We're investigating a visual refresh of Firefox this year, this bug tracks that work.

Personally I like the look of the developer edition theme. Maybe a light version of it would look very nice and modern.

+1 for developer edition theme or something minimal like that. Dark one is great.

(In reply to Allan Gardner (:Mathnerd314) from comment #1) > I know it was an April Fool, but I'll bring up this blog post: > https://blog.mozilla.org/ux/2013/04/firefox-next-evolving-the-user-interface- > using-genetic-algorithms/. I haven't seen any comprehensive browser UI > analysis based on Fitt's Law, Hick's Law, and GOMS-CPM/CoDeIn modeling. > Optimize toolbar button sizes for task flow. Don't just put lipstick on a > pig, save a few seconds for millions of users! :) (In reply to modestdev from comment #3) > +1 for developer edition theme or something minimal like that. Dark one is > great. The developer edition themes are shipping as alternative themes in Firefox 53, see bug 1314091.

Please consider for the new default theme: * to not show the protocol or a padlock when https:// is used - encryption=neutral - (but display the protocol on all other protocols): Meta bug 1335586 (https-everything) * to show a red crossed padlock (bug 1310447) with a red text 'Not Secure' (bug 1335970) for every unencrypted protocol (http://, ftp://, ws://) * to show a green padlock without a text if DNSSEC/DANE stapling is valid (bug 672600, a MOSS project is working on it) * to show a blue padlock with a blue Name for EV certificates (but green padlock + green text if DNSSEC/DANE stapling is valid) (let EV green, as long as DNSSEC/DANE Stapling (bug 672600) is not implemented, but change it then) Thank you :)

> * to not show the protocol or a padlock when https:// is used - encryption=neutral - (but display the protocol on all other protocols): Meta bug 1335586 (https-everything) I think this is the general direction we're heading for eventually, but it's not within scope for the visual refresh. Which is good, because there are a lot of factors to consider for this decision. (It's also not necessary to do this as part of a major UI refactor, since the identity block is pretty isolated.) > * to show a red crossed padlock (bug 1310447) with a red text 'Not Secure' (bug 1335970) for every unencrypted protocol (http://, ftp://, ws://) Bug 1310447 comment 7 outlines our team's current decision on this: We will not show additional text in the URL bar, since the user will get a much more efficient insecure login warning when they try to use a login form on that page. The "Not Secure" text does not add any additional value in our opinion. We want to avoid adding unnecessary elements that clutter the URL bar (even more so with the refresh that focuses on gaining simplicity instead of adding complexity). The bug is not closed yet, because this decision could be reconsidered in the future. For now, we're not doing it. > * to show a green padlock without a text if DNSSEC/DANE stapling is valid (bug 672600, a MOSS project is working on it) > * to show a blue padlock with a blue Name for EV certificates (but green padlock + green text if DNSSEC/DANE stapling is valid) (let EV green, as long as DNSSEC/DANE Stapling (bug 672600) is not implemented, but change it then) I generally agree that DNSSEC/DANE sounds very exciting and we should probably think about how we can support it UI-wise, but really, there is a lot to consider for this and the general UI refresh will be a big project on its own. Feel free to make new bugs in the Security component for DNSSEC/DANE UI highlighting, so that we're able to discuss this separately. I do not mean to shut down your (very interesting) ideas, just to say that they're not in scope for the UI refresh and that changing the identity indicators is always a delicate topic :)

Firefox on Android needs a visual refresh too, perhaps with some Material Design and better integration with the Android system.

(In reply to uncertainquark from comment #8) > Firefox on Android needs a visual refresh too, perhaps with some Material > Design and better integration with the Android system. This has been in discussion for a matter of years. See bug 1074220

(In reply to uncertainquark from comment #8) > Firefox on Android needs a visual refresh too, perhaps with some Material > Design and better integration with the Android system. This is being worked on. No bugs filed quite yet but the goal is to have a consistent look across Firefox Browsers ( Android, iOS, Desktop )

For the complete UI rewrite for a non-XUL Firefox, please have these in mind (for your technical design decisions) to have it easy to implement in the future: * theme-color meta tag support like Chrome Mobile/Vivaldi (https://bugzilla.mozilla.org/buglist.cgi?quicksearch=theme-color) * scrollbar styles like webkit, as it wasn't possible with XUL: bug 77790 (In reply to Johann Hofmann [:johannh] from comment #7) > Feel free to make new bugs in the Security component for DNSSEC/DANE UI highlighting, so that we're able to discuss this separately. bug 1351684 with a suggestion image > I do not mean to shut down your (very interesting) ideas, just to say that > they're not in scope for the UI refresh and that changing the identity > indicators is always a delicate topic :) But please overthink currenty thoughts about showing the word "Secure" as people couldn't notice the diffence to EV certificates in thoughtless moments. People are already complaining about Letsencrypt certificates for phishing sites as Chrome shows the pseudo EV certificate owner named "Secure". HTTPS for a phishing site is technically a "Secure" connection, sure, but we shouldn't overvalue HTTPS. Even if phishing sites had DNSSEC/DANE Stapling at some time, it wouldn't be good to show the word "Secure". Firefox hasn't something like a click-to-play for javascript, so websites can't be "Secure". "Secure" could be an OV-validated certificate with OCSP Must staple and with strong Content-Security-Policy - at the moment. As you say: > We want to avoid adding unnecessary elements that clutter the URL bar

(In reply to bugzilla from comment #11) > But please overthink currenty thoughts about showing the word "Secure" as > people couldn't notice the diffence to EV certificates in thoughtless > moments. People are already complaining about Letsencrypt certificates for > phishing sites as Chrome shows the pseudo EV certificate owner named > "Secure". HTTPS for a phishing site is technically a "Secure" connection, > sure, but we shouldn't overvalue HTTPS. Even if phishing sites had > DNSSEC/DANE Stapling at some time, it wouldn't be good to show the word > "Secure". Firefox hasn't something like a click-to-play for javascript, so > websites can't be "Secure". "Secure" could be an OV-validated certificate > with OCSP Must staple and with strong Content-Security-Policy - at the > moment. You might be relieved to hear that we're not interested in showing "Secure" for HTTPS sites, mostly for the reasons that you're stating. I've seen this in some mockups that are floating around but that was early WIP and not coordinated with the security team.

(In reply to marczellm from comment #13) > Why is the visual refresh even necessary? In my user-perspective the > Australis look just stabilized like "yesterday" when bug 734326 got fixed. > Seems like bikeshedding to me. Sorry, this is a tracking bug and not a discussion platform. Please take that concern to an appropriate mailing list or user forum. Note that a significant chunk of the people involved in this are Firefox peers, so it's unlikely your arguments will be able to stop the project. We do, however, appreciate ideas and constructive feedback (but please not in this specific bug).

(In reply to Jeff Griffiths (:canuckistani) (:⚡︎) from comment #0) > We're investigating a visual refresh of Firefox this year, this bug tracks > that work. Is there a place where this is being discussed, with images?

unification/quantum: library in a tab (bug 697359) like chromium or the fancy about:preferences do. currently it's xul and webrender makes every window red if I close the library (downloads). Please evaluate a "everything in a tab or as bubble like the downloads panel" policy as part of Photon's style guide.

Sorry for bugmail spam. I'm removing recent regression bugs again, since we don't need every photon-visual bug to block this one directly. They still block this indirectly via higher-level bugs.

(In reply to Darkspirit from comment #16) > unification/quantum: library in a tab (bug 697359) like chromium or the > fancy about:preferences do. currently it's xul and webrender makes every > window red if I close the library (downloads). Please evaluate a "everything > in a tab or as bubble like the downloads panel" policy as part of Photon's > style guide. Bug 1325171 is about the Photon Theme and bug 1346488 is about Photon itself. For "everything in a tab" please look also at bug 1364703.