The much awaited feature has been released in Mozilla Firefox 23.0. stable version. Yes, there is a logo change! Took me half an hour, but here is the comparison of the new 2013+ logo of Firefox 23, with the old 2009-2013 logo from Firefox 22. The new logo is slightly smaller in size and with less glow.
Jokes apart, there is a quite a hullabaloo in blogosphere about the ‘social sharing’ button in Firefox 23.0. Ho Hum! Mozilla have added a share button to the toolbar which provides the ability to share interesting content with friends and family in Facebook and Cliqz. Heck, we are going to be inundated with lolcats! You can read more about it (the share button, not lolcats) at the Mozilla blog here.
:-P
There are various bug fixes and improvements in Firefox 23.0, and if you are interested, you can browse them at http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
But to me, the most important and interesting feature is the blocking of mixed content by default in Firefox 23.0 stable. Mixed content, in simple terms, is use of insecure content (scripts, images, etc.) over HTTP by a secure HTTPS page.
Confused? Let me try to confuse you a little more. We are given to believe that a webpage or URI starting with HTTPS is *secure*. That’s why we are asked to ensure HTTPS in address by banks and credit card companies during online transactions. If you remember, even Twitter (2011) and Facebook (2013) made much noise about going HTTPS or *secure*.
The problem is even such secure HTTPS pages can serve or load insecure content like scripts or images. As of today, images are considered passive mixed content and not as dangerous as scripts, which are active mixed content. Now Firefox 23+ will block those active mixed content by default.
Here is a snapshot of Firefox 23.0. stable passing out on such a test-page.
Here is a snapshot of Firefox 17.0.7. ESR (portable) failing the same test, and a script capturing the username and password.
BTW WoodGrove Bank is a fictional site put up by Microsoft to test mixed content leak. The URI is https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm
So why is Microsoft putting up a page for showcasing Firefox? Actually they had put up the page to showcase security features in IE10+. Yeah! that is right. Both IE and Google Chrome already have mixed content blocking enabled - and Firefox just caught up with them.
As for Firefox 23 for Android, it just refuses to install on my Gingerbread 2.3.6 phone - throws up a download error code 497, just like its earlier versions.
Of late, looks like the fire in the fox is just smouldering, but not burning bright.
Jokes apart, there is a quite a hullabaloo in blogosphere about the ‘social sharing’ button in Firefox 23.0. Ho Hum! Mozilla have added a share button to the toolbar which provides the ability to share interesting content with friends and family in Facebook and Cliqz. Heck, we are going to be inundated with lolcats! You can read more about it (the share button, not lolcats) at the Mozilla blog here.
:-P
There are various bug fixes and improvements in Firefox 23.0, and if you are interested, you can browse them at http://www.mozilla.org/en-US/firefox/23.0/releasenotes/
But to me, the most important and interesting feature is the blocking of mixed content by default in Firefox 23.0 stable. Mixed content, in simple terms, is use of insecure content (scripts, images, etc.) over HTTP by a secure HTTPS page.
Confused? Let me try to confuse you a little more. We are given to believe that a webpage or URI starting with HTTPS is *secure*. That’s why we are asked to ensure HTTPS in address by banks and credit card companies during online transactions. If you remember, even Twitter (2011) and Facebook (2013) made much noise about going HTTPS or *secure*.
The problem is even such secure HTTPS pages can serve or load insecure content like scripts or images. As of today, images are considered passive mixed content and not as dangerous as scripts, which are active mixed content. Now Firefox 23+ will block those active mixed content by default.
Here is a snapshot of Firefox 23.0. stable passing out on such a test-page.
Here is a snapshot of Firefox 17.0.7. ESR (portable) failing the same test, and a script capturing the username and password.
BTW WoodGrove Bank is a fictional site put up by Microsoft to test mixed content leak. The URI is https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm
So why is Microsoft putting up a page for showcasing Firefox? Actually they had put up the page to showcase security features in IE10+. Yeah! that is right. Both IE and Google Chrome already have mixed content blocking enabled - and Firefox just caught up with them.
As for Firefox 23 for Android, it just refuses to install on my Gingerbread 2.3.6 phone - throws up a download error code 497, just like its earlier versions.
Of late, looks like the fire in the fox is just smouldering, but not burning bright.
Good write up. Thanks for the heads up.
ReplyDeleteWB. 10X
ReplyDeleteThere are reasons why Internet Explorer internet users switch to Mozilla Firefox internet browser. It is believed that Mozilla Firefox has that 'otaku'. Find out more about here. search bar firefox 57 addon
ReplyDeleteNice sharing information. Get to know about new in Firefox 23. Visit mozilla support firefox for more information.
ReplyDeleteThanks for sharing such useful information which enhanced my technical knowledge. For any technical issues using Firefox browser you can avail immediate help from certified experts at Firefox customer support phone number and uproot all your tech issues.
ReplyDelete