A new stable version of the Firefox web browser will be released by
Mozilla in the coming 24 hour period. Firefox 27 brings Firefox one step
closer to the Australis theme which will be launched as part of Firefox
29 if things go as planned (it is moved to the Aurora channel right
now).
Adventurous users can download the newest stable version of Firefox
from Mozilla's FTP server or a third-party download site as they are
usually offered there prior to the official release announcement and
availability on Mozilla's website or via Firefox's automatic update
feature.
It is usually not recommended to update early, as last minute changes
can make another build the final one. Usually though, that does not
happen.
You can check for new versions manually with a click on the Firefox button, and the selection of Help > About Firefox.
Firefox 27 is one of those builds that do not change a lot in regards
to features. It does introduce a couple of interesting features or
feature updates though, as you will see in our analysis.
Support for TLS 1.2 and TLS 1.2 enabled by default
Firefox 27 supports TLS (that is Transport Layer Security) 1.2 now.
TLS is more or less the successor of SSL, and version 1.2 is the most
recent cryptographic protocol that Firefox supports.
I have reviewed the change in detail here, but want to go over the most important bits of information again.
To establish a secure connection, browser and server need to agree on
a protocol that they both support. Up until now, that meant to see if
TSL 1.0 is supported, and if it is, it would be used. If not, browser
and server would fallback to SSL v3 instead.
With TLS 1.2 support in Firefox stable, TLS 1.2 is now used if
supported by the server, and only if it is not supported, TLS 1.1, TLS
1.0 and SSL v3 are checked and the first one that is supported is used
to secure the connection.
The two preferences that handle this are:
security.tls.version.min
security.tls.version.max
Min is set to 0 by default, while max to 3. Here is a short list of what the values mean:
0 refers to SSL 3
1 refers to TSL 1.0
2 refers to TLS 1.1
3 refers to TLS 1.2
You can change the minimum requirements (or maximum but that is not
suggested) so that TLS is always used. This may mean however that
connections to some servers, those that only support SSL 3 but not TLS,
cannot be established anymore. SocialAPI supports multiple providers
Firefox's SocialAPI enables webmasters to offer services that make use of it in the browser. The prime example here is Facebook's Messenger for Firefox which was one of the first to make use of it.
The messenger application added notifications and chat to Firefox in
the form of buttons and a sidebar that could easily be displayed and be
hidden again when not needed.
Up until now, only one social provider could be active at the same
time in the browser. Firefox 27 changes this as you can now receive
notifications and other information from multiple social providers.
The feature is only supported by a few providers including Facebook, msnNOW, Cliqz and Mixi.
Social features are not enabled by default, and come only into play
once at least one social provider has been added to the browser.
Up until now, you had to switch providers manually whenever you wanted them to provide you with their functionality. Update: New social partners announced today, including Delicious and Saavn. More information about those here.
Mozilla added support for Google's SPDY networking protocol to
Firefox 11. The main goal of the protocol is to reduce web page load
latency and improve security at the same time.
Servers that you connect to need to support SPDY for this to work
though, with many major sites such as Twitter, Facebook, WordPress.com
or the majority of Google properties supporting it in varying degrees.
SPDY 3.1 is only supported by some servers, Google's servers support
it for instance, while many others do not support it yet. This will
change over time though.
You can find out if a particular service supports SPDY, and if so which versions of the protocol, by loading Spdycheck in your browser. Developer changes
JavaScript can be "unminified" in the debugger panel using the {} button.
The Inspector supports the editing of HTML elements now.
Allow-popups directive for iframe sandbox implemented.
Reflow logging now supported.
Background-urls and colors have a preview in Inspector.
The mobile version of Firefox for Android and the desktop version
share most of the improvements. There are however a couple of features
that are exclusive to Firefox's Android version.
New languages added to Android multi-locale builds (Slovenian, Lithuanian, South African English and Thai).
Overscrolling on web content removed, now highlights on Android.
Default font set to Clear Sans.
Security updates / fixes
The security updates are only made available after the official release. We will add those once they become available. MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects MFSA 2014-12 NSS ticket handling issues MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) Additional information / sources
Mozilla has released Firefox version 27.
As detailed in the release notes, the major new feature is support for the Firefox SocialAPI.
Mozilla describes the SocialAPI as "a new API to make it easier for web
browsers to integrate with social media services. Once a social service
provider is implemented for Firefox, it becomes possible for the
browser to display in-chrome user controls and information related to
that service."
Three SocialAPI plugins are available today: Facebook Messenger for Firefox, Cliqz, and Mixi (Japan only).
In the screen grab below of Facebook messenger for Firefox, you can see
how the Facebook Messenger pane stays up and running while the main
browser window is on another site.
Another take on SocialAPI is expressed in the release notes: "You can
now run more than one service at a time with Firefox SocialAPI,
allowing you to receive notifications, chat and more from multiple
integrated services." There are plugins, web sites and apps that attempt
to consolidate social networking systems for the client; now SocialAPI
puts it into the browser.
The new version turns on TLS (Transport Layer Security, the successor
to SSL) versions 1.1 and 1.2 by default. Like many browsers, Firefox
has supported these standards for a while, but has not turned them on by
default because of potential problems they might cause with web sites
which don't support modern standards. By now, the level of support and
the security benefit are such that it makes sense to turn the feature
on.
Even viewing this setting is inconvenient and unobvious. There is no
UI in the Settings dialog for TLS support levels. Users must go to
about:config and look for the securty.tls.version.min and
securty.tls.version.max values. The min value lists the oldest standard
Firefox will support and max the newest one. 0 is SSL 3.0 (the last
version before TLS), 1 is TLS 1.0, 2 is TLS 1.1, etc. The new values are
min=0 and max=3; in Firefox 26 max=1.
Firefox 27 adds support for the SPDY 3.1 protocol.
According to the documentation, SPDY "...adds a framing layer for
multiplexing multiple, concurrent streams across a single TCP connection
(or any reliable transport stream)." The standard is designed so as to
require little or no change in web application development.
The new version also adds numerous developer features described in the release notes.
Finally, Firefox 27 also fixes 15 security vulnerabilities, five of them critical.
