Mozilla released version 37 of its Firefox browser to the stable channel. The company updates its browser on a six weeks schedule, just like Google.
The new version seems to be mainly about new security improvements and fixes, which comes at an ideal time, considering Firefox didn't do so well in the Pwn2Own browser security competition. Although Firefox finished among the last at Pwn2Own, Mozilla updated the browser quite quickly afterwards with the fixes for the vulnerabilities found by the security researchers attending the contest.
One of the bigger security features added to Firefox 37 is "opportunistic encryption" for servers and sites that support "HTTP/2 AltSvc." This allows Firefox to encrypt the traffic without having to authenticate it. This is better than no encryption at all, but still worse than authenticated encryption.
Unlike authenticated encryption (HTTPS), opportunistic encryption doesn't protect against active "man-in-the-middle" attacks. It only protects against passive (dragnet) surveillance (which is still of major benefit to most users).
Mozilla also added the OneCRL list of revoked certificates in Firefox 37, which is a feature similar to Chrome's CRLset. If a security incident requires the revocation of a certificate, then Mozilla can update its browser to disallow the forged certificate from being used.
The new Firefox also supports encrypted Bing search. While Google adopted HTTPS by default for its search engine years ago, Microsoft added optional encryption for Bing only last year, although recently the company made it mandatory, as well. Now, all Bing searches will be encrypted by default.
Mozilla also made some changes to the way the TLS encryption works in its browser:
Disabled insecure TLS version fallback for site securityExtended SSL error reporting for reporting non-certificate errorsTLS False Start optimization now requires a cipher suite using AEAD constructionImproved certificate and TLS communication security by removing support for DSA
Other features in Firefox 37 include Mozilla making Yandex the default search engine for Turkey, as well as adding its new Heartbeat feedback system into the browser. The Heartbeat system will randomly show some users a widget asking for a rating. Mozilla will then try to either improve or nurture the relationship with its users, depending on the ratings they give.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nvidia forces GeForce Now gamers on free tier to watch ads while waiting to play
Sabrent's rocket-fast Rocket 5 SSDs are available for pre-order, starting at $190
Arm-powered Snapdragon X Elite laptop shown outperforming Intel Core Ultra by up to 10X in AI tests — Qualcomm fires early NPU shots at Intel
Updating firefox isn't worth the constant ui revamps.Reply
Few things have changed since the landing of Australis, so no idea what you complain about.Reply
I'm still using the previous esr.Reply
Few things have changed since the landing of Australis, so no idea what you complain about.First, the change to the keyworkd.url behavior was terrible; I remedied by the extension keyword search. Australis is nearly bad enough to made me switch browsers. The revamp of the search was the final straw. It was completely broken for one of the versions of firefox too, both on my desktop and my friend's computer. I've since switched to pale moon (old UI on LTS firefox) and chrome. Not planning on returning to stock firefox anytime soon.
Will this fix update flash? since only html5 videos play after 36.0.1 updateReply
Not present in the article: HTML5 playback of youtube videos now support more resolutions (before only 360p and 720p)Reply
When they changed the search bar to include all sorts of search engines it pissed me off. Its fine to have to manually set one desktop to google only (and turn off bing, yahoo, and the other garbage) but when you have to do an entire household at random it becomes annoying.Reply
Almost switched to Chrome but remembered how rubbish Chrome is too.
Updating firefox isn't worth the constant ui revamps.Comments like yours aren't worth reading. There are not 'constant revamps', there are constant minor tweaks since version 20.
I'm still using the previous esr.
You should switch to Palemoon if that's the case.
Wow, article about web encryption yet I get an error on https://tomshardware.com:Reply
www.tomshardware.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.akamaihd.net, *.akamaihd-staging.net, a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net
(Error code: ssl_error_bad_cert_domain)