Mozilla released Firefox 63 for Windows, macOS and Linux, boosting its anti-ad tracking defense by offering an option that blocks cookies from third-party trackers.
Engineers also patched 14 vulnerabilities in Firefox. Just two of them were marked “Critical,” Mozilla’s highest threat ranking; three others were tagged “High,” the next rank down.
Firefox 63, which can be downloaded here, updates in the background, so most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” The resulting page shows that the browser is either up to date or details the updating process.
Mozilla updates Firefox every six to eight weeks; the last time it upgraded the browser, to version 62, was Sept. 5, or just shy of seven weeks ago.
Enhanced Tracking Protection
Firefox 63 upped anti-tracking, dubbing the improved defense a component of “Enhanced Tracking Protection,” a new name for a Mozilla effort pursued over several iterations of the browser.
An older label – “Tracking Protection” – was given to the feature in Firefox 57, last year’s huge overhaul named “Quantum,” which let users block tracking cookies in all sessions, not just the private browsing mode in which Tracking Protection debuted in 2015.
Tracking Protection did what its title implied: It blocked a range of content, not just advertisements but also in-page trackers that sites or ad networks implant to follow users around the Web. The problem, though, is that when Tracking Protection was switched on, it broke things. “The reality is that Firefox’s original Tracking Protection functionality can cause websites to break, which confuses users,” said Peter Dolanjski, project lead for Firefox, in an Oct. 23 post.
Enhanced Tracking Protection is much the same: It blocks tracking cookies and the access to in-browser those cookies need to operate, blocking most common cross-site tracking. But it does so in less draconian fashion. “The feature more surgically targets the problem of cross-site tracking without the breakage and wide-scale ad blocking which occurred with our initial Tracking Protection implementation,” contended Dolanjski.
According to Mozilla, the Enhanced feature should break or disrupt fewer sites. And for those it does, there’s a way for the user to back away from the blocking. “You might see some odd behavior on websites, so if something doesn’t look or work right, you can always disable the protection on a per-site basis by clicking on the Shield icon in the address bar, and then clicking ‘Disable Blocking For This Site,'” wrote Nick Nguyen, the firm’s vice president of product strategy, in a post to a company blog.
Enhanced Tracking Protection is off by default in Firefox 63. To switch it on, users must select Options (Windows) or Preferences (macOS) from the menu under the three horizontal bars at the upper right. Click “Privacy & Security” in the sidebar at the left, then check the box marked “Third-Party Cookies” under the phrase “Choose what to block.” The radio button marked “Trackers (recommended) should be pre-selected. If not, select it.
Previously, Mozilla had said that anti-tracking would be in place and on for everyone by Firefox 65, currently scheduled to ship Jan. 29, 2019. That still seems to be the plan. “We’ll continue to test this feature and hope to release it by default early 2019,” said Nguyen.
Firefox 63’s other prominent addition is to search with something Mozilla named “Search shortcuts,” which appear on the browser’s new tab page.
A pair of icons, one marked “Google” the other “Amazon,” shift the cursor to Firefox’s address bar (Mozilla refers to that as the “Awesome bar” at times) with the long-available @google or @amazon search keyword already in place. Anything typed in the address bar after the keyword then becomes the search string on the designated site.
The advantage? The user need not wait for the google.com or amazon.com page to load before searching.
Not everyone with Firefox 63 will see the shortcuts immediately. (Computerworld staffers using Firefox, for example, were sans the search icons in their browsers’ new tab pages.) As it often does, Mozilla is enabling the feature in stages.
The Amazon shortcut is also a money maker for Mozilla, as purchases made by users via such searches will generate revenue to the developer through the e-seller’s affiliate program. “In the spirit of full transparency … we anticipate that some of these search queries may fall under the agreements with Google and Amazon, and bring business value to the company,” said Maria Popova, senior product manager for Firefox, in an Oct. 17 post. “Not only are users benefiting from a new utility, they are also helping Mozilla’s financial sustainability.”
The next edition, Firefox 64, should reach users Dec. 11, according to the browser’s release calendar.
Last month’s upgrade to Firefox – Mozilla issued version 62 on Sept. 5 – featured relatively few changes or enhancements. Among the new: An expansion to four rows of sites available on the new tab page, and an automatic sandboxing of the AutoConfig file for enterprise use. (AutoConfig can be used by IT administrators to lock settings that cannot be accessed by group policies in Windows or the policies.json file in macOS and Linux.)
When Firefox 62 debuted, Mozilla reminded users that it intended to drop support for all Symantec-issued SSL (Secure Socket Layer) certificates with the next upgrade, this week’s Firefox 63. Instead, Mozilla balked at the move.
On Oct. 10, it declared it would delay the “distrust” of the certificates, citing a too-large number of websites that had yet to switch to different certificate supplier. “We believe that delaying the release of this change until later this year when more sites have replaced their Symantec TLS certificates is in the overall best interest of our users,” wrote Wayne Thayer, Mozilla’s Certificate Authority program manager, in a blog post.
The Symantec distrust will now take effect with Firefox 64 in December, Thayer added.