Mozilla this week updated Firefox to version 93, which now blocks downloads over insecure connections, improves the browser’s anti-tracking prowess and introduces Firefox Suggest, the newest way the company will try to earn revenue.
The organization’s security engineers also patched seven vulnerabilities, four marked “High,” Firefox’s second-most-serious label. The majority of those vulnerabilities were in the “memory safety bugs” bucket, a category that covers a wide swath of memory corruption and memory leak flaws.
Firefox 93 can be downloaded for Windows, macOS, and Linux from Mozilla’s site. Because Firefox updates in the background, most users need only launch (or relaunch) the browser to install the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page or pop-up shows that the browser is already up to date or displays the upgrade process.
Mozilla last upgraded Firefox four weeks ago, on Sept. 7.
Iffy downloads blocked
Starting with Firefox 93, the browser will block, at least temporarily, any download attempts over an insecure connection — one using the now-outdated HTTP protocol — even if those downloads are requested from a page secured with HTTPS. (Downloads are often transmitted from different servers or Internet locations than the page where they’re listed.)
When Firefox recognizes an insecure download starting, it will pause the data transmission and put a message on the screen to alert the user, who can continue the download or delete the file, partial though it might be.
Firefox is playing catch-up here, as Google’s Chrome has had similar protections in place since early 2020, when the browser began automatically blocking the most dangerous file types attempting to download over insecure connections. That blocking was staged over several Chrome versions, but was finalized this year. And unlike Firefox’s new feature, Chrome’s does not allow a user the option to continue such downloads, a safer, if less convenient, approach.
Crippled pages restored by SmartBlock
Firefox 93 also features an enhanced SmartBlock, the tracker-blocking-page-fixing technology that debuted in March (with Firefox 87). Pegged as SmartBlock 3.0, the revision improved support for replacing Google Analytics scripts, Mozilla said, and added support for other bits, including Amazon TAM (Transparent Ad Marketplace).
Because SmartBlock replaces page components that have been identified as trackers with “local, privacy-preserving alternatives” so that the page continues to function — page breakage is the most common side effect of blocking trackers — the more potential or actual blockers it supports, the less likelihood that the page won’t load or operate correctly.
SmartBlock 3.0, like its predecessor, is enabled when the user opens a Private Browsing window or has set Enhanced Tracking Protection to the Strict level.
Mozilla also closed a loophole that some sites exploited to conspire with trackers to avoid privacy protections Firefox established in version 87 that trimmed referring URLs so revealing information couldn’t be sent to the destination site. According to Mozilla, the loophole “remains a major privacy issue.”
Mozilla’s on another money-making expedition
Firefox 93 also debuted a feature Mozilla labeled as “Firefox Suggest,” which was enabled “for a limited number of users in the U.S. only,” according to the company.
Firefox Suggest adds additional links to the suggestions provided by search engines when the user starts typing in the browser’s address bar. Although many of the suggestion categories are standard stuff — gleaned from bookmarks and open tabs, for instance — others will raise eyebrows, including contextual suggestions provided, at least in part, by Mozilla partners. (The partners, so far, include Wikipedia and an outfit called adMarketplace.) Some of those suggestions — Mozilla didn’t say what percentage exactly, or even generally — will be “sponsored,” in that clicking on them will generate money for Mozilla.
(Mozilla’s revenue is derived almost entirely from contracts it makes with search engine makers, notably Google, which pay Mozilla for putting their engine as the Firefox default. For years the company has struggled to diversify how it generates revenue, typically unsuccessfully.)
It’s unclear how much revenue Mozilla will make from these suggestions or what criteria Mozilla and/or the adMarketplace partner will use to select a sponsored suggestion. (Some additional information on Firefox Suggest is available here.) Users can, however, disable the sponsored suggestions, as well as the entire contextual suggestion category, from the Settings pane.
The next version, Firefox 94, will be released Nov 2.