Mozilla has released Firefox 37.0. This update includes security fixes for four critical, two high, five moderate and one low impact vulnerability.
Among the new and changed features that enhance security are improved protection against site impersonation, opportunistic encryption of HTTP data (for instances where legacy content disallows migration to HTTPS), disabled insecure TLS version fallback, improved certificate and TLS communication security by removing support for DSA, and (for developers) a new Security Panel included in Network Panel.
One new feature that could improve Firefox usability in the long run is Heartbeat, a system for collecting feedback from the user population.
“Our existing feedback channels are biased to some degree. We have no way of talking to a true representative sample of our existing user base,” Mozilla noted, and believes that Heartbeat will allow them to better direct Firefox’ development and reduce unexpected repair releases and user frustration.
Luckily, for those who are easily annoyed by similar interruptions, Heartbeat can be disabled (open about:config, set browser.selfsupport.url to “”).