New Certificate Verification Library in Firefox 31

I just learned that Firefox 31 contains a new Certificate Verification Library.

If you are running into certificate errors with Firefox 31 that were not happening before, it is important that you report them as soon as possible.

It’s also important that you test your infrastructure as soon as possible.

More information about this change can be found in this blog post and this Wiki article.

More information about testing can be found in this Wiki article.

If you run into problems you can change the preference security.use_mozillapkix_verification to false and this will turn off the new verification.

This is not recommended, though, because the old code will be removed in Firefox 33, so we need to make sure we get any problems worked out.

Plugins Click-To-Play by Default in Firefox 31 ESR

In my previous post about the Firefox 31 ESR, I missed one other big change; most plugins will be click-to-play by default. You can read more about things in this blog post, but the gist is that click-to-play will be the default for plugins except for Flash and plug-ins that have been accepted onto the whitelist. You can view the current whitelist here.

If you have a plugin that you use within your organization and you need to make sure is enabled, you have a few choices.

  1. Change the plugin.default.state preference back to 2 so that the default is not click-to-play.
  2. Add a preference specific to your plugin that makes it enabled by default. The format is plugin.state.FILENAME where FILENAME is the filename of the plugin, lowercased with no extension and trailing numbers removed. So for instance, on Windows, the preference for Adobe Acrobat is plugin.state.nppdf and should be set to 2. The preference name will be different for different operating systems.
  3. Use the CCK2 to enable your plugin for a specific domain.
  4. Use the Click-to-Play Manager extension to enable your plugin for a specific domain.

The Next Firefox ESR (31) is Almost Here

Firefox 30 will be released tomorrow (June 10, 2014). That means the Firefox 31 ESR is only six weeks away (July 22, 2014). There will 12 weeks of overlap where both the Firefox 24 ESR and the Firefox 31 ESR are supported to allow for qualification. Support for the Firefox 24 ESR will official end with the release of Firefox 33 on October 14, 2014.

So what should you expect in the Firefox 31 ESR?

The biggest change is Australis. It’s a completely revamped UI for Firefox. Besides changing the overall look and feel of Firefox, it also removed the add-on bar, as well as the ability to put the browser tabs on the bottom. Because of these changes, I will be deprecating my ancient add-on that tries to make things look more like Firefox 3.6. If you really want to make Firefox look like it was before Australis, you can use the Classic Theme Restorer add-on.

The Firefox 31 ESR also contains a completely rewritten version of Sync that uses Firefox Accounts. The current plan is to retire sync as soon as Firefox 31 comes out, so if you are using the old Sync in your organization, you should have your users migrate as soon as possible.

Another big change in the Firefox 31 ESR is the removal of Configurable security policies. These were actually removed in Firefox 29 by bug 913734. It was determined that the inability to link local files from web pages had a major impact on enterprises, so it was added back in bug 995943 (thanks Bobby Holley), but all other policies including clipboard access have been removed. I am working on an extension that will restore the clipboard policy, and I will probably add this to the CCK2 as well. If you need additional security policies, please comment on this post and I will investigate adding them.

If you’re interested in finding out about other changes in the Firefox 31 ESR, you can read the end user release notes for the various releases (24.0, 25.0, 26.0, 27.0, 28.0, 29.0, 30.0). You can also read the developer notes for versions 25 through 31 for more detailed information.

If you’re using CCK2, the latest version CCK2 already contains support for Australis. If you’re not using it, you should be. It’s the easiest way to customize Firefox for your organization.