Mozilla released version 37 of its Firefox browser to the stable channel. The company updates its browser on a six weeks schedule, just like Google.
The new version seems to be mainly about new security improvements and fixes, which comes at an ideal time, considering Firefox didn't do so well in the Pwn2Own browser security competition. Although Firefox finished among the last at Pwn2Own, Mozilla updated the browser quite quickly afterwards with the fixes for the vulnerabilities found by the security researchers attending the contest.
One of the bigger security features added to Firefox 37 is "opportunistic encryption" for servers and sites that support "HTTP/2 AltSvc." This allows Firefox to encrypt the traffic without having to authenticate it. This is better than no encryption at all, but still worse than authenticated encryption.
Unlike authenticated encryption (HTTPS), opportunistic encryption doesn't protect against active "man-in-the-middle" attacks. It only protects against passive (dragnet) surveillance (which is still of major benefit to most users).
Mozilla also added the OneCRL list of revoked certificates in Firefox 37, which is a feature similar to Chrome's CRLset. If a security incident requires the revocation of a certificate, then Mozilla can update its browser to disallow the forged certificate from being used.
The new Firefox also supports encrypted Bing search. While Google adopted HTTPS by default for its search engine years ago, Microsoft added optional encryption for Bing only last year, although recently the company made it mandatory, as well. Now, all Bing searches will be encrypted by default.
Mozilla also made some changes to the way the TLS encryption works in its browser:
Disabled insecure TLS version fallback for site securityExtended SSL error reporting for reporting non-certificate errorsTLS False Start optimization now requires a cipher suite using AEAD constructionImproved certificate and TLS communication security by removing support for DSA
Other features in Firefox 37 include Mozilla making Yandex the default search engine for Turkey, as well as adding its new Heartbeat feedback system into the browser. The Heartbeat system will randomly show some users a widget asking for a rating. Mozilla will then try to either improve or nurture the relationship with its users, depending on the ratings they give.