Firefox 43: Find out what is new

TechExpert

Firefox 43's official release data is December 15, 2015. This overview provides you with information about new features, updates, and changes in the new version of the web browser for the desktop and Android.

All Firefox channels are updated on the day. This means that Firefox Beta, Developer Edition and Nightly versions of the browser are updated as well.

To be precise, Firefox Beta is updated to 44, Firefox Developer Edition to 45, Firefox Nightly to 46, and Firefox ESR to 38.5.

The information provided by this article covers only the Firefox Stable update and no other version.

Executive Summary

  • Add-on signing is enforced in Firefox 43, but it can be disabled with a configuration switch in this version.
  • Firefox 64-bit Stable is now officially available.
  • A second block list that is stricter has been added to the browser's tracking protection feature.

Firefox 43 download and update

mozilla firefox 43

Mozilla Firefox 43 will be made available via the browser's automatic update mechanism. You can run a manual check for updates at any time by tapping on the Alt-key on your keyboard, and selecting Help > About from the menu at the top.

The browser queries a Mozilla server when you do and will download the update or prompt you to do so depending on how you have configured the browser.

New Firefox releases are available directly from Mozilla as well. There you find stub installers (which require an Internet connection during installation), and full offline installers which don't.

  1. Firefox Stable download
  2. Firefox Beta download
  3. Firefox Developer download
  4. Nightly download
  5. Firefox ESR download

Firefox 43 Changes

Add-on signing enforcement

firefox addon signing

Firefox 43 is the first version of the browser that enforces add-on signing. The browser will block the installation of add-ons that are not signed.

Mozilla planned to launch the feature with Firefox 40 initially but postponed it to Firefox 43 instead. Please note that this will affect already installed add-ons as well.

Firefox 43 ships with an override to install unsigned add-ons in the browser.

  1. Load about:config in the browser's address bar.
  2. Confirm you will be careful if the prompt appears.
  3. Search for xpinstall.signatures.required.
  4. Double-click the preference to set it to false.

Mozilla plans to remove the preference in Firefox 44.

The idea is to eliminate the majority of malicious or invasive add-ons by requiring them to be signed so that they can be installed in Firefox.

Add-on signing has been criticized as ineffective.

Search Suggestions in address bar opt-in prompt

awesome bar opt-in

When you run a search in Firefox 43 for the first time after upgrading to the version you may receive a search suggestions prompt in the address bar.

It asks you if you want to enable search suggestions in the browser and links to a resource page with additional information.

If you accept, everything that you type -- with the exception of hostnames and urls -- is sent to the default search engine which then returns a list of suggestions based on that text.

Search Suggestions are disabled in private browsing mode automatically. You can edit the preference directly in Firefox as well:

  1. Load about:preferences#search in the browser's address bar.
  2. Check, or uncheck, the "show search suggestions in location bar results.

Second Block List for Tracking Protection

tracking protection blocklist

A second blocklist has been added to the browser's Tracking Protection feature. The feature blocks trackers and scripts automatically when you connect to sites, and works similar to adblockers in this regard.

The focus is on blocking user tracking however and not disabling all advertisement or other annoyances on the Internet.

You can check and enable the second list in the following way:

  1. Load about:preferences#privacy in the browser's address bar.
  2. Click on the "Change Block List" button under the tracking header.
  3. Select one of the available lists there.

You are probably wondering how they differ:

  • Disconnect.me basic protection: blocks trackers but has been designed for maximum compatibility so that websites you visit function properly.
  • Disconnect.me strict protection: blocks more trackers but may impact the functionality of some sites.

Other changes

  • Firefox Stable 64-bit is now officially available. It only supports Flash and Silverlight as plugins.
  • WebRTC streaming on multiple monitors.
  • GTK3 integration (GNU/Linux only).
  • On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater.
  • Improved Big5 support for Hong Kong supplementary characters on Windows XP.

Developer Changes

  • Access to Web Storage (i.e. localStorage and sessionStorage) from third-party IFrames is now denied if the user has disabled third-party cookies
  • Display Server-side messages in the console.
  • Improved API support for m4v video playback.
  • Network entries in the console link to the network monitor.
  • Overriding CSS declarations have a magnifying glass next to them. A click on it shows only the rules that set the same property which makes it easy to see which rule is overriding the declaration.
  • Server logging in the web console.
  • Use in Console in Inspector.
  • WebIDE has a sidebar UI now.

Firefox for Android

Only features unique to the Android version of Firefox are listed here.

  • Accessibility improvements (TalkBack, BrailleBack)
  • Firefox for Android displays audio indicators in the tab list.
  • Reading List panel supports marking the read state of items.
  • Toolbar menu updated to match "latest Android UI designs".
  • Cloud printing support using the Android print service.
  • URL is included when text is shared from web pages.

Security updates / fixes

Security updates are disclosed after the official release. We update the article as soon as they become available.

MFSA 2015-149 Cross-site reading attack through data and view-source URIs
MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-145 Underflow through code inspection
MFSA 2015-144 Buffer overflows found through code inspection
MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
MFSA 2015-142 DOS due to malformed frames in HTTP/2
MFSA 2015-141 Hash in data URI is incorrectly parsed
MFSA 2015-140 Cross-origin information leak through web workers error events
MFSA 2015-139 Integer overflow allocating extremely large textures
MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-137 Firefox allows for control characters to be set in cookies
MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

Firefox 43.0.1

Mozilla has released Firefox 43.0.1 on December 18, 2015 days after the organization released Firefox 43. The release notes reveal no information about the new release but bug 1079858 indicates that this is about Sha2 patches.

release channel:
* 43.0 (no sha2 patch) -> 43.0.1 (sha2 patch 1) -> 43.0.1 (sha2 patch 2)
* when we need watershed rule: 43.0.1 is starting tomorrow

Additional information / sources