Jul 152012
 

A look ahead to Firefox 14 which is due to be released this week (from Tuesday July 17th). Unlike some recent versions, Firefox 14 includes a variety of changes and improvements:

The Awesome Bar now auto-completes typed URLs – Previously, when you typed a term into the address/location bar (aka the Awesome Bar) the autocomplete function would include possible matches from your browsing history, bookmarked sites and open tabs.

However, a lot of people still type URLs directly into the address bar e.g. cnn.com Firefox 14 adds previously typed URLs to the mix – it will autocomplete URLs when you start typing them in the address bar which makes it seem quicker and easier to enter often-typed URLs.

[Tech note: the relevant about:config preference of browser.urlbar.autoFill is now set to True by default, previously False]

Example – assuming that you had previously typed cnn.com into the address bar to visit it: In Firefox 13 and earlier, when you next type cnn into the address bar the following matches are displayed – you still have to select one of them with the mouse or Tab key then hit Enter:

firefox141

In Firefox 14, when you next type cnn into the address bar, the cnn.com address is auto-completed so you can just hit Enter to visit the site:

firefox142

Google searches now utilize HTTPS

When you search using the location bar, search box, or the right-click menu, your search will be sent to Google through a secure (HTTPS) connection instead of the standard HTTP site.

You shouldn’t notice a difference in how you search, but your Google search suggestions and search results will be presented through a secure web site – the URL in the address bar will be https://google.com

This is a security and privacy feature. Previously, search terms could be transmitted to sites you visited when you clicked on items in the search results.

Enabling HTTPS search helps Google strip this information from the HTTP referrer string, protecting your privacy i.e. Google know your search term but the sites you visit from the search results don’t.

Plugins can now be configured to only load on click (requires an about:config change)

This feature is not enabled by default – it is known as ‘click to play’.

Click to play is a concept already used in Chrome and Opera – known vulnerable plugins (e.g. Flash Player) are not loaded automatically when you visit a website that wants to make use of that plugin.

Instead of automatically playing the content (e.g. a Youtube video), the plugin requires you to activate it – in place of the video a button is displayed as shown below:

firefox145

You must click the button to allow the page to make use of the plugin and play the content.

The benefits of this approach are twofold:

  • Security – known vulnerable plugins shouldn’t be allowed to run without user interaction. Out of date plugins are the most common source of user compromise by malware/hackers.
  • Performance – plugins consume significant resources i.e. slow down page loading. Giving users better control over when and how plugins run could significantly reduce CPU utilization.

Firefox 14 adds Phase 1 of click to play functionality and is optional – you need to change about:config to turn on click to play.

Activating Click To Play

If you want to enable it:

  • Open Firefox and type about:config in the address bar and press Enter. Click the “I’ll be careful I Promise” warning button to reveal a long list of preferences used in Firefox.
  • Scroll down to (or search for) the preference named “plugins.click_to_play” – the Value is ‘false’ i.e. disabled by default.
  • Double click it to change the Value to ‘true’. Close the about:config tab – click to play is now enabled.
  • If you wish to revert back, follow the same process – double clicking it again will turn it back to ‘false’

Customizing Click To Play

You can also whitelist/blacklist a website i.e. always/never activate plugins for a specific site:

  • Click the blue plugin block next to the Site Identity button in the address bar as shown below:
firefox146

Plugin activation and drop down site-specific permissions

  • Choosing ‘Activate Plugins’ is the same as clicking the activate button discussed earlier.
  • Selecting the drop down menu lets you choose to always/never activate plugins for this site e.g. you could whitelist (‘always’) content from Youtube (very unlikely to be malicious) but require button activation for unknown websites which may include risky content.

To perform a similar function as click to play, you could use the QuickJava or NoScript add-0ns which I have reviewed before.

Full screen support for Mac OS X 10.7 Lion implemented

Adds support for Lion’s new full screen mode.

Changes in Firefox 14

Improved site identity manager, to prevent spoofing of an SSL connection with favicons

This is one of the most noticeable changes. The Site Identity button used to contain a website’s favicon picture – to the left of the website name in the address bar.

Now site favicons will no longer appear there – the new Site Identity button will contain one the following generic icons:

  • Grey globe  – regular sites
  • Grey padlock icon – https sites
  • Green padlock icon – extended validation sites
  • Grey exclamation mark within a triangle – mixed encrypted/unencrypted content

As an example, look at the Youtube website picture above. Youtube’s famous red favicon no longer appears – just a grey globe, because it is a standard site.

Full details and pictures of each new Site Identity button are available at Mozilla’s blog here. Note that favicons will still appear as part of each tab’s title and in bookmarks – they are only disappearing from the address bar.

Technical (under the hood) Updates in Firefox 14

  • DEVELOPER – Pointer Lock API implemented. This API is useful for applications that require significant mouse input to control movements e.g. viewing maps, games
  • DEVELOPER – New API to prevent your display from sleeping. On phones it would prevent the phone from turning off, and on desktops it would prevent the screensaver from appearing
  • DEVELOPER – New text-transform and font-variant CSS improvements for Turkic languages and Greek
  • FIXED – Various security fixes
  • FIXED – GIF animation can get stuck when src and image size are changed
  • FIXED – OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup
  • FIXED – CSS: hover regression when an element’s class name is set by Javascript

Conclusion

There are a lot of changes in Firefox 14. Auto-complete of URLs will be useful for many and HTTPS Google searches offer improved security and privacy.

Click to play is optional for the moment – expect it to become enabled by default in Firefox 15 or later. Advanced users may prefer to leave it disabled and use an add-on for more powerful features.

Of the user interface changes, the new Site Identity button will no doubt annoy some who prefer a colorful favicon but it does offer better security and protection against spoofing which could mislead an unwary user to believe that a fake site was a genuine one.

As usual, this new version of Firefox will be available to users from July 17th over several days (to avoid overloading Mozilla’s servers) – so don’t worry if you check for updates (via Firefox Menu \ Help \ About Firefox \ Check For Updates) on the day and find there are none available for you yet, just try again a day or two later.

 Leave a Reply

(required)

(required but will NOT be published)