Pages

February 5, 2014

Firefox 27: Find out what is new



Firefox 27
A new stable version of the Firefox web browser will be released by Mozilla in the coming 24 hour period. Firefox 27 brings Firefox one step closer to the Australis theme which will be launched as part of Firefox 29 if things go as planned (it is moved to the Aurora channel right now).

Adventurous users can download the newest stable version of Firefox from Mozilla's FTP server or a third-party download site as they are usually offered there prior to the official release announcement and availability on Mozilla's website or via Firefox's automatic update feature.
It is usually not recommended to update early, as last minute changes can make another build the final one. Usually though, that does not happen.
You can check for new versions manually with a click on the Firefox button, and the selection of Help > About Firefox.

Downloads will later be posted here on the Mozilla website. Note that you may get a net-installer by default. Check out this guide that explains how to download full Firefox versions from Mozilla.

Firefox 27 What’s New

Firefox 27 is one of those builds that do not change a lot in regards to features. It does introduce a couple of interesting features or feature updates though, as you will see in our analysis.

Support for TLS 1.2 and TLS 1.2 enabled by default


security-tls-protocol-1.2-firefox

Firefox 27 supports TLS (that is Transport Layer Security) 1.2 now. TLS is more or less the successor of SSL, and version 1.2 is the most recent cryptographic protocol that Firefox supports.

I have reviewed the change in detail here, but want to go over the most important bits of information again.

To establish a secure connection, browser and server need to agree on a protocol that they both support. Up until now, that meant to see if TSL 1.0 is supported, and if it is, it would be used. If not, browser and server would fallback to SSL v3 instead.
With TLS 1.2 support in Firefox stable, TLS 1.2 is now used if supported by the server, and only if it is not supported, TLS 1.1, TLS 1.0 and SSL v3 are checked and the first one that is supported is used to secure the connection.
The two preferences that handle this are:
  • security.tls.version.min
  • security.tls.version.max
Min is set to 0 by default, while max to 3. Here is a short list of what the values mean:
  • 0 refers to SSL 3
  • 1 refers to TSL 1.0
  • 2 refers to TLS 1.1
  • 3 refers to TLS 1.2
You can change the minimum requirements (or maximum but that is not suggested) so that TLS is always used. This may mean however that connections to some servers, those that only support SSL 3 but not TLS, cannot be established anymore.
SocialAPI supports multiple providers
firefox social api providers
Firefox's SocialAPI enables webmasters to offer services that make use of it in the browser. The prime example here is Facebook's Messenger for Firefox which was one of the first to make use of it.
The messenger application added notifications and chat to Firefox in the form of buttons and a sidebar that could easily be displayed and be hidden again when not needed.
Up until now, only one social provider could be active at the same time in the browser. Firefox 27 changes this as you can now receive notifications and other information from multiple social providers.
The feature is only supported by a few providers including Facebook, msnNOW, Cliqz and Mixi.
Social features are not enabled by default, and come only into play once at least one social provider has been added to the browser.
Up until now, you had to switch providers manually whenever you wanted them to provide you with their functionality.
Update: New social partners announced today, including Delicious and Saavn. More information about those here.

Mozilla added support for Google's SPDY networking protocol to Firefox 11. The main goal of the protocol is to reduce web page load latency and improve security at the same time.
Servers that you connect to need to support SPDY for this to work though, with many major sites such as Twitter, Facebook, WordPress.com or the majority of Google properties supporting it in varying degrees.
SPDY 3.1 is only supported by some servers, Google's servers support it for instance, while many others do not support it yet. This will change over time though.
You can find out if a particular service supports SPDY, and if so which versions of the protocol, by loading Spdycheck in your browser.
Developer changes
  • JavaScript can be "unminified" in the debugger panel using the {} button.
  • The Inspector supports the editing of HTML elements now.
  • Allow-popups directive for iframe sandbox implemented.
  • Reflow logging now supported.
  • Background-urls and colors have a preview in Inspector.
  • The Debugger can break on DOM events.
  • Lots of CSS, HTML, JavaScript and Interface/API/DOM changes

Firefox 27 for Android

The mobile version of Firefox for Android and the desktop version share most of the improvements. There are however a couple of features that are exclusive to Firefox's Android version.
  • New languages added to Android multi-locale builds (Slovenian, Lithuanian, South African English and Thai).
  • Favicon caching improved.
  • Overscrolling on web content removed, now highlights on Android.
  • Default font set to Clear Sans.
Security updates / fixes
The security updates are only made available after the official release. We will add those once they become available.
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Additional information / sources
 Source: http://www.ghacks.net/2014/02/04/firefox-27-find-new/



Summary: The new version adds support for the Firefox SocialAPI, improves TLS support and makes many other improvements.
Mozilla has released Firefox version 27.
As detailed in the release notes, the major new feature is support for the Firefox SocialAPI. Mozilla describes the SocialAPI as "a new API to make it easier for web browsers to integrate with social media services. Once a social service provider is implemented for Firefox, it becomes possible for the browser to display in-chrome user controls and information related to that service."
Three SocialAPI plugins are available today: Facebook Messenger for FirefoxCliqz, and Mixi (Japan only). In the screen grab below of Facebook messenger for Firefox, you can see how the Facebook Messenger pane stays up and running while the main browser window is on another site.


Facebook.Messanger.Firefox.SocialAPI
Another take on SocialAPI is expressed in the release notes: "You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services." There are plugins, web sites and apps that attempt to consolidate social networking systems for the client; now SocialAPI puts it into the browser.
The new version turns on TLS (Transport Layer Security, the successor to SSL) versions 1.1 and 1.2 by default. Like many browsers, Firefox has supported these standards for a while, but has not turned them on by default because of potential problems they might cause with web sites which don't support modern standards. By now, the level of support and the security benefit are such that it makes sense to turn the feature on.

Even viewing this setting is inconvenient and unobvious. There is no UI in the Settings dialog for TLS support levels. Users must go to about:config and look for the securty.tls.version.min and securty.tls.version.max values. The min value lists the oldest standard Firefox will support and max the newest one. 0 is SSL 3.0 (the last version before TLS), 1 is TLS 1.0, 2 is TLS 1.1, etc. The new values are min=0 and max=3; in Firefox 26 max=1.

Firefox 27 adds support for the SPDY 3.1 protocol. According to the documentation, SPDY "...adds a framing layer for multiplexing multiple, concurrent streams across a single TCP connection (or any reliable transport stream)." The standard is designed so as to require little or no change in web application development.

The new version also adds numerous developer features described in the release notes.
Finally, Firefox 27 also fixes 15 security vulnerabilities, five of them critical.

Source: http://www.zdnet.com/firefox-27-faster-more-secure-and-more-social-7000025963/