefox/Releases/43 which says: “In preparation for future releases to switch over to multi-process content, NPAPI plugins can no longer be run in the same process as the page content. The preferences starting with dom.ipc.plugins are no longer used.” In other words, they may be legacy but they haven’t been removed yet.
————————————
NEW (may have been FF42)
-under section 0101
user_pref(“browser.usedOnWindows10.introURL”, “”);
-under section 0411 (these were in FF42 at a minimum, not sure when they were added)
user_pref(“browser.safebrowsing.reportMalwareMistakeURL”, “”);
user_pref(“browser.safebrowsing.reportPhishMistakeURL”, “”);
// 0411b: FF43+ new prefs for safebrowsing URLS (not sure if these replace the ones above)
user_pref(“browser.safebrowsing.provider.google.appRepURL”, “”);
user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.google.reportURL”, “”);
user_pref(“browser.safebrowsing.provider.google.updateURL”, “”);
user_pref(“browser.safebrowsing.provider.mozilla.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.mozilla.updateURL”, “”);
You can leave the *.lists – killing the URLs is more than enough futureproofing
// 0603a: https://wiki.mozilla.org/Necko/CaptivePortal (not sure what this will do but screw it)
user_pref(“captivedetect.canonicalURL”, “”);
(added under deprecated in anticipation of the next release)
// 3006: (44+?) disable signatures required on addon installs
// FF43 turned on signatures required, until F44 you can disable this to buy some time for any addons you need to replace etc
user_pref(“xpinstall.signatures.required”, false);
————————————
Might be time for me to release another ghacks user.js .. version 8 ( https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/ ). Also, I need to check if those six “old” URLs your listed are really deprecated
This new UI on searchbar sucks, don’t show all my search options (1920×1080) and I can’t easily set default search It is very study. I can not believe it. http://i.imgur.com/5tOVUf7.png
Agree. The list was good. The icons are stupid. Would love to hear if anyone finds a way to bring back the adult user interface.
I absolutely hate the new search interface.
What about different sites using the same icon, like English Wikipedia vs other languages ?
What about having to rechoose the search engine at each search because of the silly default search ?
How do you know which search is currently active ?
And most of all: do you have ANY reason to think that this wankers’ interface is something people wanted ? How could you imagine it would be a good idea to suppress the classic interface ? Do you realize that some people don’t have the privileges to install an addon like CTR to work around your idiotic new ways ?
Right now, the awesome bar (which you utterly broke with this “visit blah blah” link) is the only thing that’s keeping me to jump to Chrome.
Five extensions were disabled. Some that I don’t want to live without.
Firefox 43.0.1 has disabled 5 Kaspersky extensions, how do I fix this…? Can’t be done in about config…?
“Access to Web Storage (i.e. localStorage and sessionStorage) from third-party IFrames is now denied if the user has disabled third-party cookies”
Where is that new change documented in the release notes? I can’t seem to find it…
It is listed on the Developer updates page.
This sucks. browser.search.showOneOffButtons no longer works. When someone finds a way to bring back the USEFUL old style Search behavior I will be forever GRATEFUL. Thank you
Jeff said:
Another small thing, v.43.0 now ignores “browser.search.showOneOffButtons” setting. Set to true or false, they are shown regardless.
Yes I can verify that. – although I do not treat it as a small thing – unless I treat it as one more small thing determined to destroy my browsing habits.
I must try sometime to imagine myself as a new user who has never seen Firefox before and does not know the damage done to the mental health of long term Firefox users who have to jump around trying to find addons to get back their browser (as they see it) or learn to code their own – or worse still, despite the improvements over the years and the loyalty of its users drop it altogether. I can barely believe I typed that last sentence.
I used to look forward with excitement to a new Firefox release – now when the release day dawns it is filled with dread.
Hugh
How does a user know if the update installed the 64 bit version as there’s no prompt to do so ?
to my knowledge the 64bit version isn’t installed on its own, you have to download it yourself and install it.
“wonton December 15, 2015 at 10:07 pm #
the old search was removed you can bring it back though with CTR”
Im not seeing that in CTR maybe im just not looking for the right thing
WTF!
After updated to 43 version I see resetted my old search bar settings and 7 add-ons disabled:
– all kaspersky add-on
– zoom button (very useful), mega, redirect cleaner (useful) and user agent changer
I missed some wise advice\trick of this blog: how I can force to enabled them or stop this check?
Thanks
set xpinstall.signatures.required to false in about:config to enable unsigned addons, just like written in the article. at least that will give you six more weeks to use your addons and mozilla some time to sign those addons.
you could also download the esr release, that should give you even more time.
1′ OR ‘1’=’1
colorful tabs and cutebuttons only ones that hit me, about:config fixed them but will have to hold off on further updates I guess
“Mozilla plans to remove the preference in Firefox 44”
Why? WHY WHY WHY??
Why not leave it alone and let power users make their own choice?! It’s not like grandma and grandpa and other noob users go digging around in about.config.
Another small thing, v.43.0 now ignores “browser.search.showOneOffButtons” setting. Set to true or false, they are shown regardless.
the old search was removed you can bring it back though with CTR
Thanks for the tip returning to the old Search Bar with Classic Theme Restorer
I think they’re planning to eliminate the search bar completely in the upcoming versions. This is just another step in that direction.
https://www.ghacks.net/2015/04/10/firefox-may-get-a-unified-search-and-address-bar-soon/
The separate search and address boxes are THE #1 reason I use Firefox over Chrome or Safari. If they give that up and there’s not an easy way to turn it back on, I’ll switch without a second thought to something else.
Well, I really hate Chrome’s Omnibar….so, sure hope Firefox resists temptation to be Chrome’s sibling.
I really prefer FF discrete search bar with one-click. Just me….?
Also, just out of curiosity, I tried to disable the search bar completely, because I heard some other people do that, and they use keywords for every search provider. But the problem with this is that this way your search history won’t show up, which kinda sucks.
Will FF42x64 update to 43 via internal updater or x64 internal updater will start with FF43x64 as “Firefox 64-bit Stable is now officially available”.
FF43x64 arrived via internal updater shortly after I posted…Thanks
Great article as always,
Thank you
@not_black : There is no “migration”. You use your existing profile folder.
Does the x64 build perform better? Is it worth it installing it and migrating my stuff from the x86 build?
I can hardly take this Disconnect.me company seriously. They want to ‘disconnect’ me from Google/Facebook/Twitter yet their own extension has a ‘share on..’ the aforementioned websites feature. I’m not using this feature anyway, but Mozilla should allow users to use other lists or provide alternatives that are not from the same company.
It’s either Disconnect or Ghostery which isn’t even open source and admits to collecting your data. I don’t see any “share on…” options or buttons on Disconnect (only “Upgrade to Premium” on Opera version) and it’s the default search provider in Tor, they should know better than you. Do you work for Ghostery? :-)
Also, if you rely just on one blocking extension blame yourself. It comfortably works along with BluHell, NoScript, uBlock or what have you. ;-)
A quick image search shows a Share button right on Disconnect’s interface.
A quick look through Disconnect’s reviews on firefox’s extensions site should make anyone pause before using them.
Some quick tests, should confirm what the reviews are saying, about odd connections and all.
Co-opting their resources and poisoning any monetizable data by putting it on top of the anonymizing onion network is quite funny, forcing Disconnect to carry the burden for only its stated use- double win. Personally I don’t trust Disconnect in the clear (Ghostery is shite too, avoid it :-))
Not somebodies fault if they seek out an extension for their privacy, then later find it wasn’t enough but I don’t think your ridicule applies to Yuliya and he didn’t mention ghostery. Consider he’s just peeved about how shite this all is, as are you and I. We need to call out this bull for what it is.
Ex google and nsa employees, mozilla ‘partners’, deprecated security protocols, phoning home and telemetry shiftyness, unexplained adobe and amazon connections, disincentivising people to use real third party anti tracking or ad blocking by conveniently baking-in weaker protection (set to the lowest level at default), terrible reviews of their work revealing how sketchy it all is, lame feedback with no explanations from supposed security ‘experts’. Say no more.
any DDL?, it’s still didn’t show up for me, here it only show version 42 https://download.mozilla.org/?product=firefox-42.0-SSL&os=win&lang=en-US
Here you go: http://ftp.mozilla.org/pub/firefox/releases/43.0/
Thanks Martin.
Great article, simple and effective..
Thank you, Martin Brinkmann.
“Access to Web Storage (i.e. localStorage and sessionStorage) from third-party IFrames is now denied if the user has disabled third-party cookies” is an excellent modification.
I still don’t understand (even if I don’t wouldn’t use it since I run uBlockO) why the Tracking Protection is limited to Private Windows. Does this mean that the user needs to be surfing “privately” to take advantage of Disconnect.me filters?
Who cares? Mozilla is wasting resources with this feature. They should have partnered with one of the many excellent ad-blockers already available, like uBlock Origin.
They can’t. Tracking Protection is not blocking Advertisements.
That is correct. You can flip a switch to make it available in regular browsing though, but I have no idea if that is available in Stable already.
This switch I think it was: privacy.trackingprotection.enabled
I thought privacy.trackingprotection.enabled set to true enabled ‘Block reported attack sites’ and ‘Block reported web forgeries’ in Options/Security … I’ve just tested privacy.trackingprotection.enabled set to true and indeed it doesn’t modify ‘Block reported attack sites’ and ‘Block reported web forgeries’ settings.
Thanks, Martin. I rely so much on other protections than Firefox itself that I missed the changes …
Anyway, I had tested Disconnect.me filters within uBlockO (perhaps the strict protection list) and encountered then many problems on various sites. I’m not very fond of Disconnect.me, not sure their filters are pertinent and reliable, not sure as well why Mozilla opted for Disconnect.me. I may be wrong.