By Gregg Keizer
Mozilla this week upgraded Firefox to version 83, adding an “HTTPS-Only Mode” that tries to connect to all websites through the more secure HTTPS protocol and, after failing to do so, warning users of with a can’t-miss-it, in-your-face alert.
Company engineers also patched 21 vulnerabilities, four marked “High,” Firefox’s second-most-serious label. Firefox 83 did not include fixes for any bugs marked “Critical.”
Firefox 83 can be downloaded for Windows, macOS and Linux from Mozilla’s site. Because Firefox updates in the background, most users need only relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page shows that the browser is either up to date or displays the refresh process.
Mozilla upgrades Firefox every four weeks, with the last refresh reaching users on Oct. 20.
Easily the most promoted of Firefox 83’s new features, the HTTPS-Only Mode promises to keep the browser’s users more secure, especially when they’re relying on public connections to the Internet that themselves have not been encrypted.
“It is time to let our users choose to always use HTTPS,” wrote Christoph Kerschbaumer, Julian Gaibler, Arthur Edelstein and Thyla van der Merwe, four members of Mozilla’s security group, in a Tuesday post to the company’s security blog. “That’s why we have created HTTPS-Only Mode, which ensures that Firefox doesn’t make any insecure connections without your permission.”
When enabled — the mode is off by default — HTTPS-Only attempts to connect to every site using HTTPS rather than the unencrypted HTTP protocol. For example, Firefox will automatically switch to HTTPS when the user clicks a link that includes http:// or when the user types http:// in the address bar.
If the destination site doesn’t support HTTPS, Firefox displays a full-page warning that asks the users whether or not they want to continue and connect using HTTP.
This warning appears when HTTPS-Only Mode is enabled and Firefox 83 is aimed at a site that doesn’t encrypt traffic. Users can decline to continue or move on, knowing the risks.
(In some ways, HTTPS-Only Mode is similar to the HTTPS Everywhere extension — a joint effort by the Electronic Frontier Foundation (EFF) and the Tor Project — although it lacks the add-on’s ability to add user-written rules that teach it to support sites.)
Other changes of note included new keyboard shortcuts for fast forwarding and rewinding video displayed in Firefox’s picture-in-a-picture sub-screen, and new options in the search panel (the box that opens after starting to type a search string into the Firefox address bar). Icons at the bottom of the panel representing several search engines — from Bing and DuckDuckGo to Wikipedia and eBay — as well as other standing in for bookmarks, open tabs and browser history can be selected so that the search takes place within that engine or category.
Also as of this version, Firefox can be run under macOS 11, aka “Big Sur,” on the new MacBook Air, MacBook Pro and Mac Mini personal computers powered by Apple’s ARM-based M1 system-on-a-chip (SoC) silicon. Firefox 83 and later, Mozilla said, support Rosetta 2, the Intel-to-ARM translator included with Big Sur. A natively-compiled version of Firefox for Apple Silicon, Mozilla added, will come “in a future release.”
The next browser, Firefox 84, will be released Dec. 15.
Copyright © 2020 IDG Communications, Inc.