Firefox 114 updates security and improves DNS over HTTPS accessibility

Martin Brinkmann
Jun 6, 2023
Updated • Jun 6, 2023

Firefox 114.0 and Firefox 102.12.0 ESR are the June 2023 releases of Mozilla's Firefox web browser. Official release date is June 6, 2023.

The new version of Firefox is a security update, but it also introduces new nice-to-have features that improve search and the usability of the browser.

Firefox 114.0 and the ESR release are available for all supported platforms. The updates will be released later on June 6th, if you are reading this on the day.

All development channel versions of Firefox are updated at around the same time. Firefox Beta and Dev are moved to version 115, and Firefox Nightly is moved to version 116. Firefox for Android follows the stable version, it is updated to version 114 as well.

Executive Summary

  • Firefox 114 patches 4 security issues in Firefox, the aggregate severity rating is high, and Mozilla makes no mention of exploits in the wild.
  • Mozilla added the ability to change the order of extension icons.
  • Bookmarks and Local search improvements added.
  • Enabled native capture support on macOS devices.
  • A new Firefox ESR base will be released next month. It is based on Firefox 115, and will be the new base for Windows 7 and 8.1 users.

Firefox 114 download and update

Most Firefox installations will receive the new update automatically, thanks to the built-in updating functionality. The updating does not happen in realtime, and some users may want to speed it up by downloading Firefox manually or by running a manual check for updates.

Select Menu > Help > About Firefox to display the installed version. The popup that opens runs a check for updates. Any new version found is either downloaded automatically or on user request at this point.

Here are the official download locations:

Firefox 114.0 new features and improvements

Secure DNS (DNS over HTTPS) settings in UI

Firefox 114 makes it easier to configure DNS over HTTPS in the browser. Mozilla calls it secure DNS, and the new options are found under Settings > Privacy & Security > Enable secure DNS using.

There are four options right now that define whether DNS traffic will be encrypted or not when using the Firefox web browser:

  • Default Protection -- Firefox makes the decision using the following logic:
    • Use secure DNS if it is available in the region.
    • Use default DNS provider, if there are issues with the secure DNS provider.
    • Use a local provider, if possible.
    • Turn off secure DNS, if a VPN is used, parental controls are enabled, or Enterprise policies are active.
    • Turn off secure DNS "when a network tells Firefox it shouldn't use secure DNS".
  • Increased Protection -- gives the user control over the feature. The secure DNS provider is selected by the user, but Firefox will fall back to the regular DNS provider if there is a problem with the secure DNS provider.
  • Max Protection -- gives the user control, but won't fall back if issues are encountered. Warning is displayed if secure DNS is not available.
  • Off -- the feature is not enabled.

Search improvements

A new option to search bookmarks has been added to the Bookmarks menu. To access it, select Menu > Bookmarks > Search Bookmarks. This enables a bookmarks-exclusive search filter in the Firefox address bar.

Firefox supported this for a long time with the special character *. All it takes is to type * then Space, followed by the search term to search only in the browser's bookmarks.

Mozilla has also added an option to restrict searches to the local browsing history. This option is available in the History, Library and the Application menu.  Firefox users may use the special character ^ followed by the Space-key to limit searches in the browser's address bar to the browsing history.

Other changes and fixes

  • Video capturing on macOS devices supports all native resolutions in Firefox 114. Resolutions were limited to 1280x720 previously.
  • The list of extensions can now be reordered in the Extensions panel.
  • Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB.
  • Pocket Recommended content is now available in France, Italy and Spain.

Developer changes

  • CSSImportRule.supportsText can now be used for getting any supports() conditions that were specified when using the @import at-rule
  • The -webkit-text-security property that lets you replace characters with shapes is now supported.
  • The :lang() pseudo-class now uses string-matching semantics (including * wildcards) for matching language codes rather than prefix-matching semantics.
  • The infinity and NaN constants are now supported inside the calc() function
  • The crossorigin attribute is now supported on image and feImage elements
  • Window.print() now opens a print dialog on Firefox for Android, allowing the current document to be printed
  • Workers now support loading ECMAScript modules.
  • Worklets can now use import to statically import ECMAscript/JavaScript modules
  • The deprecated and non-standard mozImageSmoothingEnabled property is permanently removed
  • Support for browser_style in the manifest keys action, options_ui, page_action, and sidebar_action is deprecated for Manifest V3 extensions.
  • WebTransport is now enabled by default and will be going to release with 114

Enterprise changes

  • The WebsiteFilter policy allows setting the blocklist and Exceptions via JSON.
  • The Preferences policy allows setting security.osclientcerts.assume_rsa_pss_support to add RSA-PSS support.
  • The SecurityDevices policy supports deleting security devices now.
  • Firefox ESR 115 will be released next month. The remaining Firefox 102 ESR releases will only get security updates going forward.
  • Support for Windows 7 and 8.1 is ending on September 26, 2024. Firefox installations on these devices will be migrated to ESR automatically.
  • Support for macOS 10.12, 10.13 and 10.14 ends on September 26, 2024 as well. Firefox installations on these platforms will also be migrated to ESR automatically.

Security updates / fixes

Mozilla Firefox 114 fixes 4 security issues in Firefox:

  • CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
  • CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to data: urls
  • CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
  • CVE-2023-34417: Memory safety bugs fixed in Firefox 114

Additional information about the security fixes is available here.


Firefox 115 and Firefox 115 ESR will be released on June 4, 2023. Firefox installations on Windows 7 and 8/8.1 devices will be migrated to Firefox ESR automatically.

Firefox extension reviews and news


Recent Firefox news and tips

Additional information / resources

Article Name
Firefox 114 updates security and improves DNS over HTTPS accessibility
Firefox 114.0 and Firefox 102.12.0 ESR are the June 2023 releases of Mozilla's Firefox web browser. Here is what is new in Firefox 114.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. GrofLuigi said on June 9, 2023 at 9:37 pm

    How to remove the menuitem > History > Synced Tabs that appeared in this version? Preferably by userChrome.css…

    It is right in the place of my most used menuitem, History > Recently Closed Tabs and I hit it every time.

    1. GrofLuigi said on June 12, 2023 at 8:50 pm

      Found it myself

      menuitem[label=”Synced Tabs”] {display: none;}

  2. Anonymous said on June 8, 2023 at 1:17 pm

    I wrote something about now having since that 114 update several articles of the very right wing Figaro press delivered to my Firefox home page by Mozilla by default and not liking it, and for some reason Herr Brinkmann chose not to publish this comment, while publishing another of me that was written later on another subject.

    Maybe I should have complained instead about that home page displaying too by default article pictures with black lesbians kissing each other since that update, like I have read dozens of times unmoderated on ghacks, apparently that’s what we’re supposed to be angry against in order not to be censored here ?

    1. John G: said on June 8, 2023 at 10:42 pm

      Don’t think too much on it, we are few, there is no need to fight againts ourselves. Censored words are on heaven. For sure. Someday we will find them over the rainbow or ever beyond.

  3. Anonymous said on June 8, 2023 at 4:28 am

    About the DoH issue, this has been said again and again, and was common knowledge before the Cloudflare/MozCorp/… ad campaign happened to reverse the well known technical facts on that matter, but what this does is essentially reducing privacy by sending sensitive private data to some corporate partner of them in addition to this data essentially still being visible to the same actors as before, while transferring to that partner of them the controls of what will be censored. The main effect is therefore the opposite of the advertised one of being more “secure”.

    I like the analogy of having previously your money (private browsing data) safely at home (ISP that doesn’t need your DNS data to see even more of your browsing anyway), and now it will all be put in a very secure safe (https) in order to be transported to… an incinerator (Cloudflare now being able to read it too).

    “Turn off secure DNS “when a network tells Firefox it shouldn’t use secure DNS”.”

    Do you happen to know what that default policy means ? That if the censor you’re trying to bypass by changing your DNS tells Firefox that you should be censored, then Firefox will nicely comply and keep using the censor DNS.

    And don’t make yourself too many ideas about censorship evasion with Mozilla’s chosen partner DNS anyway. They first lied about refusing censorship from their chosen DNS partners to spin positively the massive user DNS hijacking by their company, before silently changing their mind, and finally not even requiring the used censorship list to be public.

    I remember that at times they didn’t even hide that they were having friendly discussions behind closed doors about all that DoH story with some of the worst mass surveillance agencies in the world like the GCHQ, and that of course we wouldn’t be privy of the consequences or reasons of those discussions, let alone the contents of course.

    1. tx said on June 10, 2023 at 8:58 pm

      trust me im a sneakyfox…

      at MozCorp:-
      Director of Trust and Security: CIA, worked for Bush and Obama.
      CTO: search “extended random”, worked with Salter to assist NSA in attempt to backdoor tls, made WebRTC and said you cant have a permission dialog for it, leads LetsEncrypt, eek.
      On board of directors: a connection to the disgraced RussiaGate hoax, the state-backed Alliance for Securing Democracy / Hamilton-68 disinfo shop.

      now recall all the shtick about deamplification, deplatforming, fact-checking, and that the browser promotes US sites and comes with its very own news silo like facebook to occupy passive receptors.

      reminder for the naive that dodgy actions coincide with dodgy actors.

  4. Gideon said on June 7, 2023 at 7:20 pm

    @John G.

    What choice option for firefox if have own dns server (ex. AdGuard Home or Pi-Hole) on raspberry pi 4? If you can then explain solution, what is best protection then?


    1. John G. said on June 8, 2023 at 7:51 am

      @Gideon, my experience with Pi-Hole is not high, however one former friend of mine had it for mostly an entire year until he changed to Cloudflare DNS + Ublock-origin, mainly because it’s an easier way to avoid false positives, to avoid issues with some websites and also to avoid a lot of blank spaces while browsing (he said me so, I don’t know more). Also other friend currently has the AdGuard DNS Personal (he pays near 20€ per year) and he is very happy with it.

      A lot of people say good things about Pi-Hole, however I think that it’s a waste of time. In the other hand, if you are using an alternative like the Adguard DNS and Firefox, you only need to set the new v114 level to any but “off”, because you won’t be switched to another DNS server without your knowledge. However if you prefer just to be sure you can set to “maximum” and then add the next line to the DNS over HTTPS section:

      Personally I use Cloudflare-malware DNS (configured at Windows settings / WiFi adapter level), because is less strict than Quad9 for certain sites LOL. However my father prefers Quad9-11 DNS because it’s the only one that is not subject to United States law. I didn’t know about it, however as it can be read at Wikipedia: “Quad9 is entirely subject to Swiss privacy law, and the Swiss government extends that protection of the law to Quad9’s users throughout the world, regardless of citizenship or country of residence.”. Just a must thing to consider!

  5. Kirk said on June 7, 2023 at 5:44 am

    I am still waiting for Tab Queue on Android. It was removed when Firefox switched to the new engine and hasn’t been added again since. Dunno if it will ever be added or not.

  6. John G. said on June 7, 2023 at 12:49 am

    If using Cloudflare secure-DNS just type at address bar and see:
    Connected to Yes
    Using DNS over HTTPS (DoH) Yes
    Using DNS over TLS (DoT) No
    Using DNS over WARP No
    AS Name Cloudflare
    With option “maximum” it’s like FF v113 and before.

  7. E said on June 6, 2023 at 7:07 pm

    In private window mode, on an new tab page, when I type in the search field (the one in the middle of the screen) the text instead goes into the URL bar, how the F do I stop it from going to the URL bar?

    Non-private window mode seems to work without issue…

  8. Anonymous said on June 6, 2023 at 5:00 pm

    What is recommended for DNS over HTTPS if I have Adguard DNS already set on the router level?

    1. giovanni said on June 7, 2023 at 8:19 am

      if you’re in europe I suggest you the european dns, details at
      (btw, it filters also ads at your will, no settings allowes though)

      1. Jörg Barth (Hamburg) said on June 8, 2023 at 8:09 pm

        You trust germaneuropean DNS?

        I would not. The new germaneuropean gov is not very interested in the german people. Some say we, the germans, are on a way to a new dictatorship. They say it would be a historically new form of “democratic” dictatorship. But you have to be german to understand it.

        The rights of german citizens are being restricted more and more. The people who censor call it hate. The word hate speech (formerly criticism) is very popular in germany and someone becomes a Nazi very quickly. facebook, twitter, instagram are heavily censored. Censors here are not state authorities but private companies. They get paid for it. Germany is the country of informers (in german Denunzianten).

        The right to demonstrate was severely restricted. Today I need a regional authority permit to hold a demonstration.

        Sad but true, German anti-Semitism has increased again. The government does nothing about it and watches. In Berlin, demonstrations against the Jews are allowed. The participants are exclusively Muslims. The police does nothing and watches.

        And I should switch on a German-European DNS? No. Anyway, i prefer american or suisse DNS. This way i get the information i want and trust. Tracking? I don´t care.

      2. John G. said on June 9, 2023 at 1:25 pm

        @Jörg Barth (Hamburg), so bad to hear about those things at your country. It seems that bad news are common these days in Europe.

      3. John G. said on June 7, 2023 at 2:27 pm

        @giovanni I don’t trust European’s DNS at all. Just remember Pegasus gate. Just remember all the foreign lobbys that live inside the own council and inside the Parliament. Corruption to the brimm. Do you remember Eva Kaili? Europe is hell, the waiter of Biden. Nothing here is trustable.

      4. John G. said on June 7, 2023 at 2:54 pm

        @giovanni, and indeed the organization of DNS0 is located at France, the same country that has the big King Macron, aka the best friend of Putin, that looks over the shoulder at Spain and Germany in energetic designs and long term gas projects, just to run to Russia everytime he can, overall after trimmed the pensions of his own population while increasing insecurity at the streets. At least I hope I expect that the DNS0 has been designed by the Renault’s engineers that are the only that made good car in Europe with the right level of emissions (not as German cars that no politicians wanted to study, there were no strawberries inside). Something should be something. Obviously if Eva Kaili had visited the headquarters we just should have start to run. Ironic LOL as expected, don’t blame the inner Krusty.

      5. Anonymous said on June 8, 2023 at 2:31 pm

        @John G.
        It saddens me that you blame the french head of state regarding privacy for allegedly being “the best friend of Putin”, as if this had anything to do with each other. Macron doesn’t need Russia for surveillance. However it’s true that being as you said USA’s ally has already many more actual consequences regarding surveillance of his nationals. Althought Macron doesn’t need USA either for surveillance, even if it helps.

        Let me also remind you that Macron is engaged in nothing less than a proxy war with Russia currently. Sending lots of expensive, modern and deadly weapons on a battlefield that are being used to kill Russian soldiers (and lots of soldiers and civilians of course too formerly or still of Ukraine citizenship). I have seen better “best friend” relationships in my life. Maybe change your news sources ?

        About the EU being a stinky corruption nest, obviously, that’s always central in how capitalist state institutions work, however it’s a pity that the example you gave with that Eva something greek social-democrat did not really make the news to denounce EU corruption but very hypocritically for very different reasons. The very few EU politicians who aren’t corrupt and are genuinely interested in fighting systemic corruption didn’t fall in that trap of making her a symbol of corruption, reminding that all the others who did were worse than her. So we shouldn’t fall in that trap either.

        There is a similar trap with your reference to the Pegasus story that made the news expansively as if it was not many years ago that it was not heavily disclosed already that much, much worse is happening on a massive scale. Therefore, it’s obviously not the surveillance they were angry about in that story. Again, the corporate press apparently denouncing something bad, but at the end the message being that the actually existing much worse does not even exist according to their implicit assumptions.

        Friendly advice again, change your news source, don’t trust the corporate press, especially when they’re on their high horses. Use a blank home page on your browser.

      6. John G. said on June 8, 2023 at 5:02 pm

        @Anonymous, if you ask me to choose between a DNS organization placed in France like and other placed in Swittzerland like Quad9, I will choose Quad9 one thousand times. Nowadays the European Union is only an €-Union, all for the money. They none care about the citizens, all 27 members are walking in 27 different ways everyone chasing for its part of the big money pie. The clever member of all the entire Union was the UK, that never was inside and in the practice isn’t still completely out. And about France I personally think that french people are good however their politicians are the worst trustable of the South European Union because they blocked and still block the high speed railway from Spain, the access to the spanish Renfe to the train market in France, the big project of gas and green hidrogen pipe lines from Spain to Germany, and also they consent the massive air traffic controllers strikes, also they blocked the sending of ammuniton to Ukraine, all the whole with millions and millions of derivated costs. So you ask me to trust in a Frech organization about DNS? Nope! As I said, the European Union is a joint of friends playing with our money. Nothing more. They don’t care about the people, they didn’t ever did.

      7. Anonymous said on June 10, 2023 at 7:34 pm

        “@Anonymous, if you ask me to choose between a DNS organization placed in France like and other placed in Swittzerland like Quad9,”

        You misunderstood my point. That game of choosing between jurisdictions may be relevant to evaluate the chances of, for example, the police taking data from the service provided by some organization. But Quad9 sorts of *belongs* to the police already: they wouldn’t even need to ask, forcefully take, or steal, it’s already theirs.

        Now, in case that would have been relevant for that question, I would have agreed with you about what the EU is, except that they are only replicating the capitalist dictatorship mechanisms that already exist since much longer in the member states. The states of Switzerland or UK are not more virtuous either than the EU, and their decisions to leave or not enter the EU had nothing to do with the interests of their peoples.

        You keep giving anecdotal examples taken from the mainstream press show to explain your distrust of your institutions, but as I have discussed before, they are much worse than that. In fact I have difficulty understanding a few of your examples, I don’t think that the problem with french politicians is that they love strikes too much or that they don’t send enough weapons abroad for their imperialist slaughters.

      8. Anonymous said on June 7, 2023 at 2:45 pm

        @John G
        When it comes to data protection, EU is still your best bet compared to US

      9. Karl said on June 7, 2023 at 10:52 pm


        The EU is on its way away from being the best bet, reason being the so called politicians that always want to do “good” but end up doing much more harm than they understand, because the knowledge among the majority (except a few) in the EU Parliament in topics that is about these questions are way to low to let them make laws about this when they don’t understand what the end result will be. All one has to do is read the following excellent blog post (which includes a great transcript from when Ylva Johansson visited and answered questions in a podcast at one of swedens biggest newspapers) there one can easily see that she don’t got a clue about how any of it works, she just throws out an answer to the questions based on how she thinks stuff work at the moment, but just ends up embarrasing herself, and by doing that she also help us see that politicians like this are not the right people to make this kind of laws that will impact other people.


      10. Anonymous said on June 8, 2023 at 3:36 pm

        “reason being the so called politicians that always want to do “good” but end up doing much more harm than they understand”

        Politicians are not ignorant or stupid, they are corrupt. They don’t want to do “good”. They understand perfectly in advance the very bad results of their laws, because that’s exactly the results they want to see.

        In the example you give, she seems to have said factually wrong things, about technical points, and also about her political motivations for surveillance. Most probably she simply lied purposefully. Or equivalently, she trusted her technical and political advisors for giving her the right lies to repeat publicly without having to understand them fully herself because of course she’s not an IT professional or even enthusiast and she can’t master the subtleties of all political problems either all by herself. But if the job of politician involved actually understanding everything in detail, then she would have agreed with the advisors that it was the right lies to repeat, because that’s what her political family considers the right thing to do. In her case, some social-democrat, it’s exactly their function under capitalism to disguise oppressive law making dictated by capitalists, as something for public good. Although for that specific case she just said exactly the same thing as the openly right-wing politicians, heard a thousand times before her, that she wants all communications scanned because it’s to fight children rapists.

        That case you give reminds me of that ridiculous show when the GAFAM leaders were publicly heard by US politicians in relation to their privacy crimes. A politician was asking to the poor little Google CEO victim who was sitting here if he could know if he was going to walk and meet some other politician there, using his mobile phone as a tracker (interesting example he chose by the way but that’s another issue). The Google CEO replied very humbly that this was an iPhone so he couldn’t answer that. The politician looked stupid, and Google looked like being investigated by stupid politicians, and that youtube video was laughed at by how many viewers. But that was only a show, that’s not the actual reason why the laws allow those businesses to spy unhindered, laws are too important to be written by stupid politicians (capitalists would never let that happen systematically), they know they are doing something wrong at that time.

      11. John G. said on June 7, 2023 at 5:48 pm


        “A Public Resolver user’s IP address (referred to as the client or source IP address) will not be stored in non-volatile storage. Cloudflare will anonymize source IP addresses via IP truncation methods (last octet for IPv4 and last 80 bits for IPv6). Cloudflare will delete the truncated IP address within 25 hours.”

        Just seen at Cloudflare website.
        The best data protection is saving nothing.

      12. Anonymous said on June 8, 2023 at 2:04 pm

        @John G.

        Officially Cloudflare stores truncated IP addresses for a day, as your wrote. While the Nextdns privacy policy, if written honestly (that’s a big “if” though), says they don’t save anything at all:

        That’s for the official part. Now big corporate servers especially in USA, and that would be considering their position very typically Cloudflare, have been well known publicly for more than a decade to store more than they pretend and have undisclosed but automated and comfortable direct access by the US police.

        Of course, it doesn’t mean that we shouldn’t punish those who facilitate this by officially collecting/storing more data than the others, by avoiding them.

      13. John G. said on June 7, 2023 at 2:23 pm

        @giovanni Cloudflare are better than dns0 in so many ways.

      14. giovanni said on June 7, 2023 at 8:51 pm

        @John G.
        I personally prefer or quad9 to cloudflare and I absolutely agree with you that there is nothing reliable! that’s said happy dns queries ;)

      15. Anonymous said on June 8, 2023 at 2:00 pm


        Quad9 is the DNS service of the Global Cyber Alliance (City of London police, Manhattan District Attorney’s Office…).

        It’s a DNS service provided to you by the US and UK police, so to speak. For your security ??
        (look for the small “Major sponsors” thing in the lower right corner, and wait for it to display them, or click the small arrows to accelerate the horizontal scrolling)

      16. giovanni said on June 7, 2023 at 9:04 am

        oops sorry, just realized my fingers provided an OT response….

    2. Karl said on June 6, 2023 at 7:33 pm

      I also have Adguard DNS set up in the router, and since I do not want any other DNS to “jump in” I will set this to OFF.

      1. John G. said on June 6, 2023 at 10:40 pm

        @Karl indeed the maximum protection that is to use always Secure-DNS says that “you will see a warning if we use your system DNS”, so it’s not always, isn’t it? This means that the whole main boss is the WiFi configuration (encrypted DNS with Cloudflare and so forth). In my opinion this new option of Firefox is not good at all, it’s very confusing and also very redundant with the other displayed options (everything seems mixed with no criteria).

    3. Dj said on June 6, 2023 at 5:44 pm

      I have mine set to Increased Protection. My understanding is Firefox will use the DNS server you select in Firefox but if that fails, then it will use the default resolver which would be the DNS server I have set in my router.

      1. John G. said on June 6, 2023 at 10:45 pm

        @Dj, I also thought in the same way, however it isn’t true. No fallback is required if router or Windows WiFi settings are configured with secure-DNS because it overrules the FF configuration.

    4. John G. said on June 6, 2023 at 5:38 pm

      Maximum protection. The other options are non trustable.

  9. Anonymous said on June 6, 2023 at 4:10 pm

    I am sorry that you feel sorry for us. by the way I’m not obssesed at all, it’s fun tweaking over and over, it keeps me young :-)

  10. John G. said on June 6, 2023 at 1:56 pm

    Long life to Spanish’s strawberries!

  11. John G. said on June 6, 2023 at 1:48 pm

    > “Firefox 114 makes it easier to configure DNS over HTTPS in the browser. Mozilla calls it secure DNS, and the new options are found under Settings > Privacy & Security > Enable secure DNS using.”

    Let’s see the new ideas from the chief illuminati aka blessed 666 engineer:

    * Default Protection — Firefox makes the decision using the following logic:
    Use secure DNS if it is available in the region.
    Use default DNS provider, if there are issues with the secure DNS provider.
    Use a local provider, if possible.
    Turn off secure DNS, if a VPN is used, parental controls are enabled, or Enterprise policies are active.
    Turn off secure DNS “when a network tells Firefox it shouldn’t use secure DNS”.

    > The default protection is useless as hell. If you trust their protection you are dump.

    * Increased Protection — gives the user control over the feature. The secure DNS provider is selected by the user, but Firefox will fall back to the regular DNS provider if there is a problem with the secure DNS provider. > what it means “problems” to fall back… LOL

    > Then, more likely the Firefox browser will fall back when its balls are full, more or less.

    * Max Protection — gives the user control, but won’t fall back if issues are encountered. Warning is displayed if secure DNS is not available. >>>> that’s the good one, the real good one.

    * Off — the feature is not enabled. > the basic one, useless for nothing, however it works..

    So to get the same level of protected than before versions you should apply the *max protection, because the direction of secureness is always to forward, >>> definitely the good one.

    1. Haakon said on June 6, 2023 at 9:30 pm

      “Max Protection — gives the user control, but won’t fall back if issues are encountered. Warning is displayed if secure DNS is not available. >>>> that’s the good one, the real good one.”

      This would be what network.trr.mode 3 is. But no warning. Until now with 114.

      That’s what I’ve had it set for so long (years), the default being 2, if I recall correctly. Using Cloudflare, there’s never been an issue.

      It’ll be interesting to see what the default network.trr.whatever prefs look like in 114 vs 113 and before and what the range of the pref options are for 114.

      1. John G. said on June 6, 2023 at 10:34 pm

        @Haakon, the only option now, that is the same as v113, is the “max protection”. No need to fall back because mainly all DNS are configured at Windows WiFi settings, so there is no option to fall back. The other options will give issues because no fall back have effects at all.

      2. Haakon said on June 8, 2023 at 11:30 pm

        @John G
        Your word salad is obtuse. WiFi? How about, um… Ethernet?? The networking Physical layer has nothing to do with this.

        The “that is the same as v113” (and since v62) are the network.trr.mode pref settings wherein the savvy Firefox user could edit in about:config with values of 0 to 5.

        The v114 DNS over HTTPS in about:preferences#privacy provides the improved accessibility as a new front end for network.trr.mode that is the core of Martin’s posting here and seen in screenshotted above.

        The Default Protection, Increased Protection, Max Protection and Off settings will set network.trr.mode to 0, 2, 3 or 5 respectively. (I don’t know, or care, if settings 1 and 4 are still valid.) The setting 3 would present a blank screen upon failure but now in v114, a failure alert which at this point in time seems to be completely undocumented.

        As an FYI to the community: If you persisted in maintaining a network.trr.bootstrapAddress pref (no longer mandatory since v74), you’ll need to delete it now. And if you populated network.trr.custom_uri and .uri, you might as well blank ’em. Remember when there were like, six network.trr settings? Sigh.

        I won’t revisit this discussion. Cheers.

      3. John G. said on June 9, 2023 at 1:22 pm

        @Hakoon, goodbye.

    2. Anonymous said on June 6, 2023 at 2:01 pm

      As Iron Heart passionately argues, Chrome with perfect total security doesn’t have any of the hassles of Firefox.
      I feel sorry for people who are obsessed with using stupid browsers that have to be tweaked one way or another.
      Everything is comfortable and fun with Chrome!

      1. Sajadi said on June 10, 2023 at 2:54 am

        That is actually partly true, grab pure Chromium from one of the Github-repositories/Websites where you can grab the “Ungoogled versions” or pure versions” – install a handful of add-ons and you have an instant solution out of the box.

        Or.. in case that you need some features, use either Vivaldi-Chromium, Edge-Chromium or Brave-Chromium

        Additionally you can also simply install Pale Moon and one of the mentioned flavors of pure or modified Chromium and call it a day.

      2. tx said on June 10, 2023 at 9:25 pm

        further to this, UC doesnt even need installing.

        Virtualbox + live linux iso + an iso which has UngoogledC and some addons unpacked. Click a script which starts it with the addons, boom. No permanent cache, contained in memory, no virtual hard disk needed, no OS install needed, disappears when you switch of the VM, startup takes seconds.

        logged the traffic from console and with wireshark, its silent. Tested with firefox and that starts some crazy party on your network calling home, google, usa topsites, sponsors, mozilla telemetry servers, cnn, amazon, studies backdoor, yikes.

        made a vpn-downloader-browsing-and-coding disk for a friend using this. Now using it myself. It would be simple enough i suppose to script encrypted bookmarks (un 7z with pass when clicking the browser launcher, add a script which re-archives and encrypts when done).

      3. VioletMoon said on June 6, 2023 at 4:18 pm

        @Anonymous–Sounds like you are calling out IronHeart for an argument–a few punches in the comments. Pathetic!

        @John G.–Users of PortMaster, a nifty firewall, may need to turn off “DNS over HTTPS” in Firefox since the program is already routing traffic through secure DNS. Likewise, if one is using DNSCrypt in some form.

        Whatever the reason, routing traffic in such a way can make Firefox slow to a crawl.

  12. Karl said on June 6, 2023 at 12:35 pm

    Will wait 1 or 2 days before updating so no terrible surprises shows up.

    Very good and well written article as always, Martin! But found a little typo, just a kind FYI, below should be Max Protection and not ‘Mac’ Protection. Then the text is the same as what is shown in the screenshot above it.

    “Mac Protection — gives the user control, but won’t fall back if issues are encountered. Warning is displayed if secure DNS is not available.”

    1. Martin Brinkmann said on June 6, 2023 at 1:06 pm

      Thank you!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.