Firefox 26 bumps up security by letting users screen plug-ins

Summary:The latest release of the Firefox web browser boosts browser security and stability by blocking Java software component plug-ins from loading by default.

The latest version of the Firefox web browser is available, introducing new features that improve security and performance.

Firefox 26 will be available to download from the Firefox web page later today and is already available via Mozilla's FTP server.

Security

In an attempt to improve both security and stability, Java plug-in software components will not load by default. 

Sections of a site that require a Java plug-in will need user approval before loading. Approval is given by clicking the part of the page where the plug-in is embedded or an icon in the browser address bar.

By blocking Java plug-ins, Mozilla hopes to reduce the risk of users being attacked via exploits of vulnerabilities in plug-in code or of plug-in software causing instabilities in the browser. Mozilla will continue to use the Beta version of Firefox to test a Click to Play feature that would block a wider range of software plug-ins by default.

Users can disable or enable plug-ins via a menu available by typing "about:addons" in the address bar. 

The Mozilla Maintenance Service will also now be able to update Firefox when the user does not have system administrator rights, specifically permission to write to the directory Firefox is installed in.

In another boost to security, Firefox Password Manager now supports script-generated password fields.

Mozilla has also improved support for web page Content Security Policy, which limits which third parties can run scripts, apply CSS styles and load other content on that page. The browser now supports multiple policies.

Features and performance

Firefox 26 allows H.264 encoded video to be played on a Linux system if the appropriate GStreamer plug-ins are installed and adds support for MP3 audio decoding on Windows XP.

Page loading times should be improved by the browser no longer decoding images that aren't visible and standalone JPEG images will use EXIF information to display their correct orientation.

Developer changes

The release continues to implement support for EcmaScript 6, introducing compliant syntax for Generators (yield) and a new mathematical method, Math.fround(), which returns the nearest single precision float representation of a number.

The release also makes changes to various CSS and HTML properties and additional features and fixes to the browser's APIs.

Firefox Inspector is also now remotely accessible over a network.

A full list of developer changes can be found here.

Further reading

Topics: Enterprise Software, Web development

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.