Firefox 23, the newest version of the Web browser released Tuesday, has an updated look for its well-known fox logo and adds new features, including one that will help protect users from what's known as "man-in-the-middle attacks" and from eavesdroppers on Web pages labeled as secure.
If you've purchased anything online, for example, you know to make sure a Web page starts out with "https" instead of "http" before plunking your money down. The "s" means that the Web page is secure and encrypted. But sometimes https pages include content on them that is not secure. From now on, if you've hit upon such a page, Firefox will block what is known as "mixed content" by default. It's something that Internet Explorer and Chrome does as well.
"For example, an attacker could replace an image served over HTTP with an inappropriate image or a misleading message to the user," writes Tanvi Vyas of Firefox's security engineering team. "However, the attacker would not have the ability to affect the rest of the webpage, only the section of the page where the image is loaded. An attacker could infer information about the user’s browsing activities by watching which images are served to the user."
Vyas goes on to explain:
The browser security community has divided mixed content into two categories: Mixed Active Content (like scripts) and Mixed Passive Content (like images). Mixed Active Content is considered more dangerous than Mixed Passive Content because the former can alter the behavior of an HTTPS page and potentially steal sensitive data from users.
Mixed Active Content will be blocked by default, but Firefox will allow Mixed Passive Content on https pages, he said.
Users can choose to "disable protection" and override the blocking on a Web page-by-Web page basis.
With Firefox 23, which you can learn more about and download here, you'll know whether you've hit upon such a "mixed content" page when you see this:
The revamped Firefox logo, which includes a brighter tail and features on the firefox, wasn't just because Mozilla, the nonprofit organization behind the Web browser, had nothing better to do. With more and more users doing their Web browsing from smartphones and tablets, Mozilla wants to make sure its logo is more easily visible on smaller screens.
"Unlike previous versions, the updated logo was created specifically with mobile in mind," writes John Slater of Mozilla's Creative Team on this blog. "Although we think it looks great at any size, it’s been optimized to be crisper and cleaner on small screens and lower resolution devices."