Firefox 4 Beta Offers Faster Graphics and New Audio Capabilities for the Web
The latest update to Firefox 4 Beta brings faster graphics leveraging hardware acceleration and new audio capabilities to the Web with visualization of audio data within the browser.
Firefox 4 Beta introduces a new audio API to expose the raw audio data housed within the video and audio elements in HTML5. With this new API, developers can read and write raw audio data within the browser, presenting audio information in completely new ways that could allow, for example, for people to visually experience a speech or a song through Firefox.
Firefox 4 Beta also takes advantage of the built-in graphics hardware in Windows computers with DirectX 10 to improve graphics performance. On supported hardware, Firefox will use Direct2D by default to speed up the display of content on graphically intensive websites, giving more power to the Web. The result is web pages that use advanced, animated graphical effects to be a lot faster and more responsive.
HTTP Strict Transport Security (HSTS) is also a new security protocol in Firefox 4 Beta that allows websites to insist that Firefox always use secured connections. Firefox 4 Beta now remembers what sites use the HSTS protocol and will only connect to those sites using SSL (Secure Sockets Layer) in the future, helping to prevent "man in the middle" attacks.
Over an HTTPS connection, the server provides the Strict-Transport-Security header indicating it wants to be an HSTS host. The header's presence indicates the server's desire to be an HSTS host, and the max-age states for how many seconds the browser should remember this. For an HSTS host (e.g., paypal.com), any subsequent requests assembled for an insecure connection to that host (http://paypal.com), will be rewritten to a secure request (https://paypal.com) before any network connection is opened. Optionally, the header can include a second includeSubdomains directive that tells the browser to additionally "upgrade" all subdomains of the serving host. If Firefox knows your host is an HSTS one, it will automatically establish a secure connection to your server without even trying an insecure one. This way, if I am surfing the 'net in my favorite cafe and a hacker is playing MITM with paypal.com (intercepting http requests for paypal.com and then forwarding them on to the real site), either I'll thwart the attacker by getting an encrypted connection to paypal.com immediately, or the attack will be detected by HSTS and the connection won't work at all.
You can download Firefox 4 Beta here.
Firefox 4 Beta also takes advantage of the built-in graphics hardware in Windows computers with DirectX 10 to improve graphics performance. On supported hardware, Firefox will use Direct2D by default to speed up the display of content on graphically intensive websites, giving more power to the Web. The result is web pages that use advanced, animated graphical effects to be a lot faster and more responsive.
HTTP Strict Transport Security (HSTS) is also a new security protocol in Firefox 4 Beta that allows websites to insist that Firefox always use secured connections. Firefox 4 Beta now remembers what sites use the HSTS protocol and will only connect to those sites using SSL (Secure Sockets Layer) in the future, helping to prevent "man in the middle" attacks.
Over an HTTPS connection, the server provides the Strict-Transport-Security header indicating it wants to be an HSTS host. The header's presence indicates the server's desire to be an HSTS host, and the max-age states for how many seconds the browser should remember this. For an HSTS host (e.g., paypal.com), any subsequent requests assembled for an insecure connection to that host (http://paypal.com), will be rewritten to a secure request (https://paypal.com) before any network connection is opened. Optionally, the header can include a second includeSubdomains directive that tells the browser to additionally "upgrade" all subdomains of the serving host. If Firefox knows your host is an HSTS one, it will automatically establish a secure connection to your server without even trying an insecure one. This way, if I am surfing the 'net in my favorite cafe and a hacker is playing MITM with paypal.com (intercepting http requests for paypal.com and then forwarding them on to the real site), either I'll thwart the attacker by getting an encrypted connection to paypal.com immediately, or the attack will be detected by HSTS and the connection won't work at all.
You can download Firefox 4 Beta here.